Provide tools to help users manage dependency versions

Problem to solve

Provide tools to help users manage dependency versions of their packages when used inside projects.

Intended users

• Delaney (Development Team Lead)
• Sasha (Software Developer)
• Devon (DevOps Engineer)

Further details

This is a problem we're experiencing: gitlab-org/frontend/rfcs#21 (closed)

I suspect a lot of our users are in similar scenarios, so I think it would be useful to think of ways we could help users, especially when using the GitLab package registry.

Could we link the publishing of a new package version as an event that a project could listen to?

Proposal

When a new version of a package is published, inside the project could we:

1. Automatically create an MR that includes the package version increment

2. Assigns the MR to maintainers (or some other nominated user)

3. Triggers the pipelines on the project to run with the new dependency version

4. (Optionally) merges automatically if pipelines are green

There's some considerations to this:

• The user will need to be able to control parts of this process (e.g. automatic merges, nominated users, which packages, etc)
• How do we allow the user to enable and configure this functionality? In settings, a new file in the repo, other?
• Is it feasible to extend this to projects not hosted in the GitLab package registry?
• Allow the process to be halted or change depending on the version increment. For example, if the a new major version is released, you might not want this to be automatically update