Added note on renovate vs dependabot #7378
Conversation
probot-autolabeler
bot
added
the
documentation
| @@ -71,6 +71,8 @@ IMPORTANT: These files may have been set up this way by the https://github.com/j | |||
|
|
|||
| === Configure Dependabot | |||
|
|
|||
| Note:: If you have a `.github/renovate.json`, do not configure Dependabot. link:https://www.jenkins.io/blog/2023/09/20/renovate-bot-probe-blog[For more details] | |||
There was a problem hiding this comment.
Thanks a lot for this contribution. 👍
We shouldn't be too categorical; perhaps we could propose a discussion with other maintainers to choose the right tool for handling dependency updates.
The long-term goal is to ensure that maintainers are comfortable with the tools they use.
If a maintainer is working alone on a project and prefers Dependabot to Renovate, we should allow them to choose Dependabot and discontinue the use of Renovate.
There was a problem hiding this comment.
I think this should section should really be configure a dependency update tool either renovate or dependabot.
When this was written dependabot was the only one in use. Since then renovate has been used a lot more as it is way more powerful
There was a problem hiding this comment.
I think we all have biases when it comes to choosing our dependency update tool.
Do we really need a "more powerful" tool when a simple one does the trick?
I believe it depends on several factors:
- The complexity of updating certain dependencies
- The maintainers' skills
- The willingness of maintainers to learn a new tool
There was a problem hiding this comment.
Do we really need a "more powerful" tool when a simple one does the trick?
Yes, dependabot doesn't scale. Its fine for simple cases.
I'm not saying prefer renovate here just to give the option.
In terms of this pull request I think removing the blog link and rewording to:
If you have renovate configured there is no need to configure dependabot
Would be good to work renovate.json in, keeping in mind it can be in a number of places and people will put it in different ones
There was a problem hiding this comment.
Whilst I agree the whole Renovate/Dependabot discussion is relevant I think this should be be taken outside this PR because:
- if the user does have something then it is important to not override it.
- if the user does not have anything then they likely do not need the power of renovate, it can be changed at a later time.
- as is this PR would prevent some issues coming up like this where a well intended PR was submitted following these current instructions.
Co-authored-by: James Nord <[email protected]>
As I am new to jenkins, for one of the API plugin I configured the Dependabot as per the documentation.
Whereas plugin were already supporting the Renovate & both do the same job.
Hence adding the note to with details if renovate is not present then only we should configure the dependabot else not.