With this PR, Renovate will default to raising only one major PR at a time. e.g. if you have Webpack 1.x then you will get only one major PR for webpack v3 and not also for v2. set multipleMajorPrs=true to get multiple.
Closes#1101
Before, if current node version was 7 then Renovate would propose upgrades to versions 8 and 9. However, like with npm we should allow upgrades to unstable only if it’s the same major version or if ignoreUnstable is explicitly set to false.
This adds a configuration option unstablePattern - used only by Docker currently - that can be used to define a regex patternt to identify “unstable” versions.
Closes#1035
Remove original getFile, getFileContent, and getFileJson and replace with getFile (which used to be getFileContent.. shortened now for convenience). Also remove unused getSubdirectories functions.
Existing solution uses HTML bodies for PR descriptions, as that was the easiest way to get consistency between GitHub and GitLab. However, VSTS supports only markdown so we needed to refactor how this is done. Now, GitHub PR bodies uses only minimal HTML (for summary/details) while GitLab PR bodies are converted to HTML using GitHub flavoured markdown for maximum compatibility. VSTS will be able to strip out the minimal markdown.
Closes#1018
This PR adds support for 'AS' names in Dockerfiles. e.g. `FROM node:8 AS base`. It also adds logic to detect and ignore - for now - any image sources from custom registries.
This PR refactors the onboarding PR logic into its own subdirectory and redesigns it to use plain markdown instead of html. Plain markdown in PR bodies is a requirement for adding VSTS Support ( #1049 ).
Renovate already detects PRs mistakenly closed during a certain time period when a bug was present. Now, it will rename those so that they are no longer detected and the ignore code does not have to remain indefinitely.
This refactor means that createPr now takes `labels` as a new parameter so that the GitLab API can include them with the MR creation request, so save one API call. This also fixes#985 as a result.
99% of the time we should not Renovate forked repositories. Previously, we skipped onboarding them unless a renovate.json was present. However, that meant that if someone forked a repository where the source was using Renovate, then the fork gets renovated automatically too. After this change, forked repositories need to set renovateFork=true in their renovate.json
Closes#940
BREAKING CHANGE: Forked repositories now need to configure renovateFork=true in renovate.json
Renovate will now check ignorePaths values for either (a) a string match, or (b) glob pattern. e.g. a string of ‘node_modules/‘ will ignore ‘node_modules/foo/package.json’ and ‘backend/node_modules/foo/package.json’ but it will also ignore ‘not_node_modules/foo/package.json` too. Therefore a blog pattern of `**/node_modules/**` is superior.
Closes#1054
BREAKING CHANGE: ignorePaths now supports globs and may match more than before, but that’s probably a good thing.
By defaulting pinVersions to null, this allows Renover to autodetect on a per-package file basis. Users may still manually configure (override autodetection) pinning enabled or disabled via config.
Closes#589
BREAKING CHANGE: Renovate will no longer default to pinning versions - instead it will autodetect whether to pin, unless overrided.
This is instead of autodetecting lib or app during onbiarding. This means some package files might be all pinned while others in the same monorepo can be not. This also simplifies the onboarding logic.
This feature enables docker tag "upgrading". Examples:
- From `node:6` to `node:8`
- From `node:6.10` to `node:6.11`
- From `node:6.11.1` to `node:6.11.3`
- From `node:6.10-onbuild` to `node:6.11-onbuild`
Currently these are disabled by default so they are opt-in, you can enable them by setting e.g. `{ docker: { minor: { enabled: true }, major: { enabled: true }}`
Closes#930
This commonly applies to monorepos where the same dependency may be present in multiple.json files. Instead of using the group name to describe the PR, it uses the dependency name.
Closes#848
Previously, upgrades with failing lock files were not raised as PRs. Usually this is because of missing private module configuration. Now, Renovate will raise a PR but add a comment warning of the error, with the error log. It's raised as a comment because we now won't need to regenerate the lock file error every run, and we don't want to "lose" it if the PR description gets updated.
Closes#600
This is a failsafe against Renovate bugs and potentially also mistakes on the user’s part. Before deleting/pruning any branches, Renovate will rename the PR’s title so that it should not block future PRs.
Closes#989
GitHub provides a tempting “Update branch” button whenever a branch is out of date with master, but the problem was that this then made us flag the branch as modified and hence unrebaseable, so the user would be stuck with keeping it update themselves from then on. With this feature, we ignore the “web-flow” committer when calculcating if there has been only one author.
This feature adds a new behaviour to Renovate, where it will now add a comment to any existing closed PRs that are "blocking" currently valid updates. A new API function "ensureComment" has been added, its purpose is so we can ensure there exists only one comment with a certain subject/heading. This lets us prevent duplicates as well as update existing, without having to keep state about it. ensureComment needs porting to gitlab, but should be quite easy.
Adds paginated results capability for gitlab and enables it for getFileList. This should enable all files when using APIv4.
Hopeful this c-l-o-s-e-s #962 & #968
* refactor: replace github code search with getTree/manual search (#944)
Previously Renovate was using the GitHub code search API once for each filename we are looking for. Instead, we now retrieve a list of files in the repository and cache it so it can be reused for filename matches.
Closes#939
* fix: use recursive=true
* fix: reset fileList for every repo (github)
* feat: implement findFilePaths on gitlab (#945)
* refactor: do not check manually for root package.json
* fix: reset fileList for every repo (gitlab)
* fix tests
From https://developer.github.com/v3/apps/available-endpoints/:
> In order to access the API with your GitHub App, you must provide a custom media type in the `Accept` Header for your requests.
```
application/vnd.github.machine-man-preview+json
```
Previously Renovate was using the GitHub code search API once for each filename we are looking for. Instead, we now retrieve a list of files in the repository and cache it so it can be reused for filename matches.
Closes#939
This feature means that you can configure branches/PRs to automerge, but if status checks fail (preventing automerge) then you can still get assigneed the PR to take action. Previously such PRs remained unassigned because we do not assign automerging PRs by default, to reduce noise.
Closes#722
By default, Renovate will now continue *updating* - but not creating - branches even if off-schedule. This applies to features such as (a) rebasing branches if master changes, (b) updating if new version comes, (c) creating PRs if tests pass, (d) automerging. It is planned that (b) will be configurable in a future feature. To disable this behaviour altogether, set updateNotScheduled to false.
Closes#879
* Revert "feat: support docker and meteor onboarding without npm"
This reverts commit 437145b901.
# Conflicts:
# test/workers/repository/onboarding.spec.js
* chore: downgrade npm cache message from debug to trace
Setting lockFileMaintenance.groupName = null will prevent the case where the user configures a repository groupName like “all” and then that group inherits the schedule of lock file maintenance. Instead, there will be renovate/all and renovate/lock-file-maintenance.
Fixes#885
Having eslint flag prettier "errors" in editors can be rather painful. Also chose against linting staged files for prettier because I like to stage partials. Instead:
- Recommended to use plugins for editors to format on save, e.g. `prettier-atom`
- Prettier will be run as part of `npm test`
Previously, Renovate assumed that any yarn workspaces configuration would be in the root of the repository. Now, workspaces can be located within a subdirectory, e.g. `frontend/`. Note: Renovate still supports only one workspace per repository, please file an issue if you require more than one.
Closes#842
This fix improves the way Renovate detects embedded/installed npm and yarn. It tries:
- locally installed npm or yarn
- npm or yarn embedded inside globally installed renovate
- globally installed npm or yarn
- global `yarn` or `npm` commands as fallback
Fixes#824
- Any package names not matching valid pattern will be rewritten to “dummy”
- “engines” and “scripts” fields will be completely removed
Closes#801, Closes#784
This feature adds initial support for renovating Dockerfiles. Renovate now:
- Detects all `Dockerfile`s in repo
- Searches for `FROM x` in first non-comment line, breaks x into image, tag, digest
- Queries public Docker registry for image:tag combination to find latest digest
- Patches Dockerfile if necessary
- Creates branches/PRs as like with npm
Closes#795
This feature adds support for renovating Meteor's `package.js` files. Meteor config is disabled by default so must be manually enabled to work. If enabled, Renovate uses GitHub's search API to look for any files named `package.js` that include the text `Npm.depends`. If so then the file is parsed using Regex to extract its dependencies and check them for updates.
Closes#785
* add minimatch
* feat: use package names for ignoring when lerna or workspaces
Renovate will now:
- Find all package.json files matching lerna or yarn workspaces glob pattern
- Retrieve package names from within those package.json files
- Implicitly ignore (not renvoate) any of those names
Closes#781
If a repository has a lock file error (e.g. can’t look up a private module) then it will no longer attempt to create every branch. Instead, it will error/exit after the first branch. Additionally, “Pin Dependencies” has been sorted to be first and further branches won’t be added or updated until Pin Dependencies has been merged.
* fix: migrate “every xday” to “on xday”
* fix: do not migrate before and after if before is after after
e.g. do not migrate “after 1am and before 5am”
A new config object `encrypted` can be defined at any level and contain encrypted configuration strings. Initial use is for encrypting an npm token for use with the hosted renovate app.
Closes#650
Renovate config can now support the fields `npmToken`, `npmrc` and `yarnrc`. `npmrc` and `yarnrc` (note no `.` prefix) can be used as an alternative to checking the respective files into the repo and have the same effect. `npmToken` is a shorter alternative and allows for just the npm token to be added, defaulting to the public npm registry.
Previously, the automerge feature was causing some undesirable behaviour when multiple branches were open at the same time. Example: #707. The main problem is that other branches will still be calculated based on the original `package.json` contents and not the post-merge contents. The simplest solution seems to be:
- Stop all subsequent branch processing after any automerge
- Restart repository renovation
This continues until no branch has automerged in a cycle.
Closes#750
We should not leave the PR unopened forever if the branch remains in not-pending state too long. Some status checks may leave the status as “pending” instead of “failed”. Defaults to 12 hours but is configurable.
Closes#747
This feature adds explicit support for correctly generating the yarn.lock file for workspaces. Specifically, it means that the yarn.lock in the root directory is regenerated whenever *any* package.json is modified. Previously lock files were only every updated if its corresponding package.json changes, but that is not the way yarn workspaces works.
Closes#473
The ignoreNodeModules feature is replaced with a generic ignorePaths one and allows any array of strings to be defined and package.json file matching them will be skipped/ignored. Also migrates any existing config/presets.
This is a major refactor of branch code to prepare for Yarn workspaces plus creating PRs for branches with failing lockfiles. Marked as "feature" to cause a minor version bump due to the moderate chance of accidentally breaking something.
tmpDir is now created once per-repository and package.json files are written and lockfiles generated based on the repo's directory structure. This way node_modules can be reused between branches in same run.
Closes#501
This makes for an uglier migration and potentially some redundancy, but is the only easy way to ensure that the migrated behaviour is definitely correct.
Fixes#713
Refactored the `automerge` field to change it to boolean. Existing string will be migrated to new config. Automerging lock files is now possible by adding `”lockFileMaintenance”: { ”automerge”: true}` to config.
Closes#706
This PR implements eslint-inspired shareable configs. With this feature, we:
- Add new config option "extends"
* This is an array of preset config names that the current config or preset extends/inherits from
- Add new config option "description"
* Each preset config should include a description of its functionality that is human-readable
- Provide a set of commonly use configs called "preset defaults"
- Provide two "full" preset configs: "app" and "library"
* Almost the same but app pins *all* version numbers while library only pins devdependencies
- Replace regular config in onboarding with one of these two presets
- Generate human-readable description of config in Onboarding PR
- Support npm for hosting configs (both scoped and non-scoped)
Closes#657, Closes#671, Closes#647
