-
Notifications
You must be signed in to change notification settings - Fork 252
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Configure Renovate #1896
Configure Renovate #1896
Conversation
Most changes seems to be picking up minor changes (major is currently permitted per the config). Reviewing the comments in our
|
Based on this, are we able to make it smarter or more strict for detecting nested dependencies? Failing that, are we able to exclude certain patterns? |
Given the fact we are given the ability to review each PR (and reject) and not auto-merge (good), some might cause failing test cases (also good), and we have detailed notes already in the I don't think we are at a place where we want these auto merged so until then any further restriction is a micro-optimization. Only one of the issues above would be stopped by blocking major changes and if the tests pass with major changes (note that we tell Renovate we must support Python 3.7 which is holding back the upgrade to Django 4) I don't see any issue. |
I have updated the config to not auto-open PRs against these packages but once this is merged it should open a Dependency Dashboard which will reflect these available upgrades. |
renovate.json
Outdated
"matchPackageNames": ["graphene-django-optimizer", "django-timezone-field", "django-taggit"], | ||
"dependencyDashboardApproval": true | ||
} | ||
] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we use rangeStrategy: "bump"
perhaps? https://docs.renovatebot.com/configuration-options/#rangestrategy
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🤷 Let's see.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes seem sensible. This will force update to patch releases so we'll get a PR every time a new patch release is out.
I'd truly love that level of bump to be done in our patch releases as well but we can always cherry-pick/retarget as necessary.
"packageRules": [ | ||
{ | ||
"matchPackageNames": ["graphene-django-optimizer", "django-timezone-field", "django-taggit"], | ||
"dependencyDashboardApproval": true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://docs.renovatebot.com/configuration-options/#dependencydashboardapproval
Would it be better to instead configure?
{
"major": {
"dependencyDashboardApproval": true
}
}
Is there an instance of the "dependency dashboard" in one of our other repos that I can see as an example?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That setting would require manually triggering a PR for every major dependency update which may often not be an issue. As said above that would only hold back the taggit update because it was the only one to cause issues on a major release boundary.
I don't know any repo in any of the orgs that runs renovate dashboard, but an example of what it maintains is here: renovatebot/renovate#2958
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's give it a try, I suppose. :-)
Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.
🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.
Detected Package Files
nautobot/docs/requirements.txt
(pip_requirements)pyproject.toml
(poetry)Configuration
🔡 Renovate has detected a custom config for this PR. Feel free to ask for help if you have any doubts and would like it reviewed.
Important: Now that this branch is edited, Renovate can't rebase it from the base branch any more. If you make changes to the base branch that could impact this onboarding PR, please merge them manually.
You have configured Renovate to use branch
next
as base branch.What to Expect
With your current configuration, Renovate will create 24 Pull Requests:
Update dependency Markdown to ~3.3.7
renovate/markdown-3.x
next
~3.3.7
Update dependency MarkupSafe to ~2.1.1
renovate/markupsafe-2.x
next
~2.1.1
Update dependency celery to ~5.2.7
renovate/celery-5.x
next
~5.2.7
Update dependency django-jinja to ~2.10.2
renovate/django-jinja-2.x
next
~2.10.2
Update dependency svgwrite to ~1.4.2
renovate/svgwrite-1.x
next
~1.4.2
Update dependency Jinja2 to v3.1.2
renovate/jinja2-3.x
next
~3.1.2
==3.1.2
Update dependency Pillow to ~9.1.1
renovate/pillow-9.x
next
~9.1.1
Update dependency coverage to ~6.4.1
renovate/coverage-6.x
next
~6.4.1
Update dependency django-auth-ldap to ~4.1.0
renovate/django-auth-ldap-4.x
next
~4.1.0
Update dependency django-celery-beat to ~2.3.0
renovate/django-celery-beat-2.x
next
~2.3.0
Update dependency django-constance to ~2.9.0
renovate/django-constance-2.x
next
~2.9.0
Update dependency django-cors-headers to ~3.13.0
renovate/django-cors-headers-3.x
next
~3.13.0
Update dependency django-debug-toolbar to ~3.4.0
renovate/django-debug-toolbar-3.x
next
~3.4.0
Update dependency django-timezone-field to ~4.2.3
renovate/django-timezone-field-4.x
next
~4.2.3
Update dependency graphene-django-optimizer to ~0.9.1
renovate/graphene-django-optimizer-0.x
next
~0.9.1
Update dependency importlib-metadata to ~4.11
renovate/importlib-metadata-4.x
next
~4.11
Update dependency invoke to ~1.7.1
renovate/invoke-1.x
next
~1.7.1
Update dependency jsonschema to ~4.6.0
renovate/jsonschema-4.x
next
~4.6.0
Update dependency mkdocs-include-markdown-plugin to v3.5.2
renovate/mkdocs-include-markdown-plugin-3.x
next
~3.5.2
==3.5.2
Update dependency napalm to ~3.4.1
renovate/napalm-3.x
next
~3.4.1
Update dependency selenium to ~4.2.0
renovate/selenium-4.x
next
~4.2.0
Update dependency social-auth-core to ~4.3.0
renovate/social-auth-core-4.x
next
~4.3.0
Update dependency splinter to ~0.18.0
renovate/splinter-0.x
next
~0.18.0
Update dependency django-taggit to v3
renovate/django-taggit-3.x
next
~3.0.0
🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or spam the project. See docs for
prhourlylimit
for details.❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.
This PR has been generated by Mend Renovate. View repository job log here.