eschava
commented
4 months ago Hi, I made all the steps and it says that No Renovate branch updates available So it seems that everything is OK so far
Closed f18m closed 4 months ago
eschava
commented
4 months ago Hi, I made all the steps and it says that No Renovate branch updates available So it seems that everything is OK so far
f18m
commented
4 months ago Let me try to open a branch to validate the configuration of Renovate.
Just to confirm: if you go to https://github.com/eschava/psmqtt/settings/installations do you see 'Renovate' listed in 'Installed GitHub Apps' ?
eschava
commented
4 months ago Let me try to open a branch to validate the configuration of Renovate.
Just to confirm: if you go to https://github.com/eschava/psmqtt/settings/installations do you see 'Renovate' listed in 'Installed GitHub Apps' ?
Yep
f18m
commented
4 months ago Ok then if you agree I can merge this PR: https://github.com/eschava/psmqtt/pull/43 which is going to add the config file for Renovate and it's going to pin the versions of dependencies. Pinning the version is useful because a) we know exactly which version of which dependency we are using and b) allows Renovate to open PRs to actually update the pinned version to a newer one, whenever it comes out.
eschava
commented
4 months ago sure, do whatever you find useful
f18m
commented
4 months ago @eschava I guess you have Dependabot app installed as well. Anyhow. For some reason Renovate PRs are not coming, but instead we got a Dependabot PR which I merged (https://github.com/eschava/psmqtt/commit/fdc6e54294649a30557d2f09bb88f371c8ac0769) after fixing a small error in the github CI/CD. I think DependaBot and Renovate are mostly equivalent... thus closing this ticket. The repo will now be automatically maintained in sync with dependencies, cool!
hi @eschava , One good thing to have on Python projects is a bot like Renovate that will automatically create PRs to update dependencies when a new dependency version comes out. This helps both to maintain the project alive and up to date and also with security (new versions hopefully contain security fixes for disclosed CVEs, etc).
As collaborator I cannot add the app myself to this project, because it's yet another owner-only thing. Anyway it's very easy to do: just go to https://github.com/marketplace/renovate and scroll down to the end and click "Install it for free" (it's completely free for open source projects). If I remember correctly it will guide you in a simple process ending with a commit of a file like this one: https://github.com/f18m/ha-alarm-raspy2mqtt/blob/main/renovate.json.
Here you can see the type of dashboard that gets created: https://github.com/f18m/ha-alarm-raspy2mqtt/issues/11 and an example of PR opened by the bot: https://github.com/f18m/ha-alarm-raspy2mqtt/pull/12
Hope this will be useful...