This fix improves the way Renovate detects embedded/installed npm and yarn. It tries:
- locally installed npm or yarn
- npm or yarn embedded inside globally installed renovate
- globally installed npm or yarn
- global `yarn` or `npm` commands as fallback
Fixes#824
- Any package names not matching valid pattern will be rewritten to “dummy”
- “engines” and “scripts” fields will be completely removed
Closes#801, Closes#784
This feature adds initial support for renovating Dockerfiles. Renovate now:
- Detects all `Dockerfile`s in repo
- Searches for `FROM x` in first non-comment line, breaks x into image, tag, digest
- Queries public Docker registry for image:tag combination to find latest digest
- Patches Dockerfile if necessary
- Creates branches/PRs as like with npm
Closes#795
This feature adds support for renovating Meteor's `package.js` files. Meteor config is disabled by default so must be manually enabled to work. If enabled, Renovate uses GitHub's search API to look for any files named `package.js` that include the text `Npm.depends`. If so then the file is parsed using Regex to extract its dependencies and check them for updates.
Closes#785
* add minimatch
* feat: use package names for ignoring when lerna or workspaces
Renovate will now:
- Find all package.json files matching lerna or yarn workspaces glob pattern
- Retrieve package names from within those package.json files
- Implicitly ignore (not renvoate) any of those names
Closes#781
If a repository has a lock file error (e.g. can’t look up a private module) then it will no longer attempt to create every branch. Instead, it will error/exit after the first branch. Additionally, “Pin Dependencies” has been sorted to be first and further branches won’t be added or updated until Pin Dependencies has been merged.
* fix: migrate “every xday” to “on xday”
* fix: do not migrate before and after if before is after after
e.g. do not migrate “after 1am and before 5am”
A new config object `encrypted` can be defined at any level and contain encrypted configuration strings. Initial use is for encrypting an npm token for use with the hosted renovate app.
Closes#650
Renovate config can now support the fields `npmToken`, `npmrc` and `yarnrc`. `npmrc` and `yarnrc` (note no `.` prefix) can be used as an alternative to checking the respective files into the repo and have the same effect. `npmToken` is a shorter alternative and allows for just the npm token to be added, defaulting to the public npm registry.
Previously, the automerge feature was causing some undesirable behaviour when multiple branches were open at the same time. Example: #707. The main problem is that other branches will still be calculated based on the original `package.json` contents and not the post-merge contents. The simplest solution seems to be:
- Stop all subsequent branch processing after any automerge
- Restart repository renovation
This continues until no branch has automerged in a cycle.
Closes#750
We should not leave the PR unopened forever if the branch remains in not-pending state too long. Some status checks may leave the status as “pending” instead of “failed”. Defaults to 12 hours but is configurable.
Closes#747
This feature adds explicit support for correctly generating the yarn.lock file for workspaces. Specifically, it means that the yarn.lock in the root directory is regenerated whenever *any* package.json is modified. Previously lock files were only every updated if its corresponding package.json changes, but that is not the way yarn workspaces works.
Closes#473
The ignoreNodeModules feature is replaced with a generic ignorePaths one and allows any array of strings to be defined and package.json file matching them will be skipped/ignored. Also migrates any existing config/presets.
This is a major refactor of branch code to prepare for Yarn workspaces plus creating PRs for branches with failing lockfiles. Marked as "feature" to cause a minor version bump due to the moderate chance of accidentally breaking something.
tmpDir is now created once per-repository and package.json files are written and lockfiles generated based on the repo's directory structure. This way node_modules can be reused between branches in same run.
Closes#501
This makes for an uglier migration and potentially some redundancy, but is the only easy way to ensure that the migrated behaviour is definitely correct.
Fixes#713
Refactored the `automerge` field to change it to boolean. Existing string will be migrated to new config. Automerging lock files is now possible by adding `”lockFileMaintenance”: { ”automerge”: true}` to config.
Closes#706
This PR implements eslint-inspired shareable configs. With this feature, we:
- Add new config option "extends"
* This is an array of preset config names that the current config or preset extends/inherits from
- Add new config option "description"
* Each preset config should include a description of its functionality that is human-readable
- Provide a set of commonly use configs called "preset defaults"
- Provide two "full" preset configs: "app" and "library"
* Almost the same but app pins *all* version numbers while library only pins devdependencies
- Replace regular config in onboarding with one of these two presets
- Generate human-readable description of config in Onboarding PR
- Support npm for hosting configs (both scoped and non-scoped)
Closes#657, Closes#671, Closes#647
It was a mistake to enable this feature by default, and should be disabled. A check has been made to set the status to “success” if it was previously “pending” and the setting is now false. This should also cover the case when someone enables it and then disables it.
Fixes#667
Repository initialisation is refactored so that all package files and their content is retrieved up-front before an renovating begins. This allows us to know both how many package files as well as determine if there is renovate json in a package.json before triggering the onboarding PR.
Closes#634
Renovate now adds a status check renovate/unpublish-safe that has the following behaviour:
If any upgrade in the branch is < 24 hours old then the status check state is "pending"
If all upgrades in the branch are 24 hours or more old then the status check state is "success"
This is able to be disabled via a new option "unpublishSafe".
Closes#494
No need for {{semanticPrefix}} to be specified in templates now - it will be implicitly added to start of commit message and PR titles if semanticCommits=true
depTypes configuration is now refactored from being an array of strings/objects to having each type of dep (`dependencies`, `devDependencies`, `optionalDependencies`, `peerDependencies`) be a first class object in the namespace. The "old" way of configuring is still supported but is transformed using a migrateConfig script. Later, PRs will be raised to impacted repositories to suggest the new config.
This PR adds explicit patch support. A user can set `separatePatchReleases` to true and receive not only major/minor updates but also patch updates separately. This functionality is also implicitly enabled if `automerge` is set to `patch`.
This PR also enables separate major/minor/patch configuration, e.g. config overrides for major versions, for patch versions, etc. `branchName` is currently overridden for patch branches using this technique.
Closes#390, Closes#538
GitHub attempts to autolink any @user mention and this causes problems when we use scoped npm modules like `@types/gulp`. This escapes such package names with a zero width space to fool GitHub’s parser.
Fixes#518
This feature is particularly useful in the case that renovate is enabled on all repositories a user/account has. Many of those might be forks, and it makes no sense to renovate those by default. Instead, Renovate will skip over forked repositories unless a renovate.json has been added to their root.
Also, Renovate will now prune branches after deciding to skip a repository, whether because of a fork or disablement.
Closes#541
This PR adds detection and log warnings for the following config validation errors:
- Unknown config option (e.g misspelling of a valid config option)
- Config option is a wrong type (e.g. string instead of boolean)
It does *not* propagate this warning to the user (i.e. in onboarding or PRs) yet due to the high chance that we'll find a false negative. I will watch logs for a week or so and then once happy with results will activate user-visible warnings via #556.
Closes#548, Closes#555
If a `lerna.json` is present in the root of the repository, then Renovate will automatically ignore (i.e. not renovate) all package names found in the `packages/*` path. It does not require an explicit configuration to work.
We now check branch protection configuration for the repository's base branch to see if branches must be kept up-to-date. If so then we check Renovate branches for rebasing even if rebaseStalePrs is not set to true.
Closes#524
We should not rebase stale PRs if they have been edited any anyone. This adds a check from the PR to see if it can be rebased. If no PR then we assume we can - nobody should be editing our branches directly without PR.
Closes#525
Renovate now uses an embedded yarn binary. This way, the version of yarn used can be known + there is no requirement for Renovate admins to install yarn separately.
This removes the need to JSON.stringify() objects in logs. Default bunyan fields plus our custom meta fields are stripped out, and everything else is stringified in the details field.
Closes#498
GitHub incorrect assumes these #12345 issue numbers refer to the *local* repo, not the source. Adding ` ` should prevent that auto-hyperlinking.
Closes#489
Previously, when someone declared a repository groupName such as “All”, it resulted in lock file maintenance updates being grouped together as well. This is undesirable, especially if the All group then inherits the lock file maintenance schedule.
Fixes#483
Adding hyperlinks to all #12345 issues/PRs in upstream dependencies causes undesirable noise for maintainers of those repositories.
Now, such hyperlinking is done only for private repos as that won’t result in the same GitHub annotations.
Closes#478
Renovate will now ignore any package.json files found within node_modules folders, with the option to disable this functionality by setting config.ignoreNodeModules=false.
This allows for improvements to renovate’s default renovate.json to be passed on to users who haven’t merged or modified their Configure Renovate PR.
Closes#465
Schedule logic has been refactored to enable the pruning of all orphan branches.
Now, schedules aren't checked at package-time, instead package upgrades are queued regardless of schedule.
At branch time, it is checked whether the *branch* is scheduled and then the branch is not created/updated if it's off-schedule.
This enables the repository worker to know all possible branches and hence be able to determine which remaining branches in the repository are "orphans" to be deleted.
Closes#428, Closes#426
All PRs/branches will be shown in onboarding even if they have been scheduled for another day or time, providing a "full view" in the onboarding.
Closes#429
Collaborator
rarkins commented 14 hours ago
Base branch for Pull Requests is now configurable via a new baseBranch configuration option. To take effect, this much be present in the default branch (e.g. master in most cases) so that it can be discovered and used. See FAQ for more details.
Closes#443
A separate routine is run after branch creation to detect any branches that should be deleted. A branch will be removed if:
- It was not created by renovate in the last run, AND
- It has no PR, or its corresponding PR is not mergeable
Closes#426, Closes#428
This starts off [#359](https://github.com/singapore/renovate/issues/359) (configurable status checks) but only implements one sub-feature of it: disabling status checks to allow automerge if tests fail or if no tests are present.
Warnings and Errors are bubbled up when renovating a repository, together with the existing upgrades. The Onboarding PR ("Configure Renovate") now displays them and encourages the user to fix before merging/closing the PR.
Closes#414
This changes how group are configured to align with the new lock file configuration.
BREAKING CHANGE: old group* template options are no longer supported but can be migrated into group object
This feature now allows a custom schedule to be defined for lock file maintenance. It is now enabled by default but runs only before 5m on Sundays. Closes#399
BREAKING CHANGE: lock file maintenance is enabled by default.
Rules will apply to both yarn and npm (npm is yet to be implemented however). Existing mainainYarn* variables are removed and replaced by new lockFileMaintenance object.
This PR adds a scheduling feature, including timezone support.
It's described in detail in the FAQ, but the summary is:
* Timezones can be defined so that schedules are written in timezone of target repository
* Schedules can be written in "plain english"
* Multiple schedules allowed
* Schedules can be defined all the way down to package level
Closes#387
Add support for automerging without PR, Closes#177
* update definitions and docs
* Add mergeBranch api
* support merge commit
* set automergeType
* Update API
* Refactor merge commit
* branch-push working
* Refactor branch
* Add back base tree
* Fix failing tests
* Update definitions and docs
* Fix automerge logic
* Test isBranchStale
* start mergeBranch test
* test mergeBranch branch-push throws
* more tests
* test unknown commit type
* pr tests
* Detect automerge in versions helper
* update tests for new automergeEnabled flag
* refactor pr logic
* complete pr worker tests
* branch automerge tests
* Update docs
* refactor branch automerge check
Closes#31
* Add config.pinVersions
* Check config.pinVersions before pinning
* Fix no pinning
* Add tests for existing functionality
* Add test for new feature
* Add semver-utils
* Supports tilde ranges
* Add tests for tilde and caret
* Add support for lesser than ranges
* Document range upgrade logic
* Support shorthand and .x ranges
* Refactor upgrade logic
* Simplify refactor
* revert test change
* Add isRange and update PR title template
* Refactor major/minor
* Refactor isRange
* Refactor newRange
* Use lodash for rejecting pin
* Revert "Use lodash for rejecting pin"
This reverts commit 7f0b704bbf.
* Fix major check
* Use lodash for rejecting
* Use lodash map
* rename
* Refactor mapping
* Refactor test config
All promise syntax has been replaced with async/await.
`renovate` is now transpiled with `babel` to a `dist/` folder, which is the target of `main` and `start` in `package.json` now.
`renovate` can be run in `node.js` v7 without transpilation using `npm run start-raw`
Closes#77
Closes#55
commit 4914c5bbf401711b61d9a54330532175a51a167c
Author: Rhys Arkins <rhys@keylocation.sg>
Date: Tue Jan 17 12:45:45 2017 +0100
Update debug
commit 55c8307381397399afda01038b6c50416cba27a3
Author: Rhys Arkins <rhys@keylocation.sg>
Date: Tue Jan 17 12:44:08 2017 +0100
Ignore versions newer than “latest”
commit 8aa3e7daa937c0d86f89e1d704853ebee46a54a8
Author: Rhys Arkins <rhys@keylocation.sg>
Date: Tue Jan 17 11:17:31 2017 +0100
Ignore futures if current is not future
