Description
I noticed that the IMAGE_RELEASE_VERSION seems to be automatically incremented every day. at first i thought there weren't changes in most of these daily updates, but after looking closer i realized they do include changes.
I took a closer look at Debian 12 bookworm releases 23 to 27 and found the following:
- 27 and 26: only change is "POSTGRES_IMAGE_LAST_UPDATED" timestamp
- 25 and 23: only change is version bump in
boto3&botocoredependencies inrequirements.txt - 24: only change is version bump in
urllib3dependency inrequirements.txt
i don't quite understand why we need new releases just to update the "POSTGRES_IMAGE_LAST_UPDATED" timestamp
and do i understand correctly that the whole python thing is for building Barman Cloud, which isn't even our optimal solution (ie. CNPG-I will hopefully get rid of this whole thing and let us move back to using CNPG deb packages for barman)?
it seems to me like we're basically doing a rolling release of barman where we update all the python deps every day? and the boto libs seem to especially stand out for having frequent updates, driving version number bumps of the package basically because barman keeps getting rebuilt with updated dependencies
do we really need - or even want - to be automatically rebuilding our production barman builds every day to bump dependency versions? maybe we do, i think there might be an argument for it.
but another possible approach would be to do the dependency updates on a test branch (for catching problems early) but do production updates less frequently (eg. when there is an actual new barman release, or a security fix in a dependency).
As a downstream consumer managing a fleet of CNPG deployments, personally i'd favor a bit less frequent version updates in the production releases rather than automatically pulling every single boto lib update.