-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci: implement renovate #122
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work, excited to see this in action.
Please squash the fix
commit with the parent commit
The quickest way is probably:
git reset HEAD^
git add .github
git commit --amend
You can use git diff
to validate that everything is "still there", for example:
git diff upstream/ci/renovate
Assuming this repository is locally tracked as upstream
this will give you a diff between what you have locally and the exact state of affairs in this PR
uses: renovatebot/[email protected] | ||
with: | ||
configurationFile: .github/renovate.json | ||
token: ${{ secrets.RENOVATE_TOKEN }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added a token for now, but going forward let's switch to an app instead https://github.com/renovatebot/github-action#example-with-github-app
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, I'll swap it over to a GitHub App in another PR. Let's see if this config performs well first - you can see examples of the PRs it creates over here: https://github.com/strophy/docker-protobuf/pulls?q=is%3Apr+is%3Aclosed
Manually updating dependencies is boring, and creates increasing amounts of work as we add support for more plugins. This PR implements Renovate bot to update dependencies. It will be necessary to create a GitHub token named
RENOVATE_TOKEN
with repo level access to use this bot, as described here.I have stored configuration metadata in
renovate.json
, but much of this could be moved intodeps.list
itself as annotations to each line, describing the type and source of the dependency update (see example here). This would be a bit more DRY, but makes the deps file look quite cluttered.Since Docker Hub is actually the source of many of our updates, I have moved entire image tags into the deps.list file, to avoid problems such as
golang:${GO_VERSION}-alpine${ALPINE_VERSION}
being parsed intogolang:1.19.3-alpine3.17
when this image does not actually exist yet, because Alpine 3.17 is still very new.Finally, I have not yet been able to get the bot to support updating the commit hash for
GOOGLE_API_VERSION
. Issue open with Renovate devs here.