Renovate

Renovate

Renovate is a bot that finds dependencies that need updating and creates PRs to update them.

There are several ways to run it, but the one that seems most useful is to install it as a GitHub app.

Some concerns I have:

• it can only handle SDK style projects, so not .NET 4.x projects
• it creates a config file in each repos that it handles, unless you configure it to handle all repos (I thought I read that, but can’t find it now)
• how to test? It will go ahead and do it’s thing, ie creating lots of PRs, so it’s kinda intrusive. Although they do highlight “no risk onboarding”, meaning that it’ll create PRs, but it’s up to you to check and merge them.
• can it be configured to only handle internal (private) repos? We want to update our packages in our repos, but not all public dependencies - we have dependabot for that.
• will it work with Central Package Management? And with Directory.Build.targets?
• will it detect incoming updates, eg if it creates a PR on repo A, and repo B depends on A, will it know that there will also be a PR for repo B? ie, will it know in advance what it will need to do in total? In any case, it obviously won’t update the VERSION file, so we’ll need to do that in the PRs that it creates

Configuration:

• where does it store its configuration? There’s a dashboard and some global configuration - where does that live?
• default is one PR per dependency, but we’ll want batch
• maybe we want on-demand updates so that we can do it when we want

Plan:

• Plan B: enable it on all repos
  • because that’s probably what we want in the end - or not?
  • will it create a config file per repo? I thought not BICBW
  • it’ll create a PR (or lots of PRs) with updates
  • probably not a good idea
• Plan A: enable it on a few repos
  • engine (and interface), parser (and interface), interviewing
  • see what it does
  • add more repos