-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(Renovate): improve security posture of setup and other general improvements #22479
Merged
Merged
Changes from all commits
Commits
Show all changes
5 commits
Select commit
Hold shift + click to select a range
233045d
chore(Renovate): add schema for intellisense in editors
secustor c2dcfe4
chore(Renovate): use config:recommended to get community groupings an…
secustor ac08102
chore(Renovate): double concurrent PR limit to 20
secustor 0c120f4
chore(Renovate): use-bestpractices like pinning docker images
secustor d766570
prettier
secustor File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is just more curiosity on my part but why do you recommend enabling the dependency dashboard? If you have some documentation on this I'm fine with you just pointing me that way 👍
Some background, I help support the Backstage Demo site (https://github.com/backstage/demo) and often help people on the Backstage Discord server. I'm slowly working on a tutorial with some guidance on using Renovate with Backstage.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The dashboard is our main way to communicate with users. We show there ignored ( manually closed ) updates, rate limited ones ( because the concurrency limit has been reached ) and error. From there you can also can force a recreation of PRs.
https://docs.renovatebot.com/key-concepts/dashboard/
Looking forward to it! I'm working on a blog regarding Backstage and Renovate too.
See renovatebot/renovate#2958 as an example.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the links! Do you have insights on using the Dependency Dashboard (which is basically a public issue) versus using the this - https://developer.mend.io/github/backstage/backstage - which does the same things but isn't public as best as I can tell. Also, for larger projects how do you handle that the issue can get lost in all the other issues? Do you just recommend pinning it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The developer portal is as far as I know also public, an exception are the logs of Renovate runs. Be aware that I have no insight how it functions in the background as this is part of Mends setup and not of the OSS project. Therefore could be that the portal does not show everything from the issue or vice versa.
Yes, we recommend pinning the issue, but it is also possible to give it a better searchable name or specific labels for better discovery.
https://docs.renovatebot.com/configuration-options/#dependencydashboardtitle
https://docs.renovatebot.com/configuration-options/#dependencydashboardlabels
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks again for the reply, appreciate it! 🚀