Skip to content

Commit

Permalink
docs: note how Dependabot interacts with Poetry and pip in the same r…
Browse files Browse the repository at this point in the history
…epository
  • Loading branch information
cfm committed Nov 20, 2024
1 parent adee67b commit 19977eb
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,12 @@ gpg --armor --output workstation-bootstrap/sha256sums.txt.asc --detach-sig work

Make sure that your GPG public key is stored in `pubkeys/`, so CI can verify the signatures.

> [!NOTE]
>
> Dependabot will produce duplicate alerts for `pyproject.toml`/`poetry.lock`
> and `build-requirements.txt`. Initiate the Dependabot update for the former
> first, and following this procedure will resolve it for the latter as well.
## Updating Python wheels

When adding a new production dependency to a component, new wheels will need to be built
Expand Down

0 comments on commit 19977eb

Please sign in to comment.