feat(packageRules): migrate matchers and excludes #28602
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Previously, config from globalExtends was incorrectly merged _after_ other global config. This meant for example that packageRules in a config.js could not override packageRules from within globalExtends, because they were applied after. Now, globalExtends content will be merged first, and remaining global config merged second. Fixes #28131 BREAKING CHANGE: order of globalExtends resolution is changed so that it is applied first and remaining global config takes precedence.
Previously, the “depName” for pep621 was constructed using groupName/packageName, which in turn meant that the same dependency was upgraded in different branches if it was present in multiple groups. Instead, depName is now set to packageName. This will lead to a change of branch name for pep621 updates. Closes #28131 BREAKING CHANGE: depName for pep621 dependencies changes, which will lead to branch name changes, which will lead to some autoclosing and reopening of PRs.
Previous Gitea implementation used non-standard “token” auth instead of “Bearer”. Gitea supports Bearer al alternate to token since v1.8.0, so it’s safe to make this change now. BREAKING CHANGE: Gitea platfor authentication will now be done using Bearer auth instead of token auth.
Stop publishing -slim Renovate tags - slim is now the default. BREAKING CHANGE: Renovate docker images no longer have -slim tags. Drop the -slim prefix as this is now the default behavior.
… alerts (#25166) Use sanitized depName in vulnerability/remediation branches instead of raw depName. This will result in some open remediation branches being autoclosed and replaced for ecosystems like go in particular which have special characters in depNames. BREAKING CHANGE: Branch names for remediation will be sanitized to exclude special characters, potentially resulting in some autoclosing/replacing of existing PRs.
This option only worked for npm <7, which is now EOL. BREAKING CHANGE: Transitive remediation for npm <7 is no longer supported.
Change onboardingNoDeps from boolean to enum, with new default "auto". Auto means that Renovate will continue skipping repos with no dependencies if autodiscover is in use, but onboarding them if they are explicitly specified in a non-autodiscover mode. Closes #28101 BREAKING CHANGE: onboardingNoDeps changes from boolean to enum. Repositories with no dependencies will be onboarded unless in autodiscover mode.
Removes fallback to checking depName for all matchPackageX and excludePackageX rules. BREAKING CHANGE: matchPackageNames and related functions no longer fall back to checking depName. Rewrite packageRules to use matchDepNames instead.
…for tag lookups (#28400) Changes default Docker Hub lookups from index.docker.io to hub.docker.com, which is more efficient. If you are configuring a Docker Hub token for docker.io then you should now configure it for docker.com as well. Closes #24666 BREAKING CHANGE: Docker Hub lookups prefer hub.docker.com over index.docker.io. Set RENOVATE_X_DOCKER_HUB_TAGS_DISABLE=true in env to revert behavior.
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
|
Blocked by #28591 |
rarkins
changed the title
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
secustor
requested changes
Apr 23, 2024
Previously, config from globalExtends was incorrectly merged _after_ other global config. This meant for example that packageRules in a config.js could not override packageRules from within globalExtends, because they were applied after. Now, globalExtends content will be merged first, and remaining global config merged second. Fixes #28131 BREAKING CHANGE: order of globalExtends resolution is changed so that it is applied first and remaining global config takes precedence.
Previously, the “depName” for pep621 was constructed using groupName/packageName, which in turn meant that the same dependency was upgraded in different branches if it was present in multiple groups. Instead, depName is now set to packageName. This will lead to a change of branch name for pep621 updates. Closes #28131 BREAKING CHANGE: depName for pep621 dependencies changes, which will lead to branch name changes, which will lead to some autoclosing and reopening of PRs.
Previous Gitea implementation used non-standard “token” auth instead of “Bearer”. Gitea supports Bearer al alternate to token since v1.8.0, so it’s safe to make this change now. BREAKING CHANGE: Gitea platfor authentication will now be done using Bearer auth instead of token auth.
Stop publishing -slim Renovate tags - slim is now the default. BREAKING CHANGE: Renovate docker images no longer have -slim tags. Drop the -slim prefix as this is now the default behavior.
… alerts (#25166) Use sanitized depName in vulnerability/remediation branches instead of raw depName. This will result in some open remediation branches being autoclosed and replaced for ecosystems like go in particular which have special characters in depNames. BREAKING CHANGE: Branch names for remediation will be sanitized to exclude special characters, potentially resulting in some autoclosing/replacing of existing PRs.
This option only worked for npm <7, which is now EOL. BREAKING CHANGE: Transitive remediation for npm <7 is no longer supported.
Change onboardingNoDeps from boolean to enum, with new default "auto". Auto means that Renovate will continue skipping repos with no dependencies if autodiscover is in use, but onboarding them if they are explicitly specified in a non-autodiscover mode. Closes #28101 BREAKING CHANGE: onboardingNoDeps changes from boolean to enum. Repositories with no dependencies will be onboarded unless in autodiscover mode.
Removes fallback to checking depName for all matchPackageX and excludePackageX rules. BREAKING CHANGE: matchPackageNames and related functions no longer fall back to checking depName. Rewrite packageRules to use matchDepNames instead.
…for tag lookups (#28400) Changes default Docker Hub lookups from index.docker.io to hub.docker.com, which is more efficient. If you are configuring a Docker Hub token for docker.io then you should now configure it for docker.com as well. Closes #24666 BREAKING CHANGE: Docker Hub lookups prefer hub.docker.com over index.docker.io. Set RENOVATE_X_DOCKER_HUB_TAGS_DISABLE=true in env to revert behavior.
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
# Conflicts: # docs/usage/configuration-options.md # lib/util/package-rules/dep-names.ts # lib/util/package-rules/dep-patterns.spec.ts # lib/util/package-rules/dep-patterns.ts # lib/util/package-rules/index.spec.ts # lib/util/package-rules/package-names.spec.ts # lib/util/package-rules/package-names.ts # lib/util/package-rules/package-patterns.spec.ts # lib/util/package-rules/package-patterns.ts # lib/util/package-rules/package-prefixes.spec.ts # lib/util/package-rules/package-prefixes.ts # lib/util/package-rules/utils.ts
viceice
previously approved these changes
May 5, 2024
secustor
requested changes
May 5, 2024
docs/usage/configuration-options.md
Outdated
Comment on lines
2844
to
2845
| "matchPackagePatterns": ["^angular"], | ||
| "rangeStrategy": "replace" |
There was a problem hiding this comment.
Suggested change
| "matchPackagePatterns": ["^angular"], | |
| "rangeStrategy": "replace" | |
| "matchDatasources": ["npm"], | |
| "matchPackageNames": ["@angular/*", "!@angular/abc"], | |
| "groupName": "Angular" |
The above will group together any npm package which starts with
@angular/except@angular/abc.
https://github.com/renovatebot/renovate/pull/28602/files#diff-be0a39f342380493f17c380bbd694f1f05d18bdd8d7cecf174369084952102deR2851
This does not fit the description
There was a problem hiding this comment.
I thought it does, how come you think why not?
There was a problem hiding this comment.
The description is below not above the code snippet. Notice the The above will prefixes.
Co-authored-by: Sebastian Poxhofer <secustor@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
Migrate matchPackageX and excludePackageX plus associated matchDepX to use matchPackageNames and matchDepNames.
Context
Documentation (please check one with an [x])
How I've tested my work (please select one)
I have verified these changes via: