renovatebot / renovate

Home of the Renovate CLI: Cross-platform Dependency Automation by Mend.io
https://mend.io/renovate
GNU Affero General Public License v3.0
17.49k stars 2.3k forks source link

bun: workspace support #24459

Open rarkins opened 1 year ago

rarkins commented 1 year ago

Describe the proposed change(s).

Use the workspaces field in package.json to detect workspace package.json files

The-Code-Monkey commented 1 year ago

+1

github-actions[bot] commented 1 year ago

Hi there,

Get your issue fixed faster by creating a minimal reproduction. This means a repository dedicated to reproducing this issue with the minimal dependencies and config possible.

Before we start working on your issue we need to know exactly what's causing the current behavior. A minimal reproduction helps us with this.

To get started, please read our guide on creating a minimal reproduction.

We may close the issue if you, or someone else, haven't created a minimal reproduction within two weeks. If you need more time, or are stuck, please ask for help or more time in a comment.

Good luck,

The Renovate team

rarkins commented 1 year ago

I couldn't find a bun workspaces reproduction so can't continue with this issue until that's available!

The-Code-Monkey commented 1 year ago

I can sort out a demo repo on Monday morning.

The-Code-Monkey commented 1 year ago

https://github.com/The-Code-Monkey/bun-demo-monorepo

@rarkins this repo is a dummy repo for the bun mono repo support. I have setup renovate github bot on it too.

rarkins commented 1 year ago

Thanks, but unfortunately Renovate does not detect any dependencies to update according to the onboarding PR. If you replace ranges with fixed versions in the sub-package package.json then it should do it.

The-Code-Monkey commented 1 year ago

Ah ok, I have updated renovate to pin deps and will merge that PR once it does so. hope that helps.

rarkins commented 1 year ago

Well, it will pin them to the latest version, so still won't have any updates to make after that, but if we want a day or two after that..

The-Code-Monkey commented 1 year ago

@rarkins react has an open pr on the demo repo. Just so you are aware, I guess you can test now?

rarkins commented 1 year ago

Reproduction forked to https://github.com/renovate-reproductions/24459

Hebilicious commented 10 months ago

Not sure if you still need some live repositories to investigate, but here's an example of one :

https://github.com/Hebilicious/vue-query-nuxt/blob/main/package.json

Note that I'm using a pnpm-workspace.yaml file for publishing packages only, it is bun monorepo. Would really appreciate proper support, even though sometimes some of the renovate PR randomly passes the tests 🤷🏽

simonknittel commented 8 months ago

I've created the most simple repository for reproducing this: https://github.com/simonknittel/renovate-bun-workspaces

You'll see a package.json which uses workspaces. Each package (a and b) has dependencies which are outdated. Renovate successfully created pull requests for them, but they only update the corresponding package.json and not the bun.lockb of the root directory.

wladpaiva commented 7 months ago

Used the same repro from @simonknittel but only added internal dependency from the root package. https://github.com/wladpaiva/renovate-bun-workspaces

In this case, Renovate doesn't create any PR and dashboard detects dependencies like this: image

...
DEBUG: Using file match: (^|/)\.vela\.ya?ml$ for manager velaci
DEBUG: Using file match: ^\.woodpecker(?:/[^/]+)?\.ya?ml$ for manager woodpecker
DEBUG: Matched 1 file(s) for manager bun: bun.lockb
DEBUG: Matched 3 file(s) for manager npm: package.json, packages/a/package.json, packages/b/package.json
DEBUG: npm file package.json has name "renovate-bun-workspaces"
DEBUG: npm file package.json has name "renovate-bun-workspaces"
DEBUG: npm file packages/a/package.json has name "a"
DEBUG: npm file packages/b/package.json has name "b"
DEBUG: Detecting pnpm Workspaces
DEBUG: Detecting workspaces
DEBUG: Finding locked versions
DEBUG: manager extract durations (ms)
DEBUG: Found bun package files
DEBUG: Found npm package files
DEBUG: Found 3 package file(s)
INFO: Dependency extraction complete
DEBUG: hostRules: no authentication for registry.npmjs.org
DEBUG: PackageFiles.add() - Package file saved for base branch
DEBUG: Package releases lookups complete
DEBUG: branchifyUpgrades
DEBUG: detectSemanticCommits()
DEBUG: getCommitMessages
DEBUG: semanticCommits: detected "unknown"
DEBUG: semanticCommits: disabled
DEBUG: 2 flattened updates found: zod, vitest
DEBUG: Returning 2 branch(es)
DEBUG: config.repoIsOnboarded=true
DEBUG: packageFiles with updates
DEBUG: detectSemanticCommits()
DEBUG: semanticCommits: returning "disabled" from cache
DEBUG: Repository timing splits (milliseconds)
DEBUG: Package cache statistics
DEBUG: http statistics
DEBUG: Package lookup durations
DEBUG: dns cache
INFO: Repository finished
rarkins commented 6 months ago

Latest reproduction forked to https://github.com/renovate-reproductions/24459b

mstuercke commented 4 months ago

Is there a workaround? Is it possible to force Renovate through the configuration to use bun instead of npm?

rarkins commented 4 months ago

No

max-ae commented 1 week ago

Is there any update on this? I am also running into the issue where an update to a dependency in a workspace package.json leads to renovate opening a PR without changes to the bun.lockb lockfile