Publish a document targeting maintainers explaining how they can get package changelogs auto-pulled into Dependabot #6225
Labels
E: documentation
Docs issues
F: package-metadata
The metadata that Dependabot fetched for the package
T: tech-debt ⚙️
I noticed a recent Dependabot PR of a popular project is missing the
changelog
andrelease notes
sections:This happened to be a major version bump, indicating breaking changes. While hunting down the release notes, I happened to notice that the maintainer had temp closed the issue tracker to reduce folks filing tickets because things don't work anymore:
Having the release notes / changelog front and center in the Dependabot PR's helps not only our users, but also maintainers because users are more likely to see the notes before they file a new issue. For example, contrast the above PR with this which makes it super easy to see release notes / changelog:
I was going to email the
flake8
maintainer, when I realized we should really have a public doc we can link to that shows maintainers how to more easily expose their projects metadata in a way we expect.The metadata fetch process will vary by ecosystem, so ultimately we should have a few notes and then link to that ecosystem's package index doc on how to expose metadata... but I expect some package index docs don't have a doc like that, so it's an opportunity for us to work with them to create one. That will help those entire ecosystems, not just Dependabot.
The text was updated successfully, but these errors were encountered: