olizilla
commented
3 years ago @vasco-santos can you compare renovate with the flow we'd get if we use the built in dependabot feature in github, please.
Open vasco-santos opened 3 years ago
olizilla
commented
3 years ago @vasco-santos can you compare renovate with the flow we'd get if we use the built in dependabot feature in github, please.
vasco-santos
commented
3 years ago Sure, I looked into that too. I did not include it because we are using a monorepo where renovate shines in comparison. But I will add it to the original post
State of the Art
web3.storage dependencies versioning is currently controlled by the
package-lock.json. In this kind of project having the guarantees provided by thepackage-lockis important.We currently maintain the web3.storage dependency updates manually, basically each time we add a new dependency, or want to update a given dependency because we know that it will bring needed functionality or fixes in.
This approach has a few problems:
On the other side of the spectrum, we do not have any noise from automation, which in a super active project can easily be annoying and distractive.
Potential Solutions
1. Renovate
renovate can be configured so that it minimizes noise during active development. For instance, we can define a schedule for weekend updates.
While we can setup automerge, we will still need human interaction when CI stops working.
For who watches the repo, there will still be notifications, but we also have them for release bot. Considering we make them outside weekdays should be a good compromise.
In comparison with the well known dependabot, despite being similar, renovate has extra benefits including:
ipfs-car, which is shared among several packages2. Weekly Task
The less noisy and simple approach would be to have someone update every dependency each week. This will need more manual work and management to guarantee we are consistent in doing this.
This can be part of the on call duties to easily distribute the load.
Conclusions
Renovate seems to make sense and avoid a lot of our main concerns (noise and distractions). I think we should give it a try and see if it suits our needs.