Implement dependency freezing
Implement Python dependency freezing, e.g.
- https://cki-project.org/docs/background/rfcs/cki-007-cki-software/
- use a constraints file and update it via renovate
For renovate, a potential way of doing that could be to
first (!1872 (merged))
- install all cki packages
- pip freeze to create a constraints file, and remove cki packages from it
- ci job that fails if dependencies are missing in the constraints file
then (#222 (closed))
- use renovate to file MRs to update this file, and run CI pipelines for verification
to be useful, this needs (!1877 (merged))
- on all pip installations, use the constraints file
- have the CI job above fail the CI pipeline
This issue can be considered fixed after the approach to software installation and updates is properly documented (documentation!483 (merged)).
Edited by Michael Hofmann