Hi Misagh, very interesting tool, +1 for me about setting it up on Syncope.
The only thing that comes to my mind is that that we should setup, first, a set of "critical" dependencies to exclude (due to breaking changes or integration issues with other dependencies), I'm thinking about Spring and/or major releases, Wicket, Wicket-bootstrap, etc.
Best regards, Andrea Il 11/12/19 15:00, Misagh Moayyed ha scritto:
Hey Team, I suspect most know about this sort of thing, but I thought to share this with you: https://github.com/renovatebot/renovate I think this is a useful tool to allow a Github project such as Syncope to automatically receive dependency updates and become self sufficient. It will attempt to parse the project's dependencies/pom and will then begin to issue pull requests with relevant updates. Its schedule, update policy and inclusion/exclusion rules can all be controlled via a .renovate JSON file. It can run in two ways: 1- As a GitHub app, which would be installed for the Apache org on Github and enabled for select repositories, such as Syncope. This option requires coordination/permission from Apache infra, and updates are then automatic. 2- As a CLI tool, where a committer's personal access token is passed as a command-line argument, and the tool can run as part of CI. This option probably does not require anything from Apache infra [?], and updates can be cancelled as part of the CI job that runs the tool. I am not sure what the CLA policy would be for bots; the second option probably [?] covers this, as PRs are issued on behalf of the committer whose AT is used. Either way, it seems like we need clarification from Apache infra. This is an example of a pull request by the bot: https://github.com/Jasig/uPortal/pull/1849 This is an example of the bot's JSON configuration file: https://github.com/Jasig/uPortal/blob/master/renovate.json How do you feel about this? Is this a good option to pursue and follow up? The bot also has the ability to rebase PRs, and can also take over the merging process automatically if CI passes or other rules allow. (At some point in the future, I think it will also gain the ability to travel back in time and kill Sarah Connor [1], but that has yet to be fully verified.) --Misagh [1] https://www.wikiwand.com/en/Sarah_Connor_(Terminator)
-- Dott. Andrea Patricelli Tel. +39 3204524292 Engineer @ Tirasa S.r.l. Viale Vittoria Colonna 97 - 65127 Pescara Tel +39 0859116307 / FAX +39 0859111173 http://www.tirasa.net Apache Syncope PMC Member
