gitea/renovate-config
10
4
Fork 4
Code Issues 1 Pull Requests Actions Wiki Activity

Provide reusable presets for the most common dependency types in Gitea projects #97

Merged
lunny merged 5 commits from justusbunsi/renovate-config:reusable-presets into main 2023-12-26 03:11:39 +00:00
Conversation 1 Commits 5 Files Changed 5 +138
justusbunsi commented 2023-12-21 14:57:17 +00:00
Member
Copy Link

Renovate by default doesn't group dependencies. This is to achieve fine-grained changes. However, it can also be the root cause for maintainers getting flooded with notifications.
With regards to Renovate noise reduction and related to #93, one of the most powerful ways is grouping related dependencies into a single Pull Request.

This introduces the following reusable presets:

Combining those presets with proper Pull Request scheduling, they can help finding a good workflow to keep up-to-date.

A heads-up about possible downsides of dependency grouping. If a group contains an update that is not possible, one has to either:

  • manually adjust the Pull Request to not include that package update
  • manually adjust the repository renovate.json5 to ignore a specific package version
Renovate by default doesn't group dependencies. This is to achieve fine-grained changes. However, it can also be the root cause for maintainers getting flooded with notifications. With regards to Renovate [noise reduction](https://docs.renovatebot.com/noise-reduction/) and related to #93, one of the most powerful ways is grouping related dependencies into a single Pull Request. This introduces the following reusable presets: - Golang dependencies - NPM dependencies - Workflow/Actions dependencies - Security fixes (depends on an experimental feature: https://github.com/renovatebot/renovate/discussions/20542) Combining those presets with proper Pull Request scheduling, they can help finding a good workflow to keep up-to-date. --- A heads-up about possible downsides of dependency grouping. If a group contains an update that is not possible, one has to either: - manually adjust the Pull Request to not include that package update - manually adjust the repository `renovate.json5` to ignore a specific package version
justusbunsi added 4 commits 2023-12-21 14:57:18 +00:00 
Signed-off-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Signed-off-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Signed-off-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Signed-off-by: justusbunsi <sk.bunsenbrenner@gmail.com>
justusbunsi added 1 commit 2023-12-21 16:01:18 +00:00 
Signed-off-by: justusbunsi <sk.bunsenbrenner@gmail.com>
justusbunsi commented 2023-12-21 16:06:44 +00:00
Author
Member
Copy Link
Attached, a screenshot of a security vulnerability Pull Request with full expanded details.

renovate-security-vulnerability-pr

<details> <summary>Attached, a screenshot of a security vulnerability Pull Request with full expanded details.</summary> ![renovate-security-vulnerability-pr](/attachments/2e8ba9d2-9548-4f6a-97ba-a30a6acaba81) </details>
renovate-security-vulnerability-pr.png
669 KiB
justusbunsi requested review from lunny 2023-12-21 16:16:25 +00:00
justusbunsi requested review from wolfogre 2023-12-21 16:16:26 +00:00
wolfogre approved these changes 2023-12-25 01:48:21 +00:00
lunny merged commit 1d063082f2 into main 2023-12-26 03:11:39 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
lunny
wolfogre
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: gitea/renovate-config#97
No description provided.
Delete Branch "justusbunsi/renovate-config:reusable-presets"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?