Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adjusted Renovate config #300

Merged
merged 2 commits into from
Feb 20, 2024
Merged

Adjusted Renovate config #300

merged 2 commits into from
Feb 20, 2024

Conversation

awanlin
Copy link
Collaborator

@awanlin awanlin commented Feb 19, 2024

Updated the Renovate config to match changes suggested by backstage/backstage#22479

@awanlin
Adjusted Renovate config
5438d98 
Signed-off-by: Andre Wanlin <awanlin@spotify.com>
@awanlin
Copy link
Collaborator Author

awanlin commented Feb 19, 2024

Hi @secustor, just applied the changes you suggested in the main Backstage repo to the Demo site. When you have time could you give these a quick look? Code base here is much smaller so I didn't change the default PR limit but I did disable :pinDigest as I worry about getting a lot of PRs from that much like the upstream Backstage repo. Trying to strike a balance between keeping things up to date but having a limited amount of time to do so.

@secustor
Copy link

Instead of dropping pinning I suggest to use automerge.
With automergeType: branch you can only surface PRs if the pipeline is failing.
From a noise level it does not make difference as you will still get updates for each of your dependencies.

The noise reduction guide is also a good read to reduce your mental load of keeping up to date.

Your packageRule can also be simplified using templating:

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": ["config:best-practices", ":gitSignOff"],
  "ignorePresets": [":pinDevDependencies", ":pinDigest"],
  "postUpdateOptions": ["yarnDedupeHighest"],
  "rangeStrategy": "update-lockfile",
  "labels": ["dependencies"],
  "packageRules": [
    {
      "matchUpdateTypes": ["major", "minor", "patch"],
      "addLabels": ["{{ updateType }}"]
    },
    {
      "matchSourceUrls": ["https://github.com/yarnpkg/berry"],
      "enabled": false
    },
    {
      "matchPackagePatterns": ["@backstage"],
      "matchManagers": ["npm"],
      "enabled": false
    }
  ],
  "osvVulnerabilityAlerts": true,
  "vulnerabilityAlerts": {
    "addLabels": ["security"],
    "enabled": true
  }
}

@awanlin
Adjustments based on feedback
c127306 
Signed-off-by: Andre Wanlin <awanlin@spotify.com>
@awanlin
Copy link
Collaborator Author

awanlin commented Feb 19, 2024

Thanks for the feedback and links @secustor! I'm not sure I'm at the place where auto merge makes sense, perhaps in the future. I did make the changes to use templating, that's nice, and I'm going to keep pinDigest so we can see what the results are like.

freben
freben approved these changes Feb 20, 2024
View reviewed changes
Copy link
Member

@freben freben left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's try!

@freben
Copy link
Member

freben commented Feb 20, 2024

@secustor i tried disabling pinning in https://github.com/backstage/backstage/blob/645e1cbda55800e28d574a0f1823dce8073611ee/.github/renovate.json5#L12 but seems it still insists on pinning at least docker things backstage/backstage#23026

@awanlin awanlin merged commit c47a3fc into backstage:master Feb 20, 2024
1 check passed
@awanlin awanlin deleted the topic/adjust-renovate-config branch February 20, 2024 14:47
@awanlin
Copy link
Collaborator Author

awanlin commented Feb 20, 2024

Thanks @freben 🚀

@secustor secustor mentioned this pull request Feb 20, 2024
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@freben freben freben approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@awanlin @secustor @freben