Problem/Motivation

Keeping dependencies up to date and avoiding BC breaks is challenging.

Steps to reproduce

Proposed resolution

Add a 'dependency coordination' topic.

The tasks are

  • monitor all dependencies for BC breaks
  • work with contributors to get them up to date for the next release
  • keeping PHP compatibility up to date
  • keep the testing containers up to date etc
  • special attention to CKEditor and JQuery

This idea came up in a huddle with xjm.

Remaining tasks

Remaining tasks

  1. Define
  2. Review by community
  3. Review by product management team
  4. Review by core leadership team team
  5. Create followup governance, to add the role, tag, description and such. #3563614: Add a dependency coordination topic to Drupal core
  6. Create followup core issue, to add maintainers
  7. Create followup core issue, to define the core gate. #3563613: [policy, no patch] Define core gate for 'dependency coordination' topic

User interface changes

Introduced terminology

API changes

Data model changes

Release notes snippet

Comments

quietone created an issue. See original summary.

quietone’s picture

quietone commented

I asked about the other maintainers about this in Slack, lauriii, smustgrace and phenaproxima, agreed with this change.

quietone’s picture

quietone commented
Title: Add a 'dependency coordinator' maintainer » Add a 'dependency coordinator' topic
Issue summary: View changes
Status: Active » Needs review

Catch and I thought this should be a topic maintainer, which has different requirements.

quietone’s picture

quietone commented
Title: Add a 'dependency coordinator' topic » [policy, no patch] Add a 'dependency coordinator' topic
smustgrave’s picture

smustgrave commented

+1 for the idea

For the part about working with contrib can that be expanded? Does that mean when ckeditor breaks a bunch of plugins help will be provided?

Not sure if this is already happening but early last week someone found a random npm package that was under a security advisory and was individually updated. Would this role cover those too?

smustgrave’s picture

smustgrave commented
Status: Needs review » Needs work

Moving to NW if the role could be defined more for the questions in #5

quietone’s picture

quietone commented
Issue summary: View changes
dww’s picture

dww
we/he/they
commented
Issue summary: View changes

I believe "Define" is done, right? There was a closing </del> but no opening, so I added that.
Also, a link for #3563613: [policy, no patch] Define core gate for 'dependency coordination' topic which is already open.

dww’s picture

dww
we/he/they
commented
Issue tags: +Needs issue summary update, +Needs title update

Noticed that the title and summary don't agree. Also, we don't need a topic about a coordinator, right? Sounds like this is about a 'Dependency' topic. Can we update the title and summary accordingly?

quietone’s picture

quietone commented
Title: [policy, no patch] Add a 'dependency coordinator' topic » [policy, no patch] Add a 'dependency coordination' topic
Issue summary: View changes

Better?

dww’s picture

dww
we/he/they
commented
Issue tags: -Needs issue summary update, -Needs title update

Sweet, thanks!

smustgrave’s picture

smustgrave commented

Could this be broken up in actual 2 roles?

One for frontend dependencies, ckeditor stuff, jquery, npm packages
Second for the other stuff like composer and symfony.

quietone’s picture

quietone commented
Status: Needs work » Needs review

@smustgrave, How would that separation suggested in #12 help Drupal?

We can take guidance from the description of a topic maintainer. According to governance, topic maintainers "ensure that patches improve rather than cause regressions for these topics and help educate other contributors on how to do the same in their patches". That is not changing. And as volunteers, we do want we can to help out.

Also, in #5 I think you are referring to this issue, #3566429: Update to 10.6.0 fails due to nodejs version incompatibility. In that case, longwave who raised their hand to take on the role, did the debugging necessary to find the correct fix. And they have done so on other dependency issues.

smustgrave’s picture

smustgrave commented

I made the suggestion because the backend and front end dependencies seem different enough I believe would warrant splitting the load.

Know #5 I was referring to a different ticket. I’ve actually seen 2 now where someone identified one of our npm packages had a security release

quietone’s picture

quietone commented

Yea, I get that. And it is something we can do later, once we see how this is working. And keep in mind there is a fair bit of work to create a topic. It needs issues to approve the idea, to change core governance, to create a core gate, to create new tags and to change MAINTAINERS.txt. Having one topic that covers all dependencies is easier.

Version: 11.x-dev » main

Drupal core is now using the main branch as the primary development branch. New developments and disruptive changes should now be targeted to the main branch.

Read more in the announcement.

borisson_’s picture

borisson_
Primary language Dutch
Location Mechelen, 🇧🇪
commented

I made the suggestion because the backend and front end dependencies seem different enough I believe would warrant splitting the load.

I agree there is a difference, but topics can have multiple maintainers, so adding one topic with multiple people (where some have a different focus than others) seems like a simple solution to me, this way there's not a big administrative overhead.