NightOwl888 commented on PR #1187: URL: https://github.com/apache/lucenenet/pull/1187#issuecomment-3315402000
I requested to enable Renovate on this repository: https://issues.apache.org/jira/browse/INFRA-27255 Per the [GitHub Actions Policy](https://infra.apache.org/github-actions-policy.html), Dependabot is a requirement when running GitHub Actions. However, per ChatGPT Dependabot doesn't meet our needs (for example, it doesn't support any way to update dependencies per `$(TargetFramework)`). Mend Renovate is a more configurable alternative. However, it does take a bit of effort to get the configuration into shape. It can be configured a number of ways, but this is called Forking Renovate, which has a handy configuration dashboard here: https://developer.mend.io/github/apache/lucenenet ## Configuration I found that installing the local Node app (which can be installed via NPM) is a good way to rapidly try different configuration options. ```console npm install -g [email protected] ``` > [!NOTE] > The tool is upgraded frequently and configuration options have changed pretty rapidly over time. So, it is important to use the same version that the bot uses. However, I tested this using a GitHub Action, so I have not yet explored how to figure out which version the bot is running. Using the latest and updating the local copy frequently is probably the safest bet. It can then be run with local scope and verbose logging to check whether the config options and packages are being detected. ```console renovate --platform=local --repository-cache=reset > F:\renovate-log.txt ``` It doen't provide any info on what a PR it would generate would look like, though. AFAIK, that test has to be done on a real repository (although it could be a fork so we don't pollute this one with PR spam). Although ChatGPT is helpful, it often suggests outdated configuration options that may or may not still function. I found these blog posts very helpful when doing custom regex matching: - https://anthonysimmon.com/locally-test-validate-renovate-config-files/ - https://anthonysimmon.com/nuget-version-range-updates-dotnet-renovate/ While we could configure it to detect the versions from `.build/dependencies.props` and update them, it would probably be simpler to migrate to [Central Package Management](https://learn.microsoft.com/en-us/nuget/consume-packages/central-package-management) so the versions are detected automatically. We also have to consider that we don't want some of these packages to be upgraded (or at least not to the latest version) in certain cases and whether to group dependencies together in a single PR vs getting a PR for every one. I think for the time being, it probably makes sense to group all GitHub Actions tasks into a single PR, for example. The official configuration docs are here: https://docs.renovatebot.com/configuration-options/ I created a configuration for repo here: https://github.com/NightOwl888/lucenenet-codeanalysis-dev/blob/e9d5a3f24cb95f0a4dc3534c3e11337cd9497e9e/renovate.json, which can be used as a starting point for this one. However, do note that configuration is for a GitHub workflow, so there is no schedule set up. ------------ We definitely don't want to use the default configuation, as certain packages (for example the `src/dotnet/Lucene.Net.CodeAnalysis.CSharp/Lucene.Net.CodeAnalysis.CSharp.csproj` and `src/dotnet/Lucene.Net.CodeAnalysis.CSharp/Lucene.Net.CodeAnalysis.VisualBasic.csproj`) should not be upgraded. Also, the GitHub Actions policy is to pin to the commit hash rather than version number (which I worked out how to do in the above example configuration). Let me know if interested in helping out on getting the initial configuration set up. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
