Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure Renovate #1896

Merged
merged 10 commits into from
Jun 17, 2022
Merged

Configure Renovate #1896

Changes from 9 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
3bd0bf2
Add renovate.json
renovate-bot Jun 16, 2022
3691b2b
Target only next branch
bryanculver Jun 16, 2022
aae758b
Constrain managers
bryanculver Jun 16, 2022
f68fd3f
Config typo
bryanculver Jun 16, 2022
017ed46
Disable major updates
bryanculver Jun 16, 2022
e6caa8d
Allow major, use constraints for Python version.
bryanculver Jun 16, 2022
7de11e0
Invalid JSON
bryanculver Jun 16, 2022
a1cdb7a
Don't auto PR known pinned dependencies.
bryanculver Jun 16, 2022
b26e21a
Names not patterns
bryanculver Jun 16, 2022
a6b087b
Bump it up.
bryanculver Jun 16, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
16 changes: 16 additions & 0 deletions renovate.json
View file
Open in desktop
@@ -0,0 +1,16 @@
{
"baseBranches": ["next"],
"constraints": {
"python": "3.7"
},
"enabledManagers": ["pip_requirements", "poetry"],
"extends": [
"config:base"
],
"packageRules": [
{
"matchPackageNames": ["graphene-django-optimizer", "django-timezone-field", "django-taggit"],
"dependencyDashboardApproval": true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://docs.renovatebot.com/configuration-options/#dependencydashboardapproval
Would it be better to instead configure?

{
  "major": {
    "dependencyDashboardApproval": true
  }
}

Is there an instance of the "dependency dashboard" in one of our other repos that I can see as an example?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That setting would require manually triggering a PR for every major dependency update which may often not be an issue. As said above that would only hold back the taggit update because it was the only one to cause issues on a major release boundary.

I don't know any repo in any of the orgs that runs renovate dashboard, but an example of what it maintains is here: renovatebot/renovate#2958

}
]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we use rangeStrategy: "bump" perhaps? https://docs.renovatebot.com/configuration-options/#rangestrategy

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤷 Let's see.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes seem sensible. This will force update to patch releases so we'll get a PR every time a new patch release is out.

I'd truly love that level of bump to be done in our patch releases as well but we can always cherry-pick/retarget as necessary.

}