Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Migrate Talawa Project Dependency Management from Dependabot to Renovate #880

Closed
varshith257 opened this issue Oct 8, 2024 · 6 comments
Closed
Assignees
Labels
dependencies Pull requests that update a dependency file P3 Priority 3 wip Work in Progress

Comments

@varshith257
Copy link
Member

varshith257 commented Oct 8, 2024

Is your feature request related to a problem? Please describe.
The Talawa project currently uses Dependabot for automated dependency updates, which is functional but limited in its capabilities. As the project evolves and scales, we need more control, flexibility and advanced features to manage dependencies more efficiently.

Describe the solution you'd like
Switching to Renovate Bot will provide the Talawa project with:

  • Renovate offers more advanced customization options compared to Dependabot. This includes controlling when updates happen, how they are grouped (e.g., by major, minor, and patch versions), and even setting rules for automatic merging.
  • Renovate excels in managing TypeScript projects, offering smoother dependency updates and better configuration for handling library upgrades across complex project structures.
  • Renovate can prioritize security patches and automatically merge them, reducing the need for constant manual review.
  • Renovate will be able to handle that complexity much better than Dependabot for monorepos.

Additional context
Renovate has been adopted by many projects for its flexibility, control and automation capabilities, which are superior to Dependabot. Other open-source projects, especially in the JavaScript/TypeScript ecosystem, have successfully migrated from Dependabot to Renovate, reporting smoother workflows and fewer disruptions.

Please read this if you are planning to apply for a Palisadoes Foundation internship

@github-actions github-actions bot added dependencies Pull requests that update a dependency file unapproved labels Oct 8, 2024
@varshith257
Copy link
Member Author

The rationale for adding renovate as a dependency bot as I have seen many PRs from dependabot for every minor version of packages and a cluttered flow of PRs everyday to all projects of Talawa.

Renovate has better out-of-the-box support for TypeScript, handling dependencies for complex project structures and monorepos more efficiently than Dependabot. This is particularly useful as Talawa evolves and potentially becomes more complex.

@varshith257
Copy link
Member Author

varshith257 commented Oct 8, 2024

More info - https://docs.renovatebot.com/
cc: @palisadoes

@palisadoes
Copy link
Contributor

Please discuss this on the API channel with the others. We need to see more input before proceeding, if at all.

@xoldd
Copy link
Contributor

xoldd commented Oct 17, 2024

Renovate would be great.

Copy link

This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue.

@github-actions github-actions bot added the no-issue-activity No issue activity label Oct 28, 2024
@varshith257 varshith257 added the wip Work in Progress label Oct 29, 2024
@pranshugupta54 pranshugupta54 transferred this issue from PalisadoesFoundation/talawa-api Oct 29, 2024
Copy link

Congratulations on making your first Issue! 🎊 If you haven't already, check out our Contributing Guidelines and Issue Reporting Guidelines to ensure that you are following our guidelines for contributing and making issues.

@varshith257 varshith257 added P3 Priority 3 and removed unapproved labels Oct 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file P3 Priority 3 wip Work in Progress
Projects
None yet
Development

No branches or pull requests

5 participants