Trigger for requirements related management #165
Comments
|
@brownsarahm @Shine226 When developing wiggum, if you need to install a new package have you been relying on the requirements.txt file? |
|
I fixed the current security issue in commit 51d14b3 . I can add an action to update requirements and Pipfile when we establish a workflow. |
|
I use the requirements.txt. And, I've seen more success with the automatic PRs for security issues updating that file than the other two. (which I don't understand, but have experienced repeatedly. |
|
The Pipfile.lock generated diffs so I have to run a `pipenv lock`` when changing version. If the lock file wasn't versioned security updateds would probably be automatic. I don't think we need the lock unless there are strict version requirements or security concerns for Wiggum. One solution is to remove it. |
Removed the Pipfile.lock because it isnt needed. This Address Issue #165
|
This was solved by removing the Pipfie.lock. Closed |
|
Do the pipfile and docker containers update automatically? |
|
The Pipfile should auto repair security updates. The The Pipfile does need to be sync with the requirements.txt when new dependencies are added. The Dockerfile just specifies an install based on whatever is in the current wiggum. At this point we could remove the Pipfile and only use the requirements.txt. |
can we fix the pipfile, pipfile.lock and docker fiels so that we don't have to update so many separate places for security (and there's fewer separate copies of the notification) like could those be auto generated by travis from the requirements.txt maybe?
while working on this, can possibly address #163 as well
The text was updated successfully, but these errors were encountered: