Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Renovate Dependency Updates #359

Open
meme8383 opened this issue Feb 23, 2025 · 5 comments
Open

Renovate Dependency Updates #359

meme8383 opened this issue Feb 23, 2025 · 5 comments

Comments

@meme8383
Copy link
Contributor

I suggest adding a Renovate configuration to the repository for dependency updates to npm packages and GitHub actions. This requires minimal setup once cloned and is very flexible. I'm unsure what the most sane defaults for this would be for this repository, or if there is a reason for not having a dependency bot like Renovate or Dependabot.
@ixartz
Copy link
Owner

ixartz commented Feb 23, 2025

The project used to have an equivalent to Renovate or Dependabot. It was a custom GitHub Actions and run every month. I remove it since it wasn't working well.

I'm totally open to Dependabot since it's integrated with GitHub.

@meme8383
Copy link
Contributor Author

meme8383 commented Feb 24, 2025
edited
Loading

I'd still recommend renovate due to its diverse features and Mend's generous community tier with the Renovate GitHub app. Read here: https://docs.renovatebot.com/bot-comparison/

Have you also considered implementing an npx install script? This would ease setup and could possibly allow users to choose between the bots themselves.

@ixartz
Copy link
Owner

ixartz commented Feb 24, 2025

I check the comparison, but can you explain me in details why you recommend renovate?

I'm considering implement an npx install script. But not a huge fan maintaining all the combinations, Dependabot vs Renovate, Prisma vs Drizzle ORM, Cypress vs Playwright, etc... the combination will increase exponentially and hard to maintain

@meme8383
Copy link
Contributor Author

I just switched to Renovate about a week ago for my work, mainly because it supported uv's lockfile for Python. I'm no expert but for this project, I would prefer it due to its flexibility and default presets. For example, I use the "group all non-major" preset and merge all non-major package updates after it passes my CI, and it also groups monorepos like tailwind by default. Here's one of my repos using it. You can also set it to auto-merge patches. Meanwhile, Dependabot's customization is painful and limited from my experience. I feel like Renovate includes everything from Dependabot and more with minimal setup, and you can also access its logs and available package upgrades on Mend's website for debugging. I agree that including all configurations would be excessive, and as this boilerplate seems to cover every base with the most advanced solution, I imagine Renovate would fit in best, but if you believe GitHub integration is more important then Dependabot is also valid. In terms of setup, both Dependabot and Renovate only need one config file.

@ixartz
Copy link
Owner

ixartz commented Feb 26, 2025

Thank you for sharing your feedback.
I'm definitively considering Renovate/Dependanbot for the project.

And how GitHub and Renovate are connected? Based on my quick research, to connect renovate you need to install a GitHub App, do we have any alternative to connect? Any alternative to https://github.com/apps/renovate

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ixartz @meme8383