Freezing Dependency Versions on Library Release

[AndrewSazonov]

Rollout: Hard Freeze workflows across EasyScience repositories

As decided in ADR #35, we are adopting strict version pinning at release time (Hard Freeze) across all Python libraries in the EasyScience organization.

To implement this, we need to extend our org-wide GitHub workflow templates with the following:

Workflows to implement

• Auto PR from master to develop after release

  • Triggered on new tag
  • Creates a PR that unpins dependencies in pyproject.toml for development

• Block PRs created from master

  • Prevents incorrect branching
  • Could be combined with existing label-checking workflow

• Pin dependencies before merging to master

  • Ensures all packages in pyproject.toml are locked to tested versions for release

Tasks

• Add these workflows to easyscience/.github template repo
  • Auto PR from master to develop
  • Block PRs created from master
  • Pin dependencies before merging to master
• Roll them out to applicable repositories:
  • organization
  • corelib
  • crystallography
  • guilib
  • diffraction-lib
  • diffraction-app
  • (add more as needed)