Summary
When cachekit-core releases a new version, downstream dependents (e.g., cachekit-py) need to update their pinned dependency. Currently this is manual.
Context
- cachekit-py pins:
cachekit-core = { version = "=0.1.0", ... }
- Exact pins prevent Dependabot from proposing updates (intentional)
- Manual update required after each cachekit-core release
Proposed Solution
Add a GitHub Action that triggers on release and opens PRs in downstream repos:
on:
release:
types: [published]
jobs:
notify-downstream:
runs-on: ubuntu-latest
steps:
- uses: peter-evans/repository-dispatch@v3
with:
token: ${{ secrets.DOWNSTREAM_PAT }}
repository: cachekit-io/cachekit-py
event-type: cachekit-core-release
client-payload: '{"version": "${{ github.event.release.tag_name }}"}'Downstream repo listens and opens PR updating the version pin.
Alternatives Considered
- Manual updates - Current approach, works fine for low release frequency
- Relax exact pin - Let Dependabot handle it (loses explicit control)
- Monorepo - Combine repos (architectural change, not worth it)
Priority
Low - Manual updates are fine for now. Nice-to-have for when release frequency increases.
Downstream Repos
Summary
When cachekit-core releases a new version, downstream dependents (e.g., cachekit-py) need to update their pinned dependency. Currently this is manual.
Context
cachekit-core = { version = "=0.1.0", ... }Proposed Solution
Add a GitHub Action that triggers on release and opens PRs in downstream repos:
Downstream repo listens and opens PR updating the version pin.
Alternatives Considered
Priority
Low - Manual updates are fine for now. Nice-to-have for when release frequency increases.
Downstream Repos
rust/Cargo.toml)