l0b0 commented 1 year ago

What would you like Renovate to be able to do?

Niv is described as

Easy dependency management for Nix projects

It would be great if Renovate would support updating the lock file this creates. Others have also expressed a wish for this.

If you have any ideas on how this should be implemented, please tell us here.

Niv comes with an update subcommand to update an existing lock file. Wiring this into Renovate would presumably be easy.

Is this a feature you are interested in implementing yourself?

No

github-actions[bot] commented 1 year ago

Hi there,

You're asking us to support a new package manager. We need to know some basic information about this package manager first. Please copy/paste the new package manager questionnaire, and fill it out in full.

Once the questionnaire is filled out we'll decide if we want to support this new manager.

Good luck,

The Renovate team

l0b0 commented 1 year ago

New package manager questionnaire

Did you read our documentation on adding a package manager?

[ ] I've read the adding a package manager documentation.

Basics

Name of package manager

Niv

What language does this support?

Nix

How popular is this package manager?

1,134 stars on GitHub, 59 forks, 26 contributors.

Does this language have other (competing?) package managers?

[x] Yes, nix flake
[ ] No

Package File Detection

What type of package files and names does it use?

Nix.

What fileMatch pattern(s) should be used?

["^nix/sources\\.json$"]

Is it likely that many users would need to extend this pattern for custom file names?

[ ] Yes
[x] No

Is the fileMatch pattern likely to get many "false hits" for files that have nothing to do with package management?

No

Parsing and Extraction

Can package files have "local" links to each other that need to be resolved?

I don't know.

Is there a reason why package files need to be parsed together (in serial) instead of independently?

No

What format/syntax is the package file in?

[x] JSON
[ ] TOML
[ ] YAML
[ ] Custom (explain below)

How do you suggest parsing the file?

[x] Off the shelf parser
[ ] Using regex
[ ] Custom-parsed line by line
[ ] Other

Does the package file structure distinguish between different "types" of dependencies? e.g. production dependencies, development dependencies, etc?

[ ] Yes, production and development dependencies
[x] No, all dependencies are treated the same

List all the sources/syntaxes of dependencies that can be extracted

Sorry, I don't know what that means.

Describe which types of dependencies above are supported and which will be implemented in future

Sorry, I don't know what that means.

Versioning

What versioning scheme does the package file(s) use?

Git revision

Does this versioning scheme support range constraints, e.g. `^1.0.0` or `1.x`?

[ ] Supports range constraints (e.g ^1.0.0 or 1.x)
[x] No

Lookup

Is a new datasource required? Provide details

[ ] Yes, provide details.
[x] No.

Will users need the capability to specify a custom host/registry to look up? Can it be found within the package files, or within other files inside the repository, or would it require Renovate configuration?

No, the registry is in nix/sources.json.

Do the package files have any "constraints" on the parent language (e.g. supports only v3.x of Python) or platform (Linux, Windows, etc.) that should be used in the lookup procedure?

No.

Will users need the ability to configure language or other constraints using Renovate config?

I don't know.

Artifacts

Are lock files or checksum files used? Are they mandatory?

No, the checksum is in nix/sources.json.

If so, what tool and exact commands should be used if updating one or more package versions in a dependency file?

Not applicable.

If applicable, describe how the tool maintains a cache and if it can be controlled via CLI or environment variables? Do you recommend the cache be kept or disabled/ignored?

I don't know.

If applicable, what command should be used to generate a lock file from scratch if you already have a package file? This will be used for "lock file maintenance"

Not applicable.

Other

Is there anything else to know about this package manager?

github-actions[bot] commented 1 year ago

Hi there,

Get your issue fixed faster by creating a minimal reproduction. This means a repository dedicated to reproducing this issue with the minimal dependencies and config possible.

Before we start working on your issue we need to know exactly what's causing the current behavior. A minimal reproduction helps us with this.

To get started, please read our guide on creating a minimal reproduction.

We may close the issue if you, or someone else, haven't created a minimal reproduction within two weeks. If you need more time, or are stuck, please ask for help or more time in a comment.

Good luck,

The Renovate team

renovatebot / renovate

Niv support #20716

What would you like Renovate to be able to do?

If you have any ideas on how this should be implemented, please tell us here.

Is this a feature you are interested in implementing yourself?

New package manager questionnaire

Basics

Name of package manager

What language does this support?

How popular is this package manager?

Does this language have other (competing?) package managers?

Package File Detection

What type of package files and names does it use?

What fileMatch pattern(s) should be used?

Is it likely that many users would need to extend this pattern for custom file names?

Is the fileMatch pattern likely to get many "false hits" for files that have nothing to do with package management?

Parsing and Extraction

Can package files have "local" links to each other that need to be resolved?

Is there a reason why package files need to be parsed together (in serial) instead of independently?

What format/syntax is the package file in?

How do you suggest parsing the file?

Does the package file structure distinguish between different "types" of dependencies? e.g. production dependencies, development dependencies, etc?

List all the sources/syntaxes of dependencies that can be extracted

Describe which types of dependencies above are supported and which will be implemented in future

Versioning

What versioning scheme does the package file(s) use?

Does this versioning scheme support range constraints, e.g. `^1.0.0` or `1.x`?

Lookup

Is a new datasource required? Provide details

Will users need the capability to specify a custom host/registry to look up? Can it be found within the package files, or within other files inside the repository, or would it require Renovate configuration?

Do the package files have any "constraints" on the parent language (e.g. supports only v3.x of Python) or platform (Linux, Windows, etc.) that should be used in the lookup procedure?

Will users need the ability to configure language or other constraints using Renovate config?

Artifacts

Are lock files or checksum files used? Are they mandatory?

If so, what tool and exact commands should be used if updating one or more package versions in a dependency file?

If applicable, describe how the tool maintains a cache and if it can be controlled via CLI or environment variables? Do you recommend the cache be kept or disabled/ignored?

If applicable, what command should be used to generate a lock file from scratch if you already have a package file? This will be used for "lock file maintenance"

Other

Is there anything else to know about this package manager?

renovatebot / renovate

Niv support #20716

What would you like Renovate to be able to do?

If you have any ideas on how this should be implemented, please tell us here.

Is this a feature you are interested in implementing yourself?

New package manager questionnaire

Basics

Name of package manager

What language does this support?

How popular is this package manager?

Does this language have other (competing?) package managers?

Package File Detection

What type of package files and names does it use?

What fileMatch pattern(s) should be used?

Is it likely that many users would need to extend this pattern for custom file names?

Is the fileMatch pattern likely to get many "false hits" for files that have nothing to do with package management?

Parsing and Extraction

Can package files have "local" links to each other that need to be resolved?

Is there a reason why package files need to be parsed together (in serial) instead of independently?

What format/syntax is the package file in?

How do you suggest parsing the file?

Does the package file structure distinguish between different "types" of dependencies? e.g. production dependencies, development dependencies, etc?

List all the sources/syntaxes of dependencies that can be extracted

Describe which types of dependencies above are supported and which will be implemented in future

Versioning

What versioning scheme does the package file(s) use?

Does this versioning scheme support range constraints, e.g. ^1.0.0 or 1.x?

Lookup

Is a new datasource required? Provide details

Will users need the capability to specify a custom host/registry to look up? Can it be found within the package files, or within other files inside the repository, or would it require Renovate configuration?

Do the package files have any "constraints" on the parent language (e.g. supports only v3.x of Python) or platform (Linux, Windows, etc.) that should be used in the lookup procedure?

Will users need the ability to configure language or other constraints using Renovate config?

Artifacts

Are lock files or checksum files used? Are they mandatory?

If so, what tool and exact commands should be used if updating one or more package versions in a dependency file?

If applicable, describe how the tool maintains a cache and if it can be controlled via CLI or environment variables? Do you recommend the cache be kept or disabled/ignored?

If applicable, what command should be used to generate a lock file from scratch if you already have a package file? This will be used for "lock file maintenance"

Other

Is there anything else to know about this package manager?

Does this versioning scheme support range constraints, e.g. `^1.0.0` or `1.x`?