Publish a document targeting maintainers explaining how they can get package changelogs auto-pulled into Dependabot #6225
Labels
E: documentation
Docs issues
F: package-metadata
The metadata that Dependabot fetched for the package
T: tech-debt ⚙️
Comments
jeffwidman
changed the title
jeffwidman
added
E: documentation
|
also document the changelog for docker that @mctofu just landed... requires maintainer to add OCI tag... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I noticed a recent Dependabot PR of a popular project is missing the
changelogandrelease notessections:This happened to be a major version bump, indicating breaking changes. While hunting down the release notes, I happened to notice that the maintainer had temp closed the issue tracker to reduce folks filing tickets because things don't work anymore:
Having the release notes / changelog front and center in the Dependabot PR's helps not only our users, but also maintainers because users are more likely to see the notes before they file a new issue. For example, contrast the above PR with this which makes it super easy to see release notes / changelog:
I was going to email the
flake8maintainer, when I realized we should really have a public doc we can link to that shows maintainers how to more easily expose their projects metadata in a way we expect.The metadata fetch process will vary by ecosystem, so ultimately we should have a few notes and then link to that ecosystem's package index doc on how to expose metadata... but I expect some package index docs don't have a doc like that, so it's an opportunity for us to work with them to create one. That will help those entire ecosystems, not just Dependabot.
The text was updated successfully, but these errors were encountered: