Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added note on renovate vs dependabot #7378

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Added note on renovate vs dependabot #7378

Changes from 2 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
ebb7307
Added note on renovate vs dependabot
vwagh-dev Jun 24, 2024
101bea3
added the renovate file path
vwagh-dev Jun 24, 2024
6147a88
Use an admonition
MarkEWaite Jun 25, 2024
a0beb80
Remove www.jenkins.io from the link
MarkEWaite Jun 25, 2024
45578c5
Merge branch 'master' into vwagh_patch
MarkEWaite Jun 25, 2024
5a915d0
Use a full sentence
MarkEWaite Aug 27, 2024
588a47a
Merge branch 'master' into vwagh_patch
MarkEWaite Aug 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions content/doc/developer/publishing/releasing-cd.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,8 @@ IMPORTANT: These files may have been set up this way by the https://github.com/j

=== Configure Dependabot

Note:: If you have a `.github/renovate.json`, do not configure Dependabot. link:https://www.jenkins.io/blog/2023/09/20/renovate-bot-probe-blog[For more details]
Copy link
Contributor

@gounthar gounthar Jun 24, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for this contribution. 👍

We shouldn't be too categorical; perhaps we could propose a discussion with other maintainers to choose the right tool for handling dependency updates.

The long-term goal is to ensure that maintainers are comfortable with the tools they use.

If a maintainer is working alone on a project and prefers Dependabot to Renovate, we should allow them to choose Dependabot and discontinue the use of Renovate.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should section should really be configure a dependency update tool either renovate or dependabot.

When this was written dependabot was the only one in use. Since then renovate has been used a lot more as it is way more powerful

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we all have biases when it comes to choosing our dependency update tool.

Do we really need a "more powerful" tool when a simple one does the trick?

I believe it depends on several factors:

  1. The complexity of updating certain dependencies
  2. The maintainers' skills
  3. The willingness of maintainers to learn a new tool

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we really need a "more powerful" tool when a simple one does the trick?

Yes, dependabot doesn't scale. Its fine for simple cases.

I'm not saying prefer renovate here just to give the option.

In terms of this pull request I think removing the blog link and rewording to:

If you have renovate configured there is no need to configure dependabot

Would be good to work renovate.json in, keeping in mind it can be in a number of places and people will put it in different ones

MarkEWaite marked this conversation as resolved.
Show resolved Hide resolved

If you have a `.github/dependabot.yml`, add:

[source,yaml]
Expand Down