All notable changes to mobu will be documented in this file.
Versioning follows semver.
Dependencies are updated to the latest available version during each release. Those changes are not noted here explicitly.
This project uses scriv to maintain the change log. Changes for the upcoming release can be found in changelog.d.
- Pin Pydantic to version 1.x for now. neophile will require changes to work properly with Pydantic 2.x, which will be done after Safir adds support for it.
- The
NEOPHILE_COMMIT_NAME
environment variable is no longer supported. Instead,NEOPHILE_USERNAME
configures the GitHub username of the running instantiation of neophile, used as both the name for Git commits and to construct the email address unlessNEOPHILE_COMMIT_EMAIL
is given.NEOPHILE_USERNAME
defaults toneophile-square[bot]
, the instantiation of neophile for the lsst-sqre organization.
- Setting
NEOPHILE_COMMIT_EMAIL
is now optional. If not set, the UID of the GitHub user fromNEOPHILE_USERNAME
is retrieved from the GitHub API and used to form a standard GitHub no-replay email address.
- Use the GitHub App installation token when pushing Git changes in preparation for creating a PR rather than using the default GitHub Actions token. If the branch was pushed with the GitHub Actions token, further GitHub Actions refuse to run on that branch to avoid creating a loop, but we need GitHub Actions to run so that the dependency update PR can be automerged.
- neophile is now intended to be run either via GitHub Actions or on a local checkout, and never as a Kubernetes service. The
neophile process
command, the configuration specific to that command (work area, lists of repositories), and support for running inside a virtualenv have been removed. - When creating PRs, neophile now must be configured as a GitHub App with a suitable application ID and private key in environment variables.
- neophile no longer provides Docker images and instead is now a conventional Python package installable from PyPI.
- Support for Helm and Kustomize dependency checking and updating has been removed, along with the configuration options for Helm chart caching and version patterns in Helm charts. Mend Renovate and Dependabot support Helm and Kustomize dependency checking with more features, and we haven't used this support in several years.
- Add a new
neophile update
command that updates known dependencies in the provided tree and (if the--pr
flag is given) creates a GitHub pull request. This replaces the--update
and--pr
flags toneophile analyze
. - When creating PRs, neophile no longer embeds the GitHub username and token in the remote URL. It instead uses the existing
origin
remote and assumes Git operations are already authenticated. - Name and email address are now used only for Git commits, so the names of the environment variables to set them have changed accordingly to
NEOPHILE_COMMIT_NAME
andNEOPHILE_COMMIT_EMAIL
.
- Add a new
neophile check
command that checks to see if all dependencies are up-to-date and exits with a non-zero status and messages to standard error if they are not. This is intended for use as a GitHub Actions check. - The types of dependencies to analyze may now be specified as command-line arguments to
neophile analyze
(and the newneophile check
andneophile update
commands). The default continues to be to analyze all known dependencies.
neophile analyze
now prints nothing if no pending updates were found, and omits dependency types with no pending updates from its output.
- neophile now uses the Ruff linter instead of flake8 and isort.
- The neophile change log is now maintained using scriv.
- neophile no longer creates a separate remote for pusing PRs and instead uses the
origin
remote directly.
- Drop support for Python 3.10.
packaging.version
has dropped support for arbitrary legacy version numbers, so neophile also no longer supports them.
- Drop support for Python 3.9.
- Fix type of
pullRequestId
when enabling auto-merge.
- Fix enabling of auto-merge after creating a new PR.
- Warn of errors if auto-merge could not be enabled but do not fail.
- Attempt to set auto-merge on pull requests after they're created. Failure to do so is silently ignored.
- Catch
BadRequest
errors from a GitHub repository inventory request. - Support updating pull requests for the
main
branch instead ofmaster
if it is present.
- Use the repository default branch to construct and query for PRs. This works properly with newer or converted GitHub repositories that use
main
instead ofmaster
as the default branch.
- Update pinned dependencies.
- Require Python 3.9.
- Add support for full GitHub URLs in Kustomize external references.
- Add libpq-dev to the Docker image so that dependency updates work properly with packages using psycopg2.
The initial release of neophile. Supports analyze
to run on a single repository and process
to process multiple configured repositories. This release supports frozen Python dependencies, pre-commit hooks, Helm charts, and Kustomize external references. Only GitHub is supported for pre-commit hooks and Kustomize external references.