stefanbucur
commented
1 month ago I think I need more context here - why do we need to support Renovate here?
Open mmorel-35 opened 1 month ago
stefanbucur
commented
1 month ago I think I need more context here - why do we need to support Renovate here?
mmorel-35
commented
1 month ago This will help update Bazel and github-actions dependencies . I have an example of the setup on my fork here
fmeum
commented
1 month ago With Bzlmod and its Minimum Version Selection, it's actually better to not update dependencies of "library projects" (such as rulesets). That avoids forcing users to upgrade.
It would make sense to test against the latest versions of all deps in CI on a regular basis, but that's not covered by the currently available tooling.
stefanbucur
commented
1 month ago I'd also err on keeping things as they currently are. We are a small project and dependency management hasn't been an issue so far, but too much dependency churn can increase maintenance cost.
mmorel-35
commented
1 month ago You can parametrize the bot to only propose updates for a type of dependencies. So it could be only github-actions for example.
Renovate provides a way to receive pr when a new version is available for a dependency.
Only renovate (vs dependabot) handle bazel dependencies . This setup configuration dor a weekly check with renovate. It requiees to be activated on the project or organisation level to work correctly . See doc to finalize