-
Notifications
You must be signed in to change notification settings - Fork 4
Renovate integration
Personally, I always use exact pinning of all the dependency to have better known leg of the updates, If you don't do that, you have many things in the package lock pull request, without any details in the pull request description.
To publish a package with non-exact version in the dependency, see Poetry section.
extends: ['config:base'],
timezone: 'Europe/Zurich',
schedule: 'after 5pm on the first day of the month',
labels: ['dependencies'],
separateMajorMinor: true,
separateMinorPatch: true,
prHourlyLimit: 0,
prConcurrentLimit: 0,
lockFileMaintenance: {
enabled: true,
automerge: true,
schedule: 'after 5pm on the first day of the month',
}, baseBranches: ['x.y', ..., 'master'],
packageRules: [
/** Accept only the patch on stabilization branches */
{
matchBaseBranches: ['/^[0-9]+\\.[0-9]+$/', '/release_.*/'],
matchUpdateTypes: ['major', 'minor', 'pin', 'digest', 'lockFileMaintenance', 'rollback', 'bump'],
enabled: false,
},
]In the .pre-commit-config.yaml file add # npm or # pip after all the additional_dependencies.
Use the following Renovate configuration:
'pre-commit': { enabled: true },
regexManagers: [
/** Do updates on pre-commit additional dependencies */
{
fileMatch: ['^\\.pre\\-commit\\-config\\.yaml$'],
matchStrings: [" +- '?(?<depName>[^' @=]+)(@|==)(?<currentValue>[^' @=]+)'? # (?<datasource>.+)"],
},
],To update the used schema version in the config.yaml, like:
# yaml-language-server: $schema=https://raw.githubusercontent.com/camptocamp/c2cciutils/1.6.15/c2cciutils/schema.jsonuse the following configuration:
regexManagers: [
/** Do update on the schema present in the ci/config.yaml */
{
fileMatch: ['^ci/config\\.yaml$'],
matchStrings: [
'.*https://raw\\.githubusercontent\\.com/(?<depName>[^\\s]+)/(?<currentValue>[0-9\\.]+)/.*',
],
datasourceTemplate: 'github-tags',
},
],By the way, this line is used by VSCode to add some documentation and validation while you edit the configuration file.
packageRules: [
/** Auto merge the dev dependency update */
{
matchDepTypes: ['devDependencies'],
automerge: true,
},
/** Group and auto merge the patch updates */
{
matchUpdateTypes: ['patch'],
groupName: 'all patch versions',
automerge: true,
},
/** Group and auto merge the minor updates */
{
matchUpdateTypes: ['minor'],
groupName: 'all minor versions',
automerge: true,
},
/** Group Poetry packages */
{
matchPackageNames: ['poetry', 'pip'],
matchPackagePrefixes: ['poetry-'],
groupName: 'Poetry',
automerge: true,
},
/** Group and auto merge the CI dependencies */
{
matchFileNames: ['.github/**', '.pre-commit-config.yaml', 'ci/**'],
groupName: 'CI dependencies',
automerge: true,
},
]I want to pin all the dependeny, then with this requirement the requirement.txt is not a good chose...
I try to use Pipenv, but I get many issue during the lock (and also Renovate).
Finally, I use Poetry that I found that a relay good chose, and I like the --no-update option to apply a security fix on a stabilization branch :-).
I use it with the following plugin's configuration to have a good integration:
[tool.poetry]
version = "0.0.0"
[build-system]
requires = [
"poetry-core>=1.0.0",
"poetry-dynamic-versioning[plugin]",
"poetry-plugin-tweak-dependencies-version",
"poetry-plugin-drop-python-upper-constraint",
]
build-backend = "poetry.core.masonry.api"
[tool.poetry-dynamic-versioning]
enable = true
vcs = "git"
pattern = "^(?P<base>\\d+(\\.\\d+)*)"
format-jinja = """
{%- if env.get("VERSION_TYPE") == "version_branch" -%}
{{serialize_pep440(bump_version(base, 1 if env.get("IS_MASTER") == "TRUE" else 2), dev=distance)}}
{%- elif distance == 0 -%}
{{serialize_pep440(base)}}
{%- else -%}
{{serialize_pep440(bump_version(base), dev=distance)}}
{%- endif -%}
"""
[tool.poetry-plugin-tweak-dependencies-version]
default = "present"poetry-dynamic-versioning is used to by able to publish the package with a tag without having to update the version in the package description.
poetry-dynamic-versioning is used to be able to do not pin exact version of the dependency, with this configuration we just require the dependency, but the plugin is relay flexible, see plugin documentation for more details.
poetry-plugin-drop-python-upper-constraint is used because to be able to do the lock poetry requires an upper python version, but usually, we don't want to limit it in the published version.