-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added note on renovate vs dependabot #7378
base: master
Are you sure you want to change the base?
Conversation
@@ -71,6 +71,8 @@ IMPORTANT: These files may have been set up this way by the https://github.com/j | |||
|
|||
=== Configure Dependabot | |||
|
|||
Note:: If you have a `.github/renovate.json`, do not configure Dependabot. link:https://www.jenkins.io/blog/2023/09/20/renovate-bot-probe-blog[For more details] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks a lot for this contribution. 👍
We shouldn't be too categorical; perhaps we could propose a discussion with other maintainers to choose the right tool for handling dependency updates.
The long-term goal is to ensure that maintainers are comfortable with the tools they use.
If a maintainer is working alone on a project and prefers Dependabot to Renovate, we should allow them to choose Dependabot and discontinue the use of Renovate.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this should section should really be configure a dependency update tool either renovate or dependabot.
When this was written dependabot was the only one in use. Since then renovate has been used a lot more as it is way more powerful
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we all have biases when it comes to choosing our dependency update tool.
Do we really need a "more powerful" tool when a simple one does the trick?
I believe it depends on several factors:
- The complexity of updating certain dependencies
- The maintainers' skills
- The willingness of maintainers to learn a new tool
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we really need a "more powerful" tool when a simple one does the trick?
Yes, dependabot doesn't scale. Its fine for simple cases.
I'm not saying prefer renovate here just to give the option.
In terms of this pull request I think removing the blog link and rewording to:
If you have renovate configured there is no need to configure dependabot
Would be good to work renovate.json
in, keeping in mind it can be in a number of places and people will put it in different ones
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Whilst I agree the whole Renovate/Dependabot discussion is relevant I think this should be be taken outside this PR because:
- if the user does have something then it is important to not override it.
- if the user does not have anything then they likely do not need the power of renovate, it can be changed at a later time.
- as is this PR would prevent some issues coming up like this where a well intended PR was submitted following these current instructions.
Co-authored-by: James Nord <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it is wise to warn people not to add dependabot if renovate is already configured.
As I am new to jenkins, for one of the API plugin I configured the Dependabot as per the documentation.
Whereas plugin were already supporting the Renovate & both do the same job.
Hence adding the note to with details if renovate is not present then only we should configure the dependabot else not.