Configure Renovate #1896
Configure Renovate #1896
Conversation
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
|
Most changes seems to be picking up minor changes (major is currently permitted per the config). Reviewing the comments in our
|
Based on this, are we able to make it smarter or more strict for detecting nested dependencies? Failing that, are we able to exclude certain patterns? |
Given the fact we are given the ability to review each PR (and reject) and not auto-merge (good), some might cause failing test cases (also good), and we have detailed notes already in the I don't think we are at a place where we want these auto merged so until then any further restriction is a micro-optimization. Only one of the issues above would be stopped by blocking major changes and if the tests pass with major changes (note that we tell Renovate we must support Python 3.7 which is holding back the upgrade to Django 4) I don't see any issue. |
I have updated the config to not auto-open PRs against these packages but once this is merged it should open a Dependency Dashboard which will reflect these available upgrades. |
renovate.json
Outdated
| "matchPackageNames": ["graphene-django-optimizer", "django-timezone-field", "django-taggit"], | ||
| "dependencyDashboardApproval": true | ||
| } | ||
| ] |
There was a problem hiding this comment.
Should we use rangeStrategy: "bump" perhaps? https://docs.renovatebot.com/configuration-options/#rangestrategy
There was a problem hiding this comment.
Changes seem sensible. This will force update to patch releases so we'll get a PR every time a new patch release is out.
I'd truly love that level of bump to be done in our patch releases as well but we can always cherry-pick/retarget as necessary.
| "packageRules": [ | ||
| { | ||
| "matchPackageNames": ["graphene-django-optimizer", "django-timezone-field", "django-taggit"], | ||
| "dependencyDashboardApproval": true |
There was a problem hiding this comment.
https://docs.renovatebot.com/configuration-options/#dependencydashboardapproval
Would it be better to instead configure?
{
"major": {
"dependencyDashboardApproval": true
}
}Is there an instance of the "dependency dashboard" in one of our other repos that I can see as an example?
There was a problem hiding this comment.
That setting would require manually triggering a PR for every major dependency update which may often not be an issue. As said above that would only hold back the taggit update because it was the only one to cause issues on a major release boundary.
I don't know any repo in any of the orgs that runs renovate dashboard, but an example of what it maintains is here: renovatebot/renovate#2958
Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.
🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.
Detected Package Files
nautobot/docs/requirements.txt(pip_requirements)pyproject.toml(poetry)Configuration
🔡 Renovate has detected a custom config for this PR. Feel free to ask for help if you have any doubts and would like it reviewed.
Important: Now that this branch is edited, Renovate can't rebase it from the base branch any more. If you make changes to the base branch that could impact this onboarding PR, please merge them manually.
You have configured Renovate to use branch
nextas base branch.What to Expect
With your current configuration, Renovate will create 24 Pull Requests:
Update dependency Markdown to ~3.3.7
renovate/markdown-3.xnext~3.3.7Update dependency MarkupSafe to ~2.1.1
renovate/markupsafe-2.xnext~2.1.1Update dependency celery to ~5.2.7
renovate/celery-5.xnext~5.2.7Update dependency django-jinja to ~2.10.2
renovate/django-jinja-2.xnext~2.10.2Update dependency svgwrite to ~1.4.2
renovate/svgwrite-1.xnext~1.4.2Update dependency Jinja2 to v3.1.2
renovate/jinja2-3.xnext~3.1.2==3.1.2Update dependency Pillow to ~9.1.1
renovate/pillow-9.xnext~9.1.1Update dependency coverage to ~6.4.1
renovate/coverage-6.xnext~6.4.1Update dependency django-auth-ldap to ~4.1.0
renovate/django-auth-ldap-4.xnext~4.1.0Update dependency django-celery-beat to ~2.3.0
renovate/django-celery-beat-2.xnext~2.3.0Update dependency django-constance to ~2.9.0
renovate/django-constance-2.xnext~2.9.0Update dependency django-cors-headers to ~3.13.0
renovate/django-cors-headers-3.xnext~3.13.0Update dependency django-debug-toolbar to ~3.4.0
renovate/django-debug-toolbar-3.xnext~3.4.0Update dependency django-timezone-field to ~4.2.3
renovate/django-timezone-field-4.xnext~4.2.3Update dependency graphene-django-optimizer to ~0.9.1
renovate/graphene-django-optimizer-0.xnext~0.9.1Update dependency importlib-metadata to ~4.11
renovate/importlib-metadata-4.xnext~4.11Update dependency invoke to ~1.7.1
renovate/invoke-1.xnext~1.7.1Update dependency jsonschema to ~4.6.0
renovate/jsonschema-4.xnext~4.6.0Update dependency mkdocs-include-markdown-plugin to v3.5.2
renovate/mkdocs-include-markdown-plugin-3.xnext~3.5.2==3.5.2Update dependency napalm to ~3.4.1
renovate/napalm-3.xnext~3.4.1Update dependency selenium to ~4.2.0
renovate/selenium-4.xnext~4.2.0Update dependency social-auth-core to ~4.3.0
renovate/social-auth-core-4.xnext~4.3.0Update dependency splinter to ~0.18.0
renovate/splinter-0.xnext~0.18.0Update dependency django-taggit to v3
renovate/django-taggit-3.xnext~3.0.0🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or spam the project. See docs for
prhourlylimitfor details.❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.
This PR has been generated by Mend Renovate. View repository job log here.