Added permission checking on `initRepo` which, in case of an error, throws a clear message (`The token doesn't have the write permissions to the repository`)
Closes#509
This PR follows up and fixes#1968
The previous PR didn't behave correctly as it was expecting Github Enterprise to ALWAYS been configured and that the github.com token was available in the `GITHUB_COM_TOKEN` env variable.
But for non GHE project `GITHUB_COM_TOKEN` is not defined and github.com token is available at the `GITHUB_TOKEN` env variable instead.
This updated PR fix this issue and avoid further problems by prioritising `github.com` over GHE.
Now the code is NOOP if no `GITHUB_ENDPOINT` is configured.
If it's configured, instead, now the codes assumes that, by DEFAULT, a dependency is hosted on `github.com` so it removes `GITHUB_ENDPOINT` and use `GITHUB_COM_TOKEN` as Github token immediately.
They are restored only if needed, when a dependency is hosted on the provided GithubEnterprise.
This PR replaces the existing `pinVersions`, `upgradeInRange` and `versionStrategy` settings with a single one: `rangeStrategy`.
Previously:
- `pinVersions` could be `true` or `false`, but defaulted to `null`, which meant that Renovate would decide. `true` meant that Renovate would replace existing ranges like `^1.0.0` with an exact/pinned version such as `1.2.0`.
- `upgradeInRange` could be true or false, default to false. If `true`, it would mean Renovate would replace an existing range like `^1.0.0` with something like `^1.2.0`
- `versionStrategy` could be `replace` or `widen` and was mainly used for `peerDependencies` to widen existing ranges, e.g. from `^1.0.0` to `^1.0.0 || ^2.0.0`
It was possible to set conflicting settings, e.g. configuring `pinVersions=true` and `upgradeInRange=true`.
Now, we combine them into a single setting: `rangeStrategy`:
- `auto` = Renovate decides (this will be done on a manager-by-manager basis)
- `pin` = convert ranges to exact versions
- `bump` = same as `upgradeInRange` previously, e.g. bump the range even if the new version satisifies the existing range
- `replace` = Same as pinVersions === false && upgradeInRange === false, i.e. only replace the range if the new version falls outside it
- `widen` = Same as previous versionStrategy==='widen'
This PR adds support for pip changelog,
unlike npm, I couldn't find a mapping between github and pip other than github being used as the homepage of some projects, if there are other ways of mapping it would be helpful.
Closes#1911
This PR splits the logic behind changelog into manager (npm) and source (github)
the manager provides the repo url + versions
the source consumes the manager info and generates changelog info
Closes#1911
Refactor changelog (commits) logic to separate sources, and remove the `changelog` dependency. Instead of a full copy/paste of commits, a link is now provided to the source repo.
Closes#381
The matchCurrentVersion option sets a range of versions that a package update can be in. If the package's current version doesn't satisfy the matchCurrentVersion range, it won't match the rule.
Closes#1771
This PR refactors `branchName`, `commitMessage` and `prTitle` so that they are more easily editable and hopefully more understandable. By breaking each up into subsections, users can modify one part without needing to copy/paste the entire string.
Directly editing any of these fields will now be deprecated and a warning issued.
Adds a field `depTypeList` to `packageRules`, enabling rules for packages to be applied for any `depType`. Config objects `dependencies`, `devDependencies` and `peerDependencies` will be deprecated in favour of this new approach.
Closes#1807
Changes the default onboarding config from `{ extends: [‘config:base’] }` to `{}` (empty). Self-hosted bot users can add it back by configuring `onboardingConfig` in `config.js` or env. Doing this makes the bot less “opinionated” by default and more convenient for self-hosted users, who can configured everything in config.js or env now.
Closes#1554
BREAKING CHANGE: onboarding config now defaults to empty config instead of config:base. Self-hosted users need to add it back if they with to retain it as default suggested config.
This hopefully gives a better chance of GitHub being able to finish computing the new mergeability status, and reduces the chance of a race condition.
Closes#1617
Improves changelog detection algorithm to look for different upper/lower case options as well as alternative filenames like `History.md`.
Resolves#1754
Adds an option “updateLockFiles” which defaults to true. Setting to false means that updating lock files (e.g. package-lock.json, yarn.lock and shrinkwrap.yaml) will be skipped. The main reason for doing this is for repositories that use a dependency we can’t resolve, so that they can keep updating the package.json without lock file.
