straight-shoota
commented
1 year ago Closed renovate[bot] closed 1 year ago
straight-shoota
commented
1 year ago 
oprypin
commented
1 year ago Hmm I don't want to pin GitHub's own actions, there's no security benefit if we're running on their machines
oprypin
commented
1 year ago And as for Python deps, I'd want that to happen all at once and rarely.
will create 13 Pull Requests:
That doesn't sound good at all 😯
oprypin
commented
1 year ago I also suspect that it doesn't understand the structure of the Python dependencies. If any of them gains a new dependency of their own, it will not be reflected.
https://github.com/crystal-lang/install-crystal/blob/master/docs/requirements.in are our true dependencies definitions
https://github.com/crystal-lang/install-crystal/blob/master/docs/requirements.txt is only derivative but it looks like it wants to update them directly
straight-shoota
commented
1 year ago There's a ton of options to tell renovate what we want it to do. Just need to figure out the right ones 😆 https://docs.renovatebot.com/configuration-options/
oprypin
commented
1 year ago Python probably needs https://docs.renovatebot.com/modules/manager/pip-compile/
And for GitHub let's not Add helpers:pinGitHubActionDigests
oprypin
commented
1 year ago There are ways to limit how often it runs and also there are ways to batch all upgrades.
Both described here but I haven't fully understood it yet https://docs.renovatebot.com/noise-reduction/
I think I'd want it to make 3 PRs not more than once a month: update all GitHub stuff, update all JS stuff, update all Python docs deps
Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.
🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.
Detected Package Files
.github/workflows/deploy-docs.yml(github-actions).github/workflows/main.yml(github-actions).github/workflows/release.yml(github-actions)package.json(npm)docs/requirements.in(pip-compile)Configuration
🔡 Renovate has detected a custom config for this PR. Feel free to ask for help if you have any doubts and would like it reviewed.
Important: Now that this branch is edited, Renovate can't rebase it from the base branch any more. If you make changes to the base branch that could impact this onboarding PR, please merge them manually.
What to Expect
With your current configuration, Renovate will create 1 Pull Request:
Refresh pip-compile outputs
- Schedule: ["after 5am and before 8am on the first day of the month"] - Branch name: `renovate/docs-python-deps` - Merge into: `master` - Regenerate lock files to use latest dependency versions❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section. If you need any further assistance then you can also request help here.
This PR has been generated by Mend Renovate. View repository job log here.