Simplify dependency management
BohoCode opened this issue · comments
Story
As a developer I would like a way to more quickly manage dependencies so that code changes in low level libs such as the eidas-psd2-cert lib can be propagated quickly across all of our micro-service.
I believe the simplest way to manage low-level libraries is to treat them as external libraries that we leverage. This will mean we will manage them in the same manner as most of our dependencies. To reduce burden on managing version we should:
- Have a clear separation between the "sandbox" code and "toolkit" libraries
- Manage the versions of these low-level libs using dependency management in the starter parent
- Do no use starter parent in the "sandbox" for dependency management
- Enable dependabot auto merging to all toolkit repositories, sandboxes, low-level libraries
- Trust unit-tests, integration tests (and improve) for dependabot auto-merging
- Have a gated approach to merging dependencies in starter parent
- Trust E2E tests (and improve) to ensure sandbox isn't broken by dependabot auto-merging