From 1ad75b28dd595791c01057d1501e265bcc7968f3 Mon Sep 17 00:00:00 2001 From: Josh Goldberg Date: Thu, 27 Jun 2024 08:42:30 -0400 Subject: [PATCH 1/2] chore: base Renovate config on config:recommended, without patch updates --- .github/renovate.json5 | 104 ++++++++++++++++------------------------- 1 file changed, 39 insertions(+), 65 deletions(-) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index d42567b92dd6..0169083f5c46 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -1,94 +1,68 @@ { + $schema: 'https://docs.renovatebot.com/renovate-schema.json', + extends: ['config:recommended', ':approveMajorUpdates'], + + dependencyDashboardLabels: ['dependencies', 'repo maintenance'], enabledManagers: ['github-actions', 'npm'], + ignoreDeps: [ - // AJV is out-of-date, but it's intentionally synced with ESLint - https://github.com/eslint/eslint/blob/ad9dd6a933fd098a0d99c6a9aa059850535c23ee/package.json#L70 + // AJV is intentionally synced with ESLint. + // https://github.com/eslint/eslint/blob/13dbecdea749abf51951ce61662eec2621a4b9af/package.json#L77 'ajv', - // globby is ESM so we can't go any higher right now + // ESM only so we can't go higher until we natively run ESM internally. 'globby', - // this dep is now ESM only + // Blocked until we enable ESLint v9 locally in our own PR (#9119). + 'eslint', + // ESM only so we can't go higher until we natively run ESM internally. 'execa', - // the nx packages get updated using the nx migrate CLI - '@nrwl/cli', - '@nx/cli', - '@nrwl/devkit', - '@nx/devkit', - '@nx/jest', - '@nx/jest', - '@nrwl/nx-cloud', - 'nx-cloud', - '@nrwl/tao', ], ignorePaths: [ - // integration test package.json's should never be updated as they're purposely fixed tests + // Integration test package.json's should never be updated as they're purposely fixed tests. 'tests/integration/fixtures', ], - internalChecksFilter: 'strict', + labels: ['dependencies'], - dependencyDashboard: true, - dependencyDashboardLabels: ['dependencies', 'repo maintenance'], - major: { - // most majors will require some manual effort to upgrade to, so we don't want to create - // PRs automatically or else we'll just spam ourselves. - dependencyDashboardApproval: true, - }, - // by default renovate will auto-rebase whenever the dep pranch falls behind main. - // this is annoying as it spams notifications and creates unnecessary action runs. - // instead only auto-rebase when conflicted, and we can trigger a manual rebase if required. - rebaseWhen: 'conflicted', + + // Wait well over npm's three day window for any new package as a precaution against malicious publishes. + // https://docs.npmjs.com/policies/unpublish/#packages-published-less-than-72-hours-ago + minimumReleaseAge: '7 days', + packageRules: [ - // automerge everything but major updates { - matchUpdateTypes: ['minor', 'patch', 'pin', 'digest'], automerge: true, automergeStrategy: 'squash', + description: 'Automerge everything but major updates.', + matchUpdateTypes: ['minor', 'pin', 'digest'], }, - - // label PRs appropriately { - matchManagers: ['npm'], addLabels: ['javascript'], + description: 'Label JS ecosystem PRs appropriately.', + matchManagers: ['npm'], }, { - matchManagers: ['github-actions'], addLabels: ['github-actions'], - }, - - // batch package sets together - { - extends: ['packages:react'], - groupName: 'react', - }, - { - extends: ['monorepo:docusaurus'], - groupName: 'docusaurus', - }, - { - extends: ['monorepo:nrwl'], - groupName: 'nx', - }, - { - matchPackagePrefixes: ['@babel', 'babel-'], - groupName: 'babel', - }, - { - matchPackageNames: ['ts-jest', 'pretty-format'], - matchPackagePrefixes: ['@types/jest', 'jest', '@jest'], - groupName: 'jest', - }, - { - matchPackageNames: ['eslint'], - matchPackagePrefixes: ['@eslint'], - groupName: 'eslint', + description: 'Label GHA ecosystem PRs appropriately.', + matchManagers: ['github-actions'], }, { - matchPackageNames: ['stylelint'], - matchPackagePrefixes: ['@stylelint'], - groupName: 'stylelint', + description: 'Ignore Nrwl/Nx packages updated using the nx migrate CLI.', + enabled: false, + packagePatterns: ['^@nrwl/', '^@nx/', 'nx-cloud'], }, ], + + // We've found enabling patch updates on all dependencies is a lot of noise. + patch: { + enabled: false, + }, + postUpdateOptions: [ - // run yarn dedupe to cleanup the lockfile after updates + // Run yarn dedupe to cleanup the lockfile after updates. 'yarnDedupeHighest', ], - stabilityDays: 3, + + // By default renovate will auto-rebase whenever the dep pranch falls behind main. + // This is annoying as it spams notifications and creates unnecessary action runs. + // Instead only auto-rebase when conflicted, and we can trigger a manual rebase if required. + rebaseWhen: 'conflicted', } From 409170cabb2bc6a9856b28e94aa0d7a9ca4d28b2 Mon Sep 17 00:00:00 2001 From: Josh Goldberg Date: Sat, 29 Jun 2024 09:02:53 -0400 Subject: [PATCH 2/2] Remove automerging --- .github/renovate.json5 | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 0169083f5c46..b1a585e0cbe6 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -28,12 +28,6 @@ minimumReleaseAge: '7 days', packageRules: [ - { - automerge: true, - automergeStrategy: 'squash', - description: 'Automerge everything but major updates.', - matchUpdateTypes: ['minor', 'pin', 'digest'], - }, { addLabels: ['javascript'], description: 'Label JS ecosystem PRs appropriately.',