👷 skip lockfile updates for integration apps in renovate#113
Conversation
The integration apps depend on integration-sdk.tgz, a build artifact generated at test time by scripts/install-integration-apps.ts. Yarn install can never succeed there from Renovate's runner. Skipping lockfile updates and lockfile maintenance lets Renovate bump versions in package.json without invoking yarn; the committed yarn.lock files are regenerated at test time anyway.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 0850ef0155
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| { | ||
| "description": "Integration apps reference a build artifact (integration-sdk.tgz) generated at test time, so yarn install can't run here. Bump versions but skip lockfile updates; lockfiles are regenerated by scripts/install-integration-apps.ts.", | ||
| "matchFileNames": ["e2e/integration/apps/**/package.json"], | ||
| "updateLockFiles": false, |
There was a problem hiding this comment.
Separate integration app updates from the catch-all group
When an integration app dependency is a minor/patch update, it still inherits the earlier catch-all groupName, so it can be batched with root/app updates that do not set updateLockFiles: false (for example shared deps like electron, typescript, or @types/node). Renovate documents that package-rule artifact skipping in grouped branches is applied only if every upgrade in the group wants it, so mixed grouped PRs will still try to update lockfiles and hit the same missing integration-sdk.tgz/interactive yarn failures this rule is meant to avoid. Give these files their own group or exclude them from the catch-all before relying on this flag.
Useful? React with 👍 / 👎.
Motivation
Follow-up to #112. After landing the
packageManagerfix, #109 surfaced two new Renovate failures:forge-vite: corepack now picks the right yarn version but hangs on the interactive download confirmation prompt.electron-builder-vite: yarn fails withENOENT: ... integration-sdk.tgzbecause the apps depend on a build artifact (@datadog/electron-sdk: file:../../integration-sdk.tgz) that's only generated at test time byscripts/install-integration-apps.ts.Renovate fundamentally cannot run
yarn installin those directories — the file dep doesn't exist outside CI's test setup, and the committedyarn.lockis a placeholder that gets overwritten thengit restored at test time anyway.Changes
packageRulematchinge2e/integration/apps/**/package.jsonthat setsupdateLockFiles: falseandlockFileMaintenance.enabled: false. Renovate will still bump dep versions in thosepackage.jsonfiles, but won't try to invoke yarn — bypassing both observed failures.Test instructions
Config-only change; verifies on the next scheduled Renovate run. After this lands:
package.json, notyarn.lock.Checklist
N/A, config-only