How to handle breaking changes #910
Replies: 3 comments 1 reply
-
There's a wider problem to solve here regarding how we bump library dependencies. Whilst some repositories have Dependabot configured, it's PRs don't always get reviewed/merged. We can commit to releasing fewer breaking changes as adoption increases, however we want to be sure that patch and minor updates get adopted early and regularly. There is much less risk in "blindly" merging in Dependabot's PRs for patch or minor updates of |
Beta Was this translation helpful? Give feedback.
-
👍🏽 There will always be some breaking changes, such as when updating the version of AWS CDK being used or as best practice or InfoSec requires evolve (e.g. the Wazuh programme). I suspect/hope as adoption increases and the shape of the library reaches maturity, the rate of breaking changes will naturally slow. |
Beta Was this translation helpful? Give feedback.
-
https://docs.aws.amazon.com/cdk/latest/guide/work-with-cdk-v2.html is an interesting read here re upcoming v2 of the AWS CDK library. Some things to note:
In general, the care they are taking to avoid breaking things is significant. Obviously, we don't need to be as thorough but still food for thought. |
Beta Was this translation helpful? Give feedback.
-
(Migrated from #909.)
As more people use the library and things mature, we'll want to become more cautious to introduce breaking changes. SemVer is great, but it's not much use if we continue to release breaking changes at a high cadence.
So how do we handle this?
I'm particularly keen to discuss changes to the APIs we expose, rather than the underlying snapshots that are produced here, although the latter is important too.
Why is this important?
There are some implications of this:
@SiAdcock has kindly shared the Source approach below, and there are some points to note:
Notes from @SiAdcock on how Source do it:
*Hi Nic!
Breaking changes entail a major version bump, which is a Big Thing in Source. This might happen twice a year.
We tend to avoid making breaking changes for as long as possible. Eventually we need to do it, but usually as part of a larger milestone (e.g. consolidating a bunch of packages into one package, upgrading peerDependencies). We could and often do throw in some "extra" (smaller) breaking changes at the same time, but we're keen to not create a huge burden for teams to upgrade.
We always write a migration guide, but for the most recent major version bump (v4) we also created ESLint plugins that you can install into your project and add to your .eslintrc. Running eslint with the --fix flag automatically "fixes" things that have changed in a breaking way.
https://github.com/guardian/source/tree/main/packages/%40guardian/eslint-plugin-source-react-components
We also have a dashboard that tracks the versions of Source that are being used across all Guardian products. This informs us on how teams are managing upgrades, and can feed into discussions around the cadence of new major releases, whether teams need more helping upgrading and whether we can de-support older versions
https://metrics.gutools.co.uk/d/-RNkA4jMz/devx-source-usage?orgId=1
These discussions are informal at the moment, but we could put in more formal rules to drive these decisions now that we have tracking in place.*
Beta Was this translation helpful? Give feedback.
All reactions