openverse-frontend icon indicating copy to clipboard operation
openverse-frontend copied to clipboard

Published 20 hours ago verified publisher icon WordPress

Disable Renovate for pnpm dependencies and enable Dependabot instead

Open sarayourfriend opened this issue 3 years ago • 3 comments

Problem

Our renovate configuration is still having trouble with not running the pnpmfile.cjs script and it keeps knocking TypeScript back down to a much older version.

Description

Instead of continuing to tinker with Renovate (which is a distraction at this point), we can just use dependabot for the pnpm dependencies and leave Renovate on for the rest (namely GH actions).

Alternatives

Turn off renovate completely for now and just use dependabot for everything in the frontend with the goal of eventually moving back to Renovate in the future when we have more bandwidth to tinker with the configuration and/or stand up an actual self-hosted Renovate instance for ourselves.

Additional context

Discussed by myself and @obulat here: https://github.com/WordPress/openverse-frontend/pull/1503#issuecomment-1150113610

Implementation

  • [ ] 🙋 I would be interested in implementing this feature.

sarayourfriend avatar Jun 08 '22 19:06 sarayourfriend

I think this is actually high if not critical because renovate opens PRs that are unactionable in the frontend repository like https://github.com/WordPress/openverse-frontend/pull/1502

It hasn't bothered us much yet but given renovate is configured to open update PRs monthly, we will probably get a slew of unactionable update PRs in a few days. This creates noise (which is distracting) and wastes time (because people have to close these PRs).

It's a one line change to at least disable renovate for JavaScript dependencies, even if we don't enable dependabot for them instead.

cc @WordPress/openverse-frontend

sarayourfriend avatar Jun 29 '22 04:06 sarayourfriend

It seems that dependabot still does not support pnpm, see the package-ecosystem options.

There was already an attempt on our part before in #1170.

krysal avatar Jun 29 '22 22:06 krysal

Oh right! That's the whole reason we went with Renovate in the first place :facepalm: Well, at least we can just try to debug renovate against package.json. I think to do that we could open a branch that updates the configuration to always open PRs instead of only monthly and then run the workflow anytime the PR is pushed and continue to debug why the "self-hosted" renovate still isn't running the pnpmfile.cjs...

sarayourfriend avatar Jul 08 '22 00:07 sarayourfriend