This guide explains the tasks and responsibilities of maintainers.
Please read the Development guide.
Keeping dependencies up-to-date
Bank-Vaults uses Dependabot to automate dependency upgrades. Dependabot opens pull requests in each repository for every dependency upgrade.
Maintainers should regularly review and merge these pull requests as a measurement to secure the software supply chain.
Dependency upgrades are automatically added to this project board.
In addition to keeping project dependencies up-to-date, the development environment needs to be updated from time to time.
This is currently a manual process:
nix flake updatein the project repo
versionsto see current versions of relevant dependencies
- Update versions in the
Makefileto reflect the output of the previous command
- Commit and push changes
Reviewing community contributions
As an Open Source project, Bank-Vaults often gets contributions from the community. Community contributions do not have to go through our normal development process since we basically only need to review and accept/reject the changes.
Therefore, community contributions are added to a separate project board. Whenever someone outside of the maintainers submits a pull request, add that PR to the project board and adjust its status as appropriate.