Provide reusable presets for the most common dependency types in Gitea projects #97

Merged
lunny merged 5 commits from justusbunsi/renovate-config:reusable-presets into main 2023-12-26 03:11:39 +00:00
Member

Renovate by default doesn't group dependencies. This is to achieve fine-grained changes. However, it can also be the root cause for maintainers getting flooded with notifications.
With regards to Renovate noise reduction and related to #93, one of the most powerful ways is grouping related dependencies into a single Pull Request.

This introduces the following reusable presets:

Combining those presets with proper Pull Request scheduling, they can help finding a good workflow to keep up-to-date.


A heads-up about possible downsides of dependency grouping. If a group contains an update that is not possible, one has to either:

  • manually adjust the Pull Request to not include that package update
  • manually adjust the repository renovate.json5 to ignore a specific package version
Renovate by default doesn't group dependencies. This is to achieve fine-grained changes. However, it can also be the root cause for maintainers getting flooded with notifications. With regards to Renovate [noise reduction](https://docs.renovatebot.com/noise-reduction/) and related to #93, one of the most powerful ways is grouping related dependencies into a single Pull Request. This introduces the following reusable presets: - Golang dependencies - NPM dependencies - Workflow/Actions dependencies - Security fixes (depends on an experimental feature: https://github.com/renovatebot/renovate/discussions/20542) Combining those presets with proper Pull Request scheduling, they can help finding a good workflow to keep up-to-date. --- A heads-up about possible downsides of dependency grouping. If a group contains an update that is not possible, one has to either: - manually adjust the Pull Request to not include that package update - manually adjust the repository `renovate.json5` to ignore a specific package version
justusbunsi added 4 commits 2023-12-21 14:57:18 +00:00
Introduce go-deps preset
Signed-off-by: justusbunsi <sk.bunsenbrenner@gmail.com>
b62770c178
Introduce npm-deps preset
Signed-off-by: justusbunsi <sk.bunsenbrenner@gmail.com>
bdc5aa377b
Use local preset source in documentation
Signed-off-by: justusbunsi <sk.bunsenbrenner@gmail.com>
7bcf3234a7
Introduce workflow-deps preset
Signed-off-by: justusbunsi <sk.bunsenbrenner@gmail.com>
bb0dc2f506
justusbunsi added 1 commit 2023-12-21 16:01:18 +00:00
Introduce security preset
Signed-off-by: justusbunsi <sk.bunsenbrenner@gmail.com>
ebe621b11c
Author
Member
Attached, a screenshot of a security vulnerability Pull Request with full expanded details.

renovate-security-vulnerability-pr

<details> <summary>Attached, a screenshot of a security vulnerability Pull Request with full expanded details.</summary> ![renovate-security-vulnerability-pr](/attachments/2e8ba9d2-9548-4f6a-97ba-a30a6acaba81) </details>
justusbunsi requested review from lunny 2023-12-21 16:16:25 +00:00
justusbunsi requested review from wolfogre 2023-12-21 16:16:26 +00:00
wolfogre approved these changes 2023-12-25 01:48:21 +00:00
lunny merged commit 1d063082f2 into main 2023-12-26 03:11:39 +00:00
Sign in to join this conversation.
No reviewers
No Label
No Milestone
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: gitea/renovate-config#97
No description provided.