Deprecate Content Publisher #3287
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updating Rails and govuk_publishing_components can be particularly onerous. A recent release of govuk_publishing_components v40+ (updating apps to govuk-frontend v5) required updating a number of files, which has proven complex enough for Content Publisher that it was split out of the general card and given its own card. At time of writing, there are four open Dependabot PRs for Content Publisher for ruby, all with failing tests. We believe the risk of changing the dependabot policy for these repos is low. If there were a security risk with a dependency, and if applying it was made more difficult due to us having fallen too far behind, we could either persevere with the patching, or use it as impetus to prioritise retiring the app, or temporarily take the app offline. In any case, usage is so negligible that publisher activity is unlikely to be affected. Disabling non-security updates as per: https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates > If you only require security updates and want to exclude version updates, you can set open-pull-requests-limit to 0 in order to prevent version updates for a given package-ecosystem. Trello: https://trello.com/c/kpf7rWEq/2979-change-dependabot-configs-for-content-publisher-and-maslow
lauraghiorghisor-tw
approved these changes
Oct 17, 2024
This was referenced Oct 17, 2024
ChrisBAshton
added a commit
to alphagov/govuk_admin_template
that referenced
this pull request
Nov 15, 2024
As done in alphagov/content-publisher#3287 and alphagov/maslow#1293, we want to disable Dependabot PRs for this deprecated repo.
This was referenced Nov 15, 2024
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We're going to reduce the amount of time we spend maintaining this app. See commits for details.
Trello 1: https://trello.com/c/kpf7rWEq/2979-change-dependabot-configs-for-content-publisher-and-maslow
Trello 2: https://trello.com/c/SfO3TzQ3/3017-add-deprecated-notice-to-the-readmes-of-content-publisher-and-maslow
Follow these steps if you are doing a Rails upgrade.