Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add renovate support for updating lockfile #28

Open
alexeagle opened this issue Apr 9, 2024 · 1 comment
Open

Add renovate support for updating lockfile #28

alexeagle opened this issue Apr 9, 2024 · 1 comment

Comments

@alexeagle
Copy link
Contributor

@mark-thm I know you mentioned some ideas for tooling to manage the lockfile. @cgrindel contributed the Bazel module to renovate so it can send bot PRs against the MODULE.bazel file - maybe a similar approach could work here?

I think the hard part is that each tool has different conventions. Even for those that use GitHub releases to serve artifacts, there are variations on filenames, and some publish checksums while others do not.
@mark-thm mark-thm mentioned this issue Apr 17, 2024
Merged
@mark-thm
Copy link
Contributor

We added some tooling (and documentation) around how we're currently handling this. We like/use Renovate, but it'll be some time before we work through the process of a deeper integration, and are eager to see a bit more plugability in their custom handlers.

mark-thm added a commit that referenced this issue Apr 18, 2024
@mark-thm
Add docs about how to update multitool's lockfile (#31)
2a85256 
We've added a companion CLI called (creatively) `multitool`, that
supports updating GitHub release based artifacts. In practice this is
most of the artifacts we end up working with, and adding support for
other, limited artifact sources seems tractable.

In an ideal world, we'll ultimately teach Renovate how to run updates to
our lockfile. However, looking at [Renovate's support for
Bazel](https://github.com/renovatebot/renovate/blob/d6d1e57763ffefa04767a4d01b028b1d39f27188/lib/modules/manager/bazel/index.ts#L17-L22)
artifact updates: Renovate will update GitHub releases, GitHub tags, Go
datasources, and docker datasources. This is relatively limited, and our
read is that GitHub releases covers the bulk of the artifacts one
expects to encounter.

Additionally, we'd like to make it easy to add new tools and more
generally to manage the lockfile, and plan to add `add`, `remove`, and
`lint` commands to our CLI down the road. We think that'll be useful
even if we had full Renovate support.

In addition to describing that the CLI exists, this PR includes sample
GitHub Actions to use within one's repo. Publicly, one can see the
download-and-execute example in
[rules_uv](https://github.com/theoremlp/rules_uv/blob/main/.github/workflows/periodic-update-multitool.yml).

Partial solution to #28.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alexeagle @mark-thm