stop using renovate
Categories
(Tecken :: General, task, P3)
Tracking
(Not tracked)
People
(Reporter: willkg, Assigned: willkg)
Details
Attachments
(1 file)
Tecken currently uses two different systems to automatically maintain dependencies: dependabot and renovate. Because of that, on the first of the month, we get overlapping PRs updating things like docker images.
Renovate updates JS dependencies and docker images. Dependabot updates Python dependencies and docker images and handles security issues in JS dependencies. Since Tecken has no tests for its JS code since it's considered not important, it makes no sense to update dependencies that aren't security issues and create a bunch of churn that can break things without us knowing.
This bug covers disabling renovate so we're only using dependabot.
|
Assignee | |
Comment 1•5 years ago
|
||
Grabbing this because I'm tired of dealing with the overlap between dependabot and renovate.
Looks like renovate is installed as an integration or something like that. I think whoever has access to that thing can probably disable it for tecken. Alternatively, we have to add a renovate.json file with this in it:
{
"enabled": false
}
https://docs.renovatebot.com/configuration-options/#enabled
I'd like to not have to do that, though.
I'll ask around.
|
|
Assignee | |
Comment 2•5 years ago
|
||
Hal: Is there a way to disable Renovate for Tecken and Socorro projects?
(In reply to Will Kahn-Greene [:willkg] ET needinfo? me from comment #2)
Hal: Is there a way to disable Renovate for Tecken and Socorro projects?
Yep -- you just have to file a bug -- preferably per https://wiki.mozilla.org/GitHub, but I just did it from this one this time.
|
|
Assignee | |
Comment 4•5 years ago
|
||
Sorry about that--I didn't realize that apps were also covered in that GitHub wiki page.
Thank you!
|
|
Assignee | |
Comment 5•5 years ago
|
||
|
|
Assignee | |
Comment 6•5 years ago
|
||
Description
•