Skip to content

Konflux onboarding: add Renovate configuration#961

Closed
brunoapimentel wants to merge 1 commit into
hermetoproject:mainfrom
brunoapimentel:renovate-config
Closed

Konflux onboarding: add Renovate configuration#961
brunoapimentel wants to merge 1 commit into
hermetoproject:mainfrom
brunoapimentel:renovate-config

Conversation

@brunoapimentel

@brunoapimentel brunoapimentel commented May 26, 2025

Copy link
Copy Markdown
Member

In order to avoid getting a flood of PRs by Renovate, we need to configure package group for the updates. The initial renovate.json file introduced here tries to mostly copy what we have configured for Dependabot. The only configuration I have not copied yet is the supression of pydating-core updates (see this commit), since I want to test how Renovate deals with this particular dependency.

In any case, this change assumes that we want all the updates to be handled by Renovate. Alternatively, we can still keep all the updates by Dependabot, and only rely on Renovate to update the Tekton CI definitions.

For more info on Renovate configuration, check the official docs.

This should only be merged after #930.

Maintainers will complete the following section

  • Commit messages are descriptive enough
  • Code coverage from testing does not decrease and new code is covered
  • Docs updated (if applicable)
  • Docs links in the code are still valid (if docs were updated)

The newly introduced renovate.json file essentially copies the
configuration that currently exists in the dependabot.yml file.

The only configuration not carried over is the one that ignores updates
to pydantic-core, since we want to test Renovate's behavior regarding
this package, to avoid needing to convert the dependabot-pipcompile.yml
hook.

Signed-off-by: Bruno Pimentel <bpimente@redhat.com>
@eskultety

eskultety commented May 27, 2025

Copy link
Copy Markdown
Member

In any case, this change assumes that we want all the updates to be handled by Renovate. Alternatively, we can still keep all the updates by Dependabot, and only rely on Renovate to update the Tekton CI definitions.

Definitely not both. Renovate seems to be more feature-complete than Dependabot and as a bonus is vendor-agnostic which Dependabot is not. Quickly skimmed through the docs and with the plethora of examples it looks like a step in the right direction.
I also checked https://github.com/hermetoproject/hermeto/blob/main/.github/workflows/dependabot-pipcompile.yml to make sure that workflow would not be impacted by integrating with Renovate. I'm curious about the pydantic-core test results, IOW if we could ditch the mentioned workflow I added in the past to address the pydantic/-core async release cycle that would be nice.

Edit: YAML is definitely more human-readable than JSON, but I think I can live with that :)

@slimreaper35

Copy link
Copy Markdown
Member

Does the renovate bot support Containerfiles too ? Currently, we have a symlink to Dockerfile.

@eskultety

Copy link
Copy Markdown
Member

Does the renovate bot support Containerfiles too ? Currently, we have a symlink to Dockerfile.

Yes, it does: https://docs.renovatebot.com/modules/manager/dockerfile/#default-config

@taylormadore

Copy link
Copy Markdown
Member

Just reviewing stale PRs: This looks like it has been overcome-by-events and is no longer relevant? I think we can close this after the new downstream is live

@brunoapimentel

Copy link
Copy Markdown
Member Author

Closing because we abandoned the intent of onboarding this repository to Konflux.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

4 participants