search

renovatebot / renovate

Home of the Renovate CLI: Cross-platform Dependency Automation by Mend.io
https://mend.io/renovate
GNU Affero General Public License v3.0
17.19k stars 2.25k forks source link

Support pinned presets #29946

Open HonkingGoose opened 2 months ago

HonkingGoose commented 2 months ago

Describe the proposed change(s).

This feature is about supporting pinned presets.

Example

Snippet of a user's configuration:

  "extends": ["local>myproject/renovate-config#1.0.3"]

When the user publishes a new version of their config, Renovate creates a PR to update the preset:

- "extends": ["local>myproject/renovate-config#1.0.3"]
+ "extends": ["local>myproject/renovate-config#1.0.4"]

Context

A user asked if Renovate recommends pinning organizational presets, and @rarkins responded:

I don't think most people would need to do this (pin org presets), because the "noise" it creates (a PR/commit in every repo each time there's a change to the central preset) likely isn't worth it for the "safety" it provides. Also if you set it to automatically merge the upgrades you probably break yourself anyway.

On the other hand, the more pinned your dependencies are (and this is in theory a dependency too), the more reproducible your software is, so I wouldn't call it a bad idea.

This could perhaps be done with a custom regex manager, although "first class" support with its own manager would be nice too.

@rarkins also wanted me to create a new issue for this feature. :smile:

Related discussion

This discussion was the starting point of this idea:

HonkingGoose commented 2 months ago

@rarkins can you explain which solution you want to use for this issue? You mentioned:

  1. Use custom regex manager, or
  2. Write new pinned-presets manager, with first-class support

I've marked this issue as status:requirements because we first need to know the scope of the work. :wink: