Merge pull request #896 from GSA/fix-deps

Update more dependencies and fix notifications-utils
GSA · Nov 1, 2023 · 4a98080 · 4a98080
2 parents fb3c9f4 + 09c4dd2
commit 4a98080
Show file tree

Hide file tree

Showing 4 changed files with 265 additions and 132 deletions.
diff --git a/Makefile b/Makefile
@@ -15,7 +15,7 @@ NVMSH := $(shell [ -f "$(HOME)/.nvm/nvm.sh" ] && echo "$(HOME)/.nvm/nvm.sh" || e
 
 .PHONY: bootstrap
 bootstrap: generate-version-file ## Set up everything to run the app
-	poetry install
+	poetry install --sync
 	poetry run playwright install --with-deps
 	source $(NVMSH) --no-use && nvm install && npm ci --no-audit
 	source $(NVMSH) && npm run build
@@ -95,6 +95,14 @@ fix-imports: ## Fix imports using isort
 .PHONY: py-lock
 py-lock: ## Syncs dependencies and updates lock file without performing recursive internal updates
 	poetry lock --no-update
+	poetry install --sync
+
+.PHONY: update-utils
+update-utils: ## Forces Poetry to pull the latest changes from the notifications-utils repo; requires that you commit the changes to poetry.lock!
+	poetry update notifications-utils
+	@echo
+	@echo !!! PLEASE MAKE SURE TO COMMIT AND PUSH THE UPDATED poetry.lock FILE !!!
+	@echo
 
 .PHONY: freeze-requirements
 freeze-requirements: ## create static requirements.txt
@@ -105,7 +113,7 @@ pip-audit:
 	poetry requirements > requirements.txt
 	poetry requirements --dev > requirements_for_test.txt
 	poetry run pip-audit -r requirements.txt
-	-poetry run pip-audit -r requirements_for_test.txt
+	poetry run pip-audit -r requirements_for_test.txt
 
 .PHONY: audit
 audit: npm-audit pip-audit

diff --git a/README.md b/README.md
@@ -102,6 +102,23 @@ In either situation, once you are finished and have verified the dependency
 changes are working, please be sure to commit both the `pyproject.toml` and
 `poetry.lock` files.
 
+### Keeping the notification-utils dependency up-to-date
+
+The `notifications-utils` dependency references the other repository we have at
+https://github.com/GSA/notifications-utils - this dependency requires a bit of
+extra legwork to ensure it stays up-to-date.
+
+Whenever a PR is merged in the `notifications-utils` repository, we need to make
+sure the changes are pulled in here and committed to this repository as well.
+You can do this by going through these steps:
+
+- Make sure your local `main` branch is up-to-date
+- Create a new branch to work in
+- Run `make update-utils`
+- Commit the updated `poetry.lock` file and push the changes
+- Make a new PR with the change
+- Have the PR get reviewed and merged
+
 ## To test the application
 
 From a terminal within the running devcontainer: