earl-warren/docs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

developer: dependency management guide

Browse source
This commit is contained in:
Earl Warren 2024-04-03 10:40:14 +02:00 committed by Earl Warren
parent 6398dc14de
commit e686086717
2 changed files with 42 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
docs/developer/dependencies.md Normal file
View file

@ -0,0 +1,41 @@
---
title: Dependency management
license: 'CC-BY-SA-4.0'
---
Forgejo relies on hundreds of Free Software components and they all need to be updated on a regular basis, with appropriate tooling and methods.
# Releases
Software referenced by a release (even if such a release is the hash of a commit). They are listed in the [dependency dashboard](https://codeberg.org/forgejo/forgejo/issues/2779) which is updated by [renovate](https://github.com/renovatebot/renovate) from [the renovate.json configuration file](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/renovate.json).
Pull [requests are opened](https://codeberg.org/forgejo/forgejo/pulls?poster=165503) when an upgrade is available and the decision to merge (positive review) or not (request for change review) depends on what the upgrade offers.
- The PR contains information about the release. If it does not, it has detailed references that can be used to browse the commits in the dependency source repository and figure out what the changes are.
- The comment of the review:
- explains the decision (needed, not needed)
- explains why the change has an impact on Forgejo
- If the upgrade is needed, user visible changes must be included in the draft release notes for the upcoming release.
- Security fix and important bug fixes are backported to the stable releases.
- Set the dependency label
# Soft forks
## Permanent
- https://code.forgejo.org/forgejo/act is a set of commits on top of https://github.com/nektos/act
## Temporary
- https://code.forgejo.org/forgejo/download-artifact
- https://code.forgejo.org/forgejo/upload-artifact
# Cherry-picking
## lxc-helpers
Injects itself via [a workflow](https://code.forgejo.org/forgejo/lxc-helpers/src/branch/main/.forgejo/workflows/cascade-act.yml) in its dependencies.
## Gitea
Cherry-picked in the Forgejo codebase [on a regular basis](https://codeberg.org/forgejo/forgejo/pulls?q=week&labels=116080) using a [dedicated CLI tool](https://codeberg.org/forgejo/tools/src/branch/main/scripts/weekly-cherry-pick.sh).

1
docs/developer/index.md
View file

@ -23,6 +23,7 @@ their needs.
- [Localization](./localization/)
- [Base localization](./localization-english/)
- [Localization admin duties](./localization-admin/)
- [Dependency management](./dependencies/)
- For maintainers
- [Hardware infrastructure](./infrastructure/)
- [Release management](./release/)