Move dependency ownership to Renovate configuration #639
Conversation
|
Great job! No new security vulnerabilities introduced in this pull request |
🔍 SDK Breaking Change Detection ResultsSDK Version:
Breaking change detection completed. View SDK workflow |
trmartin4
changed the title
trmartin4
changed the title
djsmith85
left a comment
djsmith85
left a comment
There was a problem hiding this comment.
The Cargo.toml checks are great, we should probably also include them in dep-ownership over on clients so we can check them for apps/desktop/desktop_native/Cargo.toml
| $schema: "https://docs.renovatebot.com/renovate-schema.json", | ||
| extends: ["github>bitwarden/renovate-config:non-pinned"], | ||
| separateMajorMinor: true, | ||
| enabledManagers: ["cargo", "dockerfile", "github-actions", "npm", "nuget", "custom.regex"], |
There was a problem hiding this comment.
Removing gomod seems fine, as I can't see anything using go currently
There was a problem hiding this comment.
Yep, I think that this was a holdover from when the SM SDK and its integrations were in the same repo, in that case we needed Go and Python.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #639 +/- ##
=======================================
Coverage 78.88% 78.88%
=======================================
Files 291 291
Lines 31689 31689
=======================================
Hits 24998 24998
Misses 6691 6691 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Great catch! I've added the check here: bitwarden/clients#18153. |
trmartin4
requested review from
djsmith85
and removed request for
dani-garcia
🎟️ Tracking
https://bitwarden.atlassian.net/browse/PM-30256
📔 Objective
This PR adds more flexibility to dependency management for
sdk-internalto reflect the maturity of its dependencies to include multiple teams, as more teams take an active role in SDK development. It takes steps to make the dependency ownership insdk-internalmatchclients, by doing the following:Cargo.toml,Cargo.lock,package.json, andpackage-lock.json, so that dependency updates do not always trigger Platform review.renovate.jsontorenovate.json5to matchclients, allowing comments in the Renovate file for clarity.renovate.json5so they can be explicitly managed by each team.minorupdates to match [PM-29822] Improve Platform dependency inflow clients#17981 inclients.lockFileMaintenanceto Platform to match [PM-29822] Improve Platform dependency inflow clients#17981 inclients.dep-ownership.tsscript to match the one inclients, with the addition of Cargo dependencies as well as NPM and adds it to thelint.ymlworkflow.⏰ Reminders before review
team
🦮 Reviewer guidelines
:+1:) or similar for great changes:memo:) or ℹ️ (:information_source:) for notes or general info:question:) for questions:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmedissue and could potentially benefit from discussion
:art:) for suggestions / improvements:x:) or:warning:) for more significant problems or concerns needing attention:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt:pick:) for minor or nitpick changes