-
Notifications
You must be signed in to change notification settings - Fork 152
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adjusted Renovate config #300
Adjusted Renovate config #300
Conversation
Signed-off-by: Andre Wanlin <awanlin@spotify.com>
Hi @secustor, just applied the changes you suggested in the main Backstage repo to the Demo site. When you have time could you give these a quick look? Code base here is much smaller so I didn't change the default PR limit but I did disable |
Instead of dropping pinning I suggest to use The noise reduction guide is also a good read to reduce your mental load of keeping up to date. Your packageRule can also be simplified using templating: {
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["config:best-practices", ":gitSignOff"],
"ignorePresets": [":pinDevDependencies", ":pinDigest"],
"postUpdateOptions": ["yarnDedupeHighest"],
"rangeStrategy": "update-lockfile",
"labels": ["dependencies"],
"packageRules": [
{
"matchUpdateTypes": ["major", "minor", "patch"],
"addLabels": ["{{ updateType }}"]
},
{
"matchSourceUrls": ["https://github.com/yarnpkg/berry"],
"enabled": false
},
{
"matchPackagePatterns": ["@backstage"],
"matchManagers": ["npm"],
"enabled": false
}
],
"osvVulnerabilityAlerts": true,
"vulnerabilityAlerts": {
"addLabels": ["security"],
"enabled": true
}
} |
Signed-off-by: Andre Wanlin <awanlin@spotify.com>
Thanks for the feedback and links @secustor! I'm not sure I'm at the place where auto merge makes sense, perhaps in the future. I did make the changes to use templating, that's nice, and I'm going to keep |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
let's try!
@secustor i tried disabling pinning in https://github.com/backstage/backstage/blob/645e1cbda55800e28d574a0f1823dce8073611ee/.github/renovate.json5#L12 but seems it still insists on pinning at least docker things backstage/backstage#23026 |
Thanks @freben 🚀 |
Updated the Renovate config to match changes suggested by backstage/backstage#22479