Skip to content

👷 skip lockfile updates for integration apps in renovate#113

Merged
bcaudan merged 1 commit into
mainfrom
bcaudan/renovate-fix2
May 4, 2026
Merged

👷 skip lockfile updates for integration apps in renovate#113
bcaudan merged 1 commit into
mainfrom
bcaudan/renovate-fix2

Conversation

@bcaudan

@bcaudan bcaudan commented May 4, 2026

Copy link
Copy Markdown
Collaborator

Motivation

Follow-up to #112. After landing the packageManager fix, #109 surfaced two new Renovate failures:

  • forge-vite: corepack now picks the right yarn version but hangs on the interactive download confirmation prompt.
  • electron-builder-vite: yarn fails with ENOENT: ... integration-sdk.tgz because the apps depend on a build artifact (@datadog/electron-sdk: file:../../integration-sdk.tgz) that's only generated at test time by scripts/install-integration-apps.ts.

Renovate fundamentally cannot run yarn install in those directories — the file dep doesn't exist outside CI's test setup, and the committed yarn.lock is a placeholder that gets overwritten then git restored at test time anyway.

Changes

  • Add a Renovate packageRule matching e2e/integration/apps/**/package.json that sets updateLockFiles: false and lockFileMaintenance.enabled: false. Renovate will still bump dep versions in those package.json files, but won't try to invoke yarn — bypassing both observed failures.

Test instructions

Config-only change; verifies on the next scheduled Renovate run. After this lands:

  • Renovate PRs touching the integration apps should change only package.json, not yarn.lock.
  • The artifact-update warning on Renovate PRs should disappear.

Checklist

N/A, config-only

The integration apps depend on integration-sdk.tgz, a build artifact generated at test time by scripts/install-integration-apps.ts. Yarn install can never succeed there from Renovate's runner. Skipping lockfile updates and lockfile maintenance lets Renovate bump versions in package.json without invoking yarn; the committed yarn.lock files are regenerated at test time anyway.
@bcaudan bcaudan marked this pull request as ready for review May 4, 2026 09:47
@bcaudan bcaudan requested a review from a team as a code owner May 4, 2026 09:47
@bcaudan bcaudan merged commit 8e74120 into main May 4, 2026
12 of 15 checks passed
@bcaudan bcaudan deleted the bcaudan/renovate-fix2 branch May 4, 2026 09:48

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0850ef0155

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread renovate.json
{
"description": "Integration apps reference a build artifact (integration-sdk.tgz) generated at test time, so yarn install can't run here. Bump versions but skip lockfile updates; lockfiles are regenerated by scripts/install-integration-apps.ts.",
"matchFileNames": ["e2e/integration/apps/**/package.json"],
"updateLockFiles": false,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Separate integration app updates from the catch-all group

When an integration app dependency is a minor/patch update, it still inherits the earlier catch-all groupName, so it can be batched with root/app updates that do not set updateLockFiles: false (for example shared deps like electron, typescript, or @types/node). Renovate documents that package-rule artifact skipping in grouped branches is applied only if every upgrade in the group wants it, so mixed grouped PRs will still try to update lockfiles and hit the same missing integration-sdk.tgz/interactive yarn failures this rule is meant to avoid. Give these files their own group or exclude them from the catch-all before relying on this flag.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant