This PR splits the logic behind changelog into manager (npm) and source (github)
the manager provides the repo url + versions
the source consumes the manager info and generates changelog info
Closes#1911
Adds a link to the latest version notes in the PR body, as well as a source compare link for all commits between the current version and the new version.
Closes#1876
Refactor changelog (commits) logic to separate sources, and remove the `changelog` dependency. Instead of a full copy/paste of commits, a link is now provided to the source repo.
Closes#381
Renovate now comes with a variety of package managers supported, each with their own filename pattern(s). These patterns are now exposed for user configuration through the new `fileMatch` list/array configuration option, which has been added to each manager (npm, bazel, docker-compose, etc). `fileMatch` is defined as a mergeable list, meaning that users can add to the default pattern to extend the files being detected.
Closes#799
Rules for dep types (e.g. dependencies, devDependencies, peerDependencies, optionalDependencies) should now be done with `packageRules` and the `depTypeList` selector
This PR adds basic support for requirements.txt. Currently it works on fully specified (pinned) versions only, so is disabled by default. Enable it by setting `pip_requirements.enabled = true` in config.
This PR adds initial support for buildkite plugin renovation.
It supports `plugin-name` or `my/plugin-name` plugins, and fully specified semver versions only (e.g. `v1.3.2`). Currently it will always propose an upgrade to the latest version available, e.g. if current version is v1.3.1 and both v1.3.2 and v2.0.0 exist then v2.0.0 will be proposed. Looks for any yml file in the `.buildkite/` directory.
Closes#1869
The matchCurrentVersion option sets a range of versions that a package update can be in. If the package's current version doesn't satisfy the matchCurrentVersion range, it won't match the rule.
Closes#1771
This PR refactors `branchName`, `commitMessage` and `prTitle` so that they are more easily editable and hopefully more understandable. By breaking each up into subsections, users can modify one part without needing to copy/paste the entire string.
Directly editing any of these fields will now be deprecated and a warning issued.
packageRules selectors should only ever be inside a packageRule object, or at the top level of a preset. This feature enforces this rule with a validation check.
Closes#1773
Adds a field `depTypeList` to `packageRules`, enabling rules for packages to be applied for any `depType`. Config objects `dependencies`, `devDependencies` and `peerDependencies` will be deprecated in favour of this new approach.
Closes#1807
Merges any static config from config.js with repositories list that is autodiscovered.
BREAKING CHANGE: Repositories in config.js will have their config combined with the autodiscover list and a warning if any statically configured repositories are not found.
No longer defaults to supportPolicy=[‘lts’] when supportPolicy is undefined.
BREAKING CHANGE: If you wish to use travis with supportPolicy=lts, then you need to explicitly set that in node or travis config.
Change default of pinVersions from null (autodetect) to false. Note: The preset “config:base” still reverts this to null/autodetect.
BREAKING CHANGE: pinVersions defaults to false. To switch back to autodetect, use preset “:autodetectPinVersions”, which is already included within “config:base”.
Removes hardcoded “fix” commitType from dependencies. Doing so allows for easier overriding without requiring complicated/deep presets or config.
BREAKING CHANGE: dependencies default semantic commit type now uses main config commit type (chore)
Changes the default onboarding config from `{ extends: [‘config:base’] }` to `{}` (empty). Self-hosted bot users can add it back by configuring `onboardingConfig` in `config.js` or env. Doing this makes the bot less “opinionated” by default and more convenient for self-hosted users, who can configured everything in config.js or env now.
Closes#1554
BREAKING CHANGE: onboarding config now defaults to empty config instead of config:base. Self-hosted users need to add it back if they with to retain it as default suggested config.
This hopefully gives a better chance of GitHub being able to finish computing the new mergeability status, and reduces the chance of a race condition.
Closes#1617
Improves changelog detection algorithm to look for different upper/lower case options as well as alternative filenames like `History.md`.
Resolves#1754
Adds support for renovating Docker Compose files (e.g. `docker-compose.yml`). Functionality is essentially the same as the existing `Dockerfile` capabilities, so config for `docker` is shared with `docker-compose` but may also be overridden.
Merging as disabled by default - will wait for some opt-in testing before turning it on by default.
Closes#832
It seems that npm is able to update a lock file even if some of the non-updated deps can not be found. So the renovate halt and warning is only needed if a yarnLock file is present.
Adds support for custom docker registries. To work (for now), registries must support anonymous public access to their v2 API. Tested against quay.io and gcr.io, including tags pagination for quay. Also needed to add a 10s timeout for registry queries to catch private/firewalled registries that we can't access.
Closes#797
If an npm dependency can’t be found, and the package.json has a lock file, then Renovate will encounter lock file errors every time *any* dependency in that package.json has an update. Instead of raising PRs with an error, we instead now stop raising PRs and instead raise a config warning issue. Users can “dismiss” this by setting config option `updateLockFiles` to false.
Closes#1697
Adds an option “updateLockFiles” which defaults to true. Setting to false means that updating lock files (e.g. package-lock.json, yarn.lock and shrinkwrap.yaml) will be skipped. The main reason for doing this is for repositories that use a dependency we can’t resolve, so that they can keep updating the package.json without lock file.
`Adds a config validation check for timezone, checking it against the list in moment-timezome.js`. Configs with invalid timezones will raise a configuration error.
Closes#1483
Upgrade ranges to latest version even if latest version satisfies existing range.
| name | value |
| ------- | ------- |
| type | boolean |
| default | false |
By default, Renovate assumes that if you are using ranges then it's because you want them to be wide/open. As such, Renovate won't deliberately "narrow" the range by increasing the semver value inside.
For example, if your `package.json` specifies a value for `left-pad` of `^1.0.0` and the latest version on npmjs is `1.2.0`, then Renovate won't change anything. If instead you'd prefer to be updated to `^1.2.0` in cases like this, then set `upgradeInRange` to `true` in your Renovate config.
This feature supports simple caret (`^`) and tilde (`~`) ranges only, like `^1.0.0` and `~1.0.0`. It is not compatible with `pinVersions=true`.
Closes#1607
Adds initial support for `.nvmrc` renovation. If the existing value is a fully-specified semver version then it will be upgraded, otherwise left alone.
Closes#1270
A semver range defining allowed versions for dependencies
| name | value |
| ---- | ------ |
| type | string |
Use this - usually within a packageRule - to limit how far to upgrade a dependency. For example, if you wish to upgrade to angular v1.5 but not to `angular` v1.6 or higher, you could defined this to be `<= 1.5` or `< 1.6.0`:
```
"packageRules": [{
"packageNames": ["angular"],
"allowedVersions": "<=1.5"
}]
```
in GitLab, a PR may be open while the branch itself has been removed. We cant just assume that the branch exists because the PR does, even if it’s an edge case.
Before, we were attempting to rebase edited branches if renovate.json was the only modified file. This “lost” the committer information - which seemed ok - but it also meant that on the subsequent run it then assumed Renovate was the only committer. Now we don’t rebase edited onboarding branches anymore.
Closes#1360
Adds configuration option `onboardingConfig` that allows the default onboarding config to be extended or replaced via `config.js` or env configuration.
Closes#1521
* Revert "fix: disable reusing existing package-lock.json when upgrading (#1530)"
This reverts commit 2728e39963.
* switch from —package-lock-only to —ignore-scripts
Removing `--package-lock-only` option from npm installs due to https://github.com/npm/npm/issues/19852
Pretty sure this fixes#1495
Adds support for upgrading `node` version in `package.json` > `engines` if the current version is pinned.
- Does not convert from range to pin
- Ignores ranges
- Does not upgrade major versions
Allow the `gitAuthor` configuration option to override the committer
property when creating or updating a file within GitLab. Port of #1280
which introduced the same capability for GitHub.
Closes#1281
Signed-off-by: Adam Moss <adam.moss@bcs.org.uk>
Adds support for running `lerna bootstrap` instead of `npm install` or `yarn install` (without Workspaces), hence allowing support of internally-linked dependencies.
Closes#1441, Closes#1443
Previously, our GitLab API library was checking if a a branch existed first before trying to create it. But due to caching, a branch we'd deleted ourselves still showed up as existing, so then there was no branch to update the files in. Skip this check and use try/catch for creating branch instead.
Fixes#1468
Detects and embeds release notes found on GitHub when an npm dependency specifies a GitHub repository as its source and that repository has made use of the "Releases" feature.
If a dependency has name starting with `@types/` and no repository url returned from the npmjs query, we manually set a URL pointing to the DefinitelyTyped repository.
Adds a new feature to limit the number of concurrent branches/PRs to have open at any one time. Defaults to 0 (disabled), set it to a positive integer to enforce that limit.
If a packageRule is missing packageNames AND missing packagePatterns, then we should match by default. This allows users to define a single “exclude” rule without needing to add a catchall include rule (e.g. `packagePatterns”: [“.*”]`)
When package-lock.json or yarn.lock files are present, and Renovate needs to “pin” any dependencies (e.g. after onboarding), it will use whatever version is in the lockfile rather than the latest version on npm js that satisfies the semver range. This should increase the chance that Pin Dependencies PRs pass tests, as it should use as close as possible dependencies as the previous time the lock file was committed to master. Thanks to @alexeagle for first suggesting this.
Closes#1362
Adds a `renovate/verify` status check for those migrating and looking for familiarity. Better to check the GPG verified commit, as mentioned in the associated doc.
Adds a config option to bot administrators called `exposeEnv`, for cases where repositories are trusted. If set to true, the bot's full `process.env` can be used for `.npmrc` variable substitution and is passed to child processes when generating lock files. Disabled by default, including in the App.
Adds new config option `versionStrategy` that allows config to override Renovate’s autodetection of when to “widen” an existing semver range, and when to “replace”.
Adds support for ranges, such as `”1.x - 2.x”`. Adds support for widening .x ranges, e.g. `”1.x || 2.x”` becomes updated to `”1.x || 2.x || 3.x”`.
Closes#687
Adds support for "less than" semver, and for complex semver values that end in "less than" e.g. ">= 1.0.0 < 2.0.0". Also supports complex semver values that end in "less than or equal to", although they make a lot less sense, e.g. ">= 1.0.0 <= 2.0.0".
Closes#1433
Changes the way Renovate treats renovate config inside `package.json` files. Before, config used to be applied only to that particular file, meaning that it was not applied for the rest of a monorepo, or for other package managers like Docker. Now, any `renovate` section inside the repository’s root `package.json` will be applied globally, just the sams as if it were contained within a `renovate.json` file. This means there is no longer any case where you *must* have a `renovate.json` file instead of `package.json`.
Closes#1323
BREAKING CHANGE: renovate config in `./package.json` is now applied to whole repository, and renovate config inside non-root `package.json` files is now ignored.
Renovate now aborts processing of repositories if for any 4xx responses except 401 and 404, and also for 200 OK responses which are unparseable.
Closes#1341
Adds a new configuration option that allows you to bump the version number in the package.json being updated. e.g. you might configure Renovate to bump a patch every time, or maybe for dependencies only and not devDependencies. e.g. if you configure `"bumpVersion": "patch"` then a Renovate PR updating a `package.json` that used to be version `1.2.1` will now see it updated to `1.2.2` (in addition to the dependency version(s) being updated too). Thanks to @gunar for the feature suggestion.
Closes#861
This PR adds the capability to renovate more than one base branch at a time. For instance, a project may have their released `3.x` version on `master`, while an upcoming `4.x` is being prepared using branch `next`. `4.x` might have a quite different set of dependencies (e.g. some removed or some added) so it's not appropriate to only target `master` and keep rebasing, as it will get messy. Instead, it's necessary to target both `master` and `next` to keep both updated.
Closes#1279
By stripping ‘types/ from the branch name, package x and @types/x then become automatically combined in the same PR. We then massage it a little to ensure the decription for the non-types package is used, and a note added saying that types is included.
Closes#1365
commit 7e15d3d488c927df2f11f728f35d493e2821477d
Author: Rhys Arkins <rhys@arkins.net>
Date: Wed Jan 10 14:26:44 2018 +0100
Revert "refactor: use _auth= when migrating npm tokens"
This reverts commit 4a2fdd0477.
Adds new configuration option “pathRules”. pathRules is an array of path rules. Each rule should contain a “paths” array which uses string or glob matching like the existing ignorePaths. If any of the paths in a rule matches a packageFile then the remaining configuration from the rule is applied to the packageFile.
Previously, Renovate would attempt to keep a branch up to date even if users had edited it. e.g. adding commits on top of the existing branch if newer versions were released. Now, Renovate adds a warning comment if a user has edited a branch, making it clear that responsibility for the branch is over to them and how they can undo this.
Closes#653
When 404 or 422 errors are encountered writing updates, Renovate will now restart in an attempt to fix it. Usually this is because branches/PRs have been edited or closed while Renovate is running.
Closes#1299
This PR adds new checks that:
- Website configuration options are listed in alphabetical order
- Every relevant configuration option in source code is documented on the website
Website docs have been updated accordingly to pass.
Closes#543, Closes#1310
To prevent PRs being opened prior to the `unpublishSafe` check having
transitioned from `pending` to `success`, when using `not-pending`
mode.
Fixes#1312.
Previously, if someone updated a package.json to include invalid JSON, Renovate fails to parse it (as expected), so ignores it. As a result, any existing PRs would be autoclosed. Instead, Renovate will now skip the repository and raise a warning issue until the file parsing is complete or the file is added to Renovate’s ignore list.
This PR updates Renovate to detect config validation problems and (1) stop processing, and (2) either raise an Issue if already onboarded, or (2) update the onboarding PR to reflect the error if still onboarding.
Closes#1300
This reverts commit 4f65356ba4.
I will attempt to merge npmrc configs a different way, as npm itself does not support merging cascaded configs (it finds the most specific one and just uses it).
Rename writeToken to forkToken to make it clearer. This enables GitHub API to use one token for all reads, and another token just for writing to the forked repository.
This PR adds the capability to run Renovate in a new "fork mode". This new mode must be configured by the Renovate admin, and cannot be configured within repositories themselves (for now). Example use: `renovate --autodiscover --fork-mode`
In this mode:
* Renovate will fork the repository if necessary (first run only)
* If the fork already existed, Renovate will ensure that its base branch is up to date with the source repository's
* Branches will be created within the fork, PRs will be created in the source
This feature enables signing of git commits on GitHub. To achieve this, Renovate must be configured with a gitPrivateKey in format supported by openpgp. There must also be a gitAuthor configured to enable this feature.
Closes#897
This PR adds the capability to specify a custom author for git commits on GitHub. Setting this field will mean GitHub uses this value for author and commit instead of the token’s identity. For instance if you are running hosted mode you may set the gitAuthor to “Renovate Bot <bot@renovate.com>” to have commits appear as coming from the renovate-bot account.
This PR adds support for bazel WORKSPACE package files, as suggested https://github.com/alexeagle/angular-bazel-example/issues/17#issuecomment-349167982
Renovate will:
1. Detect `WORKSPACE` files anywhere in the repository
2. Look for all `git_repository()` sections in the file
3. Extract any dependencies with name, remote and tag values
4. Look up any dependencies that (a) have a github https remote, and (b) a valid semver as tag
5. Update the tag to the latest available
This PR adds support for renovating the `node_js` versions in `.travis.yml` configuration files. Important notes:
- Functionality is disabled by default and hence opt-in via configuration
- Added a new manager type `node` because it is anticipated to support more than just Travis in future, with mostly unified logic
- Added the config option "policy" with supported values: lts, active, current, lts_latest and lts_active
- Policy is actually an array, to allow additive combining, e.g. `["lts_latest", "current"]`
- Actual node versions are *hardcoded*. There is no perfect metadata source for this and they change infrequently enough that it is definitely not a problem for now (next change will be in April 2018)
- If node versions need updating, they are listed from newest to oldest
- Replacing function attempts to detect the indention (spacing) in file and use that
To enable, configure `node.enabled=true` and optionally `node.policy=["<policy>"]` if you want something other than `lts`.
Closes#1208
If we have in a package.json links to some local lib file:../path/to/folder
Then the local lib package.json will be copied to the tmp folder to be able to generate the right yarn lock file. This is not working with tgz files, only folder reference.
Closes#1215
This PR refactors the npm registry code to use `make-fetch-happen` instead of got. Additionally, it will use `cacache` for a disk-based caching solution.
Previously, packages within a workspace or lerna project were ignores across the entire repo. Now, they are only ignored within package files that exist in the same lerna project or yarn workspace.
Closes#1147
Previously, Renovate's "Configure Renovate" onboarding branch would never get rebased after it was created. Now, it will be rebased every time the base branch is updated, unless the list of modified files is more than `renovate.json` alone.
Closes#1111
GitLab’s API requires assignee *id* and not *username* when adding assignees to a merge request. Now, we allow Renovate users to still configure usernames and we will look up the ID and use it in the request instead.
Closes#1131
With this PR, Renovate will default to raising only one major PR at a time. e.g. if you have Webpack 1.x then you will get only one major PR for webpack v3 and not also for v2. set multipleMajorPrs=true to get multiple.
Closes#1101
Before, if current node version was 7 then Renovate would propose upgrades to versions 8 and 9. However, like with npm we should allow upgrades to unstable only if it’s the same major version or if ignoreUnstable is explicitly set to false.
This adds a configuration option unstablePattern - used only by Docker currently - that can be used to define a regex patternt to identify “unstable” versions.
Closes#1035
Remove original getFile, getFileContent, and getFileJson and replace with getFile (which used to be getFileContent.. shortened now for convenience). Also remove unused getSubdirectories functions.
Existing solution uses HTML bodies for PR descriptions, as that was the easiest way to get consistency between GitHub and GitLab. However, VSTS supports only markdown so we needed to refactor how this is done. Now, GitHub PR bodies uses only minimal HTML (for summary/details) while GitLab PR bodies are converted to HTML using GitHub flavoured markdown for maximum compatibility. VSTS will be able to strip out the minimal markdown.
Closes#1018
This PR adds support for 'AS' names in Dockerfiles. e.g. `FROM node:8 AS base`. It also adds logic to detect and ignore - for now - any image sources from custom registries.
This PR refactors the onboarding PR logic into its own subdirectory and redesigns it to use plain markdown instead of html. Plain markdown in PR bodies is a requirement for adding VSTS Support ( #1049 ).
Renovate already detects PRs mistakenly closed during a certain time period when a bug was present. Now, it will rename those so that they are no longer detected and the ignore code does not have to remain indefinitely.
This refactor means that createPr now takes `labels` as a new parameter so that the GitLab API can include them with the MR creation request, so save one API call. This also fixes#985 as a result.
99% of the time we should not Renovate forked repositories. Previously, we skipped onboarding them unless a renovate.json was present. However, that meant that if someone forked a repository where the source was using Renovate, then the fork gets renovated automatically too. After this change, forked repositories need to set renovateFork=true in their renovate.json
Closes#940
BREAKING CHANGE: Forked repositories now need to configure renovateFork=true in renovate.json
Renovate will now check ignorePaths values for either (a) a string match, or (b) glob pattern. e.g. a string of ‘node_modules/‘ will ignore ‘node_modules/foo/package.json’ and ‘backend/node_modules/foo/package.json’ but it will also ignore ‘not_node_modules/foo/package.json` too. Therefore a blog pattern of `**/node_modules/**` is superior.
Closes#1054
BREAKING CHANGE: ignorePaths now supports globs and may match more than before, but that’s probably a good thing.
By defaulting pinVersions to null, this allows Renover to autodetect on a per-package file basis. Users may still manually configure (override autodetection) pinning enabled or disabled via config.
Closes#589
BREAKING CHANGE: Renovate will no longer default to pinning versions - instead it will autodetect whether to pin, unless overrided.
This is instead of autodetecting lib or app during onbiarding. This means some package files might be all pinned while others in the same monorepo can be not. This also simplifies the onboarding logic.
This feature enables docker tag "upgrading". Examples:
- From `node:6` to `node:8`
- From `node:6.10` to `node:6.11`
- From `node:6.11.1` to `node:6.11.3`
- From `node:6.10-onbuild` to `node:6.11-onbuild`
Currently these are disabled by default so they are opt-in, you can enable them by setting e.g. `{ docker: { minor: { enabled: true }, major: { enabled: true }}`
Closes#930
This commonly applies to monorepos where the same dependency may be present in multiple.json files. Instead of using the group name to describe the PR, it uses the dependency name.
Closes#848
Previously, upgrades with failing lock files were not raised as PRs. Usually this is because of missing private module configuration. Now, Renovate will raise a PR but add a comment warning of the error, with the error log. It's raised as a comment because we now won't need to regenerate the lock file error every run, and we don't want to "lose" it if the PR description gets updated.
Closes#600
This is a failsafe against Renovate bugs and potentially also mistakes on the user’s part. Before deleting/pruning any branches, Renovate will rename the PR’s title so that it should not block future PRs.
Closes#989
GitHub provides a tempting “Update branch” button whenever a branch is out of date with master, but the problem was that this then made us flag the branch as modified and hence unrebaseable, so the user would be stuck with keeping it update themselves from then on. With this feature, we ignore the “web-flow” committer when calculcating if there has been only one author.
This feature adds a new behaviour to Renovate, where it will now add a comment to any existing closed PRs that are "blocking" currently valid updates. A new API function "ensureComment" has been added, its purpose is so we can ensure there exists only one comment with a certain subject/heading. This lets us prevent duplicates as well as update existing, without having to keep state about it. ensureComment needs porting to gitlab, but should be quite easy.
Adds paginated results capability for gitlab and enables it for getFileList. This should enable all files when using APIv4.
Hopeful this c-l-o-s-e-s #962 & #968
* refactor: replace github code search with getTree/manual search (#944)
Previously Renovate was using the GitHub code search API once for each filename we are looking for. Instead, we now retrieve a list of files in the repository and cache it so it can be reused for filename matches.
Closes#939
* fix: use recursive=true
* fix: reset fileList for every repo (github)
* feat: implement findFilePaths on gitlab (#945)
* refactor: do not check manually for root package.json
* fix: reset fileList for every repo (gitlab)
* fix tests
From https://developer.github.com/v3/apps/available-endpoints/:
> In order to access the API with your GitHub App, you must provide a custom media type in the `Accept` Header for your requests.
```
application/vnd.github.machine-man-preview+json
```
Previously Renovate was using the GitHub code search API once for each filename we are looking for. Instead, we now retrieve a list of files in the repository and cache it so it can be reused for filename matches.
Closes#939
This feature means that you can configure branches/PRs to automerge, but if status checks fail (preventing automerge) then you can still get assigneed the PR to take action. Previously such PRs remained unassigned because we do not assign automerging PRs by default, to reduce noise.
Closes#722
By default, Renovate will now continue *updating* - but not creating - branches even if off-schedule. This applies to features such as (a) rebasing branches if master changes, (b) updating if new version comes, (c) creating PRs if tests pass, (d) automerging. It is planned that (b) will be configurable in a future feature. To disable this behaviour altogether, set updateNotScheduled to false.
Closes#879
* Revert "feat: support docker and meteor onboarding without npm"
This reverts commit 437145b901.
# Conflicts:
# test/workers/repository/onboarding.spec.js
* chore: downgrade npm cache message from debug to trace
Setting lockFileMaintenance.groupName = null will prevent the case where the user configures a repository groupName like “all” and then that group inherits the schedule of lock file maintenance. Instead, there will be renovate/all and renovate/lock-file-maintenance.
Fixes#885
Having eslint flag prettier "errors" in editors can be rather painful. Also chose against linting staged files for prettier because I like to stage partials. Instead:
- Recommended to use plugins for editors to format on save, e.g. `prettier-atom`
- Prettier will be run as part of `npm test`
Previously, Renovate assumed that any yarn workspaces configuration would be in the root of the repository. Now, workspaces can be located within a subdirectory, e.g. `frontend/`. Note: Renovate still supports only one workspace per repository, please file an issue if you require more than one.
Closes#842
This fix improves the way Renovate detects embedded/installed npm and yarn. It tries:
- locally installed npm or yarn
- npm or yarn embedded inside globally installed renovate
- globally installed npm or yarn
- global `yarn` or `npm` commands as fallback
Fixes#824
- Any package names not matching valid pattern will be rewritten to “dummy”
- “engines” and “scripts” fields will be completely removed
Closes#801, Closes#784
This feature adds initial support for renovating Dockerfiles. Renovate now:
- Detects all `Dockerfile`s in repo
- Searches for `FROM x` in first non-comment line, breaks x into image, tag, digest
- Queries public Docker registry for image:tag combination to find latest digest
- Patches Dockerfile if necessary
- Creates branches/PRs as like with npm
Closes#795
This feature adds support for renovating Meteor's `package.js` files. Meteor config is disabled by default so must be manually enabled to work. If enabled, Renovate uses GitHub's search API to look for any files named `package.js` that include the text `Npm.depends`. If so then the file is parsed using Regex to extract its dependencies and check them for updates.
Closes#785
* add minimatch
* feat: use package names for ignoring when lerna or workspaces
Renovate will now:
- Find all package.json files matching lerna or yarn workspaces glob pattern
- Retrieve package names from within those package.json files
- Implicitly ignore (not renvoate) any of those names
Closes#781
If a repository has a lock file error (e.g. can’t look up a private module) then it will no longer attempt to create every branch. Instead, it will error/exit after the first branch. Additionally, “Pin Dependencies” has been sorted to be first and further branches won’t be added or updated until Pin Dependencies has been merged.
* fix: migrate “every xday” to “on xday”
* fix: do not migrate before and after if before is after after
e.g. do not migrate “after 1am and before 5am”
A new config object `encrypted` can be defined at any level and contain encrypted configuration strings. Initial use is for encrypting an npm token for use with the hosted renovate app.
Closes#650
Renovate config can now support the fields `npmToken`, `npmrc` and `yarnrc`. `npmrc` and `yarnrc` (note no `.` prefix) can be used as an alternative to checking the respective files into the repo and have the same effect. `npmToken` is a shorter alternative and allows for just the npm token to be added, defaulting to the public npm registry.
Previously, the automerge feature was causing some undesirable behaviour when multiple branches were open at the same time. Example: #707. The main problem is that other branches will still be calculated based on the original `package.json` contents and not the post-merge contents. The simplest solution seems to be:
- Stop all subsequent branch processing after any automerge
- Restart repository renovation
This continues until no branch has automerged in a cycle.
Closes#750
We should not leave the PR unopened forever if the branch remains in not-pending state too long. Some status checks may leave the status as “pending” instead of “failed”. Defaults to 12 hours but is configurable.
Closes#747
This feature adds explicit support for correctly generating the yarn.lock file for workspaces. Specifically, it means that the yarn.lock in the root directory is regenerated whenever *any* package.json is modified. Previously lock files were only every updated if its corresponding package.json changes, but that is not the way yarn workspaces works.
Closes#473
The ignoreNodeModules feature is replaced with a generic ignorePaths one and allows any array of strings to be defined and package.json file matching them will be skipped/ignored. Also migrates any existing config/presets.
This is a major refactor of branch code to prepare for Yarn workspaces plus creating PRs for branches with failing lockfiles. Marked as "feature" to cause a minor version bump due to the moderate chance of accidentally breaking something.
tmpDir is now created once per-repository and package.json files are written and lockfiles generated based on the repo's directory structure. This way node_modules can be reused between branches in same run.
Closes#501
This makes for an uglier migration and potentially some redundancy, but is the only easy way to ensure that the migrated behaviour is definitely correct.
Fixes#713
Refactored the `automerge` field to change it to boolean. Existing string will be migrated to new config. Automerging lock files is now possible by adding `”lockFileMaintenance”: { ”automerge”: true}` to config.
Closes#706
This PR implements eslint-inspired shareable configs. With this feature, we:
- Add new config option "extends"
* This is an array of preset config names that the current config or preset extends/inherits from
- Add new config option "description"
* Each preset config should include a description of its functionality that is human-readable
- Provide a set of commonly use configs called "preset defaults"
- Provide two "full" preset configs: "app" and "library"
* Almost the same but app pins *all* version numbers while library only pins devdependencies
- Replace regular config in onboarding with one of these two presets
- Generate human-readable description of config in Onboarding PR
- Support npm for hosting configs (both scoped and non-scoped)
Closes#657, Closes#671, Closes#647
It was a mistake to enable this feature by default, and should be disabled. A check has been made to set the status to “success” if it was previously “pending” and the setting is now false. This should also cover the case when someone enables it and then disables it.
Fixes#667
Repository initialisation is refactored so that all package files and their content is retrieved up-front before an renovating begins. This allows us to know both how many package files as well as determine if there is renovate json in a package.json before triggering the onboarding PR.
Closes#634
Renovate now adds a status check renovate/unpublish-safe that has the following behaviour:
If any upgrade in the branch is < 24 hours old then the status check state is "pending"
If all upgrades in the branch are 24 hours or more old then the status check state is "success"
This is able to be disabled via a new option "unpublishSafe".
Closes#494
No need for {{semanticPrefix}} to be specified in templates now - it will be implicitly added to start of commit message and PR titles if semanticCommits=true
depTypes configuration is now refactored from being an array of strings/objects to having each type of dep (`dependencies`, `devDependencies`, `optionalDependencies`, `peerDependencies`) be a first class object in the namespace. The "old" way of configuring is still supported but is transformed using a migrateConfig script. Later, PRs will be raised to impacted repositories to suggest the new config.
This PR adds explicit patch support. A user can set `separatePatchReleases` to true and receive not only major/minor updates but also patch updates separately. This functionality is also implicitly enabled if `automerge` is set to `patch`.
This PR also enables separate major/minor/patch configuration, e.g. config overrides for major versions, for patch versions, etc. `branchName` is currently overridden for patch branches using this technique.
Closes#390, Closes#538
GitHub attempts to autolink any @user mention and this causes problems when we use scoped npm modules like `@types/gulp`. This escapes such package names with a zero width space to fool GitHub’s parser.
Fixes#518
This feature is particularly useful in the case that renovate is enabled on all repositories a user/account has. Many of those might be forks, and it makes no sense to renovate those by default. Instead, Renovate will skip over forked repositories unless a renovate.json has been added to their root.
Also, Renovate will now prune branches after deciding to skip a repository, whether because of a fork or disablement.
Closes#541
This PR adds detection and log warnings for the following config validation errors:
- Unknown config option (e.g misspelling of a valid config option)
- Config option is a wrong type (e.g. string instead of boolean)
It does *not* propagate this warning to the user (i.e. in onboarding or PRs) yet due to the high chance that we'll find a false negative. I will watch logs for a week or so and then once happy with results will activate user-visible warnings via #556.
Closes#548, Closes#555
If a `lerna.json` is present in the root of the repository, then Renovate will automatically ignore (i.e. not renovate) all package names found in the `packages/*` path. It does not require an explicit configuration to work.
We now check branch protection configuration for the repository's base branch to see if branches must be kept up-to-date. If so then we check Renovate branches for rebasing even if rebaseStalePrs is not set to true.
Closes#524
We should not rebase stale PRs if they have been edited any anyone. This adds a check from the PR to see if it can be rebased. If no PR then we assume we can - nobody should be editing our branches directly without PR.
Closes#525
Renovate now uses an embedded yarn binary. This way, the version of yarn used can be known + there is no requirement for Renovate admins to install yarn separately.
This removes the need to JSON.stringify() objects in logs. Default bunyan fields plus our custom meta fields are stripped out, and everything else is stringified in the details field.
Closes#498
GitHub incorrect assumes these #12345 issue numbers refer to the *local* repo, not the source. Adding ` ` should prevent that auto-hyperlinking.
Closes#489
Previously, when someone declared a repository groupName such as “All”, it resulted in lock file maintenance updates being grouped together as well. This is undesirable, especially if the All group then inherits the lock file maintenance schedule.
Fixes#483
Adding hyperlinks to all #12345 issues/PRs in upstream dependencies causes undesirable noise for maintainers of those repositories.
Now, such hyperlinking is done only for private repos as that won’t result in the same GitHub annotations.
Closes#478
Renovate will now ignore any package.json files found within node_modules folders, with the option to disable this functionality by setting config.ignoreNodeModules=false.
This allows for improvements to renovate’s default renovate.json to be passed on to users who haven’t merged or modified their Configure Renovate PR.
Closes#465
Schedule logic has been refactored to enable the pruning of all orphan branches.
Now, schedules aren't checked at package-time, instead package upgrades are queued regardless of schedule.
At branch time, it is checked whether the *branch* is scheduled and then the branch is not created/updated if it's off-schedule.
This enables the repository worker to know all possible branches and hence be able to determine which remaining branches in the repository are "orphans" to be deleted.
Closes#428, Closes#426
All PRs/branches will be shown in onboarding even if they have been scheduled for another day or time, providing a "full view" in the onboarding.
Closes#429
Collaborator
rarkins commented 14 hours ago
Base branch for Pull Requests is now configurable via a new baseBranch configuration option. To take effect, this much be present in the default branch (e.g. master in most cases) so that it can be discovered and used. See FAQ for more details.
Closes#443
A separate routine is run after branch creation to detect any branches that should be deleted. A branch will be removed if:
- It was not created by renovate in the last run, AND
- It has no PR, or its corresponding PR is not mergeable
Closes#426, Closes#428
This starts off [#359](https://github.com/singapore/renovate/issues/359) (configurable status checks) but only implements one sub-feature of it: disabling status checks to allow automerge if tests fail or if no tests are present.
Warnings and Errors are bubbled up when renovating a repository, together with the existing upgrades. The Onboarding PR ("Configure Renovate") now displays them and encourages the user to fix before merging/closing the PR.
Closes#414
This changes how group are configured to align with the new lock file configuration.
BREAKING CHANGE: old group* template options are no longer supported but can be migrated into group object
This feature now allows a custom schedule to be defined for lock file maintenance. It is now enabled by default but runs only before 5m on Sundays. Closes#399
BREAKING CHANGE: lock file maintenance is enabled by default.
Rules will apply to both yarn and npm (npm is yet to be implemented however). Existing mainainYarn* variables are removed and replaced by new lockFileMaintenance object.
This PR adds a scheduling feature, including timezone support.
It's described in detail in the FAQ, but the summary is:
* Timezones can be defined so that schedules are written in timezone of target repository
* Schedules can be written in "plain english"
* Multiple schedules allowed
* Schedules can be defined all the way down to package level
Closes#387
Add support for automerging without PR, Closes#177
* update definitions and docs
* Add mergeBranch api
* support merge commit
* set automergeType
* Update API
* Refactor merge commit
* branch-push working
* Refactor branch
* Add back base tree
* Fix failing tests
* Update definitions and docs
* Fix automerge logic
* Test isBranchStale
* start mergeBranch test
* test mergeBranch branch-push throws
* more tests
* test unknown commit type
* pr tests
* Detect automerge in versions helper
* update tests for new automergeEnabled flag
* refactor pr logic
* complete pr worker tests
* branch automerge tests
* Update docs
* refactor branch automerge check
Closes#31
* Add config.pinVersions
* Check config.pinVersions before pinning
* Fix no pinning
* Add tests for existing functionality
* Add test for new feature
* Add semver-utils
* Supports tilde ranges
* Add tests for tilde and caret
* Add support for lesser than ranges
* Document range upgrade logic
* Support shorthand and .x ranges
* Refactor upgrade logic
* Simplify refactor
* revert test change
* Add isRange and update PR title template
* Refactor major/minor
* Refactor isRange
* Refactor newRange
* Use lodash for rejecting pin
* Revert "Use lodash for rejecting pin"
This reverts commit 7f0b704bbf.
* Fix major check
* Use lodash for rejecting
* Use lodash map
* rename
* Refactor mapping
* Refactor test config
All promise syntax has been replaced with async/await.
`renovate` is now transpiled with `babel` to a `dist/` folder, which is the target of `main` and `start` in `package.json` now.
`renovate` can be run in `node.js` v7 without transpilation using `npm run start-raw`
Closes#77
Closes#55
commit 4914c5bbf401711b61d9a54330532175a51a167c
Author: Rhys Arkins <rhys@keylocation.sg>
Date: Tue Jan 17 12:45:45 2017 +0100
Update debug
commit 55c8307381397399afda01038b6c50416cba27a3
Author: Rhys Arkins <rhys@keylocation.sg>
Date: Tue Jan 17 12:44:08 2017 +0100
Ignore versions newer than “latest”
commit 8aa3e7daa937c0d86f89e1d704853ebee46a54a8
Author: Rhys Arkins <rhys@keylocation.sg>
Date: Tue Jan 17 11:17:31 2017 +0100
Ignore futures if current is not future
