renovate/renovate
1
0
Fork 0
mirror of https://github.com/renovatebot/renovate.git synced 2025-01-15 17:16:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
renovate/docs/development/new-package-manager-template.md
Rhys Arkins cbca54d0c3 feat!: do not auto pin rangeStrategy (#18309) 
Removes all logic where rangeStrategy=auto results in pinning.

Closes #18304

BREAKING CHANGE: Dependencies are no longer automatically pinned, pinning must be opted into using rangeStrategy=pin
2022-10-23 06:48:35 +02:00

3.1 KiB
Raw Blame History

New package manager questionnaire

Did you read our documentation on adding a package manager?

Basics

Name of package manager

What language does this support?

How popular is this package manager?

Does this language have other (competing?) package managers?

  • Yes (give names)
  • No

Package File Detection

What type of package files and names does it use?

What fileMatch pattern(s) should be used?

Is it likely that many users would need to extend this pattern for custom file names?

  • Yes
  • No

Is the fileMatch pattern likely to get many "false hits" for files that have nothing to do with package management?

Parsing and Extraction

Can package files have "local" links to each other that need to be resolved?

Is there a reason why package files need to be parsed together (in serial) instead of independently?

What format/syntax is the package file in?

  • JSON
  • TOML
  • YAML
  • Custom (explain below)

How do you suggest parsing the file?

  • Off the shelf parser
  • Using regex
  • Custom-parsed line by line
  • Other

Does the package file structure distinguish between different "types" of dependencies? e.g. production dependencies, development dependencies, etc?

  • Yes, production and development dependencies
  • No, all dependencies are treated the same

List all the sources/syntaxes of dependencies that can be extracted

Describe which types of dependencies above are supported and which will be implemented in future

Versioning

What versioning scheme does the package file(s) use?

Does this versioning scheme support range constraints, e.g. ^1.0.0 or 1.x?

  • Supports range constraints (e.g ^1.0.0 or 1.x)
  • No

Lookup

Is a new datasource required? Provide details

  • Yes, provide details.
  • No.

Will users need the capability to specify a custom host/registry to look up? Can it be found within the package files, or within other files inside the repository, or would it require Renovate configuration?

Do the package files have any "constraints" on the parent language (e.g. supports only v3.x of Python) or platform (Linux, Windows, etc.) that should be used in the lookup procedure?

Will users need the ability to configure language or other constraints using Renovate config?

Artifacts

Are lock files or checksum files used? Are they mandatory?

If so, what tool and exact commands should be used if updating one or more package versions in a dependency file?

If applicable, describe how the tool maintains a cache and if it can be controlled via CLI or environment variables? Do you recommend the cache be kept or disabled/ignored?

If applicable, what command should be used to generate a lock file from scratch if you already have a package file? This will be used for "lock file maintenance"

Other

Is there anything else to know about this package manager?