Skip to content

[9.0] [Renovate] - Enhance dependency ownership checks (#231962)#233530

Merged
legrego merged 5 commits intoelastic:9.0from
legrego:backport/9.0/pr-231962
Sep 2, 2025
Merged

[9.0] [Renovate] - Enhance dependency ownership checks (#231962)#233530
legrego merged 5 commits intoelastic:9.0from
legrego:backport/9.0/pr-231962

Conversation

@legrego
Copy link
Member

@legrego legrego commented Aug 29, 2025

Backport

This will backport the following commits from main to 9.0:

Questions ?

Please refer to the Backport tool documentation

@legrego
[Renovate] - Enhance dependency ownership checks (elastic#231962)
08a1a35 
This pull request improves the dependency ownership tooling and
documentation by enhancing error detection for Renovate rules, updating
labels to use `upgrade-risk` instead of `risk`, and cleaning up unused
dependencies and rules. The main changes are grouped below.

**Dependency Ownership Tooling Improvements:**

* Added detection and reporting of invalid Renovate rules that declare
packages not found in `package.json`, with CLI and test updates to
surface these errors.
(`packages/kbn-dependency-ownership/src/dependency_ownership.ts`,
`packages/kbn-dependency-ownership/src/cli.ts`,
`packages/kbn-dependency-ownership/src/dependency_ownership.test.ts`)
[[1]](diffhunk://#diff-c5dc715085771090ec5994cb4ee3ead140b72e42cc79290ba8ea95d62fe8e571R110-R134)
[[2]](diffhunk://#diff-c5dc715085771090ec5994cb4ee3ead140b72e42cc79290ba8ea95d62fe8e571R197-R203)
[[3]](diffhunk://#diff-bd67d71b8125f465a67bb6c6ef93e341f553f0584aab086fdd8e0876e3ea3c0eL49-R53)
[[4]](diffhunk://#diff-bd67d71b8125f465a67bb6c6ef93e341f553f0584aab086fdd8e0876e3ea3c0eL59-R72)
[[5]](diffhunk://#diff-b57928a4400275ad152ccab121e0745fa94387095458007b2b7187234e44c2b3L83-R120)
* Extended the Renovate rule filter to ignore rules using custom
managers (e.g., GitHub Actions), ensuring only supported rules are
processed. (`packages/kbn-dependency-ownership/src/rule.ts`)

**Documentation and Label Updates:**

* Updated documentation and configuration to replace the `risk` label
with `upgrade-risk` for consistency and clarity.
(`dev_docs/contributing/third_party_dependencies.mdx`, `renovate.json`)
[[1]](diffhunk://#diff-b59b40c70511ae917f0ad9b9fa04c533253b92199a6b9ead6d0755d6f57c81d3L173-R173)
[[2]](diffhunk://#diff-b59b40c70511ae917f0ad9b9fa04c533253b92199a6b9ead6d0755d6f57c81d3L188-R188)
[[3]](diffhunk://#diff-7b5c8955fc544a11b4b74eddb4115f9cc51c9cf162dbffa60d37eeed82a55a57L530-R523)
[[4]](diffhunk://#diff-7b5c8955fc544a11b4b74eddb4115f9cc51c9cf162dbffa60d37eeed82a55a57L597-R590)
[[5]](diffhunk://#diff-7b5c8955fc544a11b4b74eddb4115f9cc51c9cf162dbffa60d37eeed82a55a57L2332-R2324)

**Renovate Rule and Dependency Cleanup:**

* Removed unused dependencies and rules from `renovate.json` and
`package.json`, including several loader and type packages, and
reorganized some group names and labels for clarity. (`renovate.json`,
`package.json`)
[[1]](diffhunk://#diff-7b5c8955fc544a11b4b74eddb4115f9cc51c9cf162dbffa60d37eeed82a55a57L52-L72)
[[2]](diffhunk://#diff-7b5c8955fc544a11b4b74eddb4115f9cc51c9cf162dbffa60d37eeed82a55a57L231)
[[3]](diffhunk://#diff-7b5c8955fc544a11b4b74eddb4115f9cc51c9cf162dbffa60d37eeed82a55a57L661-R654)
[[4]](diffhunk://#diff-7b5c8955fc544a11b4b74eddb4115f9cc51c9cf162dbffa60d37eeed82a55a57L785-R777)
[[5]](diffhunk://#diff-7b5c8955fc544a11b4b74eddb4115f9cc51c9cf162dbffa60d37eeed82a55a57L1154-L1173)
[[6]](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L1746)

**Configuration Parsing Enhancements:**

* Updated config parsing to include `resolutions` from `package.json`
for more accurate dependency checks.
(`packages/kbn-dependency-ownership/src/parse_config.ts`)
[[1]](diffhunk://#diff-047e08324c0973a44d942ff32611200c2cd13ac56d9678ad232622093abc5069R20)
[[2]](diffhunk://#diff-047e08324c0973a44d942ff32611200c2cd13ac56d9678ad232622093abc5069R41-R43)

**Test Coverage Expansion:**

* Added and improved tests to verify detection of invalid Renovate rules
and proper filtering of disabled or custom-manager rules.
(`packages/kbn-dependency-ownership/src/dependency_ownership.test.ts`)
[[1]](diffhunk://#diff-b57928a4400275ad152ccab121e0745fa94387095458007b2b7187234e44c2b3R22-R40)
[[2]](diffhunk://#diff-b57928a4400275ad152ccab121e0745fa94387095458007b2b7187234e44c2b3L83-R120)

These changes enhance the reliability and clarity of dependency
ownership checks and Renovate rule management.

(cherry picked from commit d82fc92)

# Conflicts:
#	package.json
@legrego legrego added the backport This PR is a backport of another PR label Aug 29, 2025
@legrego legrego requested a review from kibanamachine as a code owner August 29, 2025 19:38
@legrego legrego added the backport This PR is a backport of another PR label Aug 29, 2025
@legrego legrego enabled auto-merge (squash) August 29, 2025 19:38
@legrego legrego mentioned this pull request Aug 29, 2025
Merged
kc13greiner
kc13greiner approved these changes Aug 29, 2025
View reviewed changes
Copy link
Contributor

@kc13greiner kc13greiner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Backport LGTM!

@elasticmachine
Copy link
Contributor

elasticmachine commented Sep 2, 2025
edited
Loading

💔 Build Failed

Failed CI Steps

History

@legrego legrego merged commit 008c502 into elastic:9.0 Sep 2, 2025
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kc13greiner kc13greiner kc13greiner approved these changes

@kibanamachine kibanamachine Awaiting requested review from kibanamachine kibanamachine is a code owner

Assignees

No one assigned

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@legrego @elasticmachine @kc13greiner