gitea/renovate-config
10
4
Fork 4
Code Issues 1 Pull Requests Actions Wiki Activity
main
renovate-config/README.md
justusbunsi 1d063082f2
Some checks failed
renovate / renovate (push) Has been cancelled
Details
Provide reusable presets for the most common dependency types in Gitea projects (#97) 
Renovate by default doesn't group dependencies. This is to achieve fine-grained changes. However, it can also be the root cause for maintainers getting flooded with notifications.
With regards to Renovate [noise reduction](https://docs.renovatebot.com/noise-reduction/) and related to #93, one of the most powerful ways is grouping related dependencies into a single Pull Request.

This introduces the following reusable presets:

- Golang dependencies
- NPM dependencies
- Workflow/Actions dependencies
- Security fixes (depends on an experimental feature: https://github.com/renovatebot/renovate/discussions/20542)

Combining those presets with proper Pull Request scheduling, they can help finding a good workflow to keep up-to-date.

---

A heads-up about possible downsides of dependency grouping. If a group contains an update that is not possible, one has to either:
- manually adjust the Pull Request to not include that package update
- manually adjust the repository `renovate.json5` to ignore a specific package version

Reviewed-on: #97
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Co-committed-by: justusbunsi <sk.bunsenbrenner@gmail.com>
2023-12-26 03:11:38 +00:00

2.6 KiB
Raw Permalink Blame History

renovate-config

To host the renovate config.

  • config.js holds the self-hosted Renovate configuration so that Renovate knows what and how it should process.
  • renovate.json in this repository ensures to receive Renovate updates.
  • default.json holds the basic config for all repositories. It extends the presets by the renovate project defined in renovate-schema.json.
  • Each repository can extend/alter this config by adding a renovate.json file to the root of the repository.

Reusable presets

Golang dependency group

What it does:

  • Groups all Golang dependencies into one PR
    • Respects your repository's separateMajorMinor setting1
  • Runs go mod tidy before committing to ensure a clean go.sum2

Usage:

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "local>gitea/renovate-config",
+   "local>gitea/renovate-config:go-deps"
  ]
}

NPM dependency group

What it does:

  • Groups all NPM dependencies3 into one PR
    • Respects your repository's separateMajorMinor setting1
  • Groups all NPM dev-dependencies3 into one PR
    • Respects your repository's separateMajorMinor setting1

Usage:

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "local>gitea/renovate-config",
+   "local>gitea/renovate-config:npm-deps"
  ]
}

Workflow dependency group

What it does:

  • Groups all workflow dependencies into one PR
    • Respects your repository's separateMajorMinor setting1

Usage:

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "local>gitea/renovate-config",
+   "local>gitea/renovate-config:workflow-deps"
  ]
}

Security fixes

What it does:

  • Bumps a dependency to resolve a vulnerability4
    • Overrules any scheduling and grouping for that vulnerability

Usage:

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "local>gitea/renovate-config",
+   "local>gitea/renovate-config:security"
  ]
}