Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added note on renovate vs dependabot #7378

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Added note on renovate vs dependabot #7378

wants to merge 7 commits into from
+2 −0

Conversation

vwagh-dev
Copy link

@vwagh-dev vwagh-dev commented Jun 24, 2024
edited
Loading

As I am new to jenkins, for one of the API plugin I configured the Dependabot as per the documentation.
Whereas plugin were already supporting the Renovate & both do the same job.

Hence adding the note to with details if renovate is not present then only we should configure the dependabot else not.

@vwagh-dev vwagh-dev requested a review from a team as a code owner June 24, 2024 03:03
@probot-autolabeler probot-autolabeler bot added the documentation Jenkins documentation, including user and developer docs, solution pages, etc. label Jun 24, 2024
gounthar
gounthar reviewed Jun 24, 2024
View reviewed changes
content/doc/developer/publishing/releasing-cd.adoc Outdated
@@ -71,6 +71,8 @@ IMPORTANT: These files may have been set up this way by the https://github.com/j

=== Configure Dependabot

Note:: If you have a `.github/renovate.json`, do not configure Dependabot. link:https://www.jenkins.io/blog/2023/09/20/renovate-bot-probe-blog[For more details]
Copy link
Contributor

@gounthar gounthar Jun 24, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for this contribution. 👍

We shouldn't be too categorical; perhaps we could propose a discussion with other maintainers to choose the right tool for handling dependency updates.

The long-term goal is to ensure that maintainers are comfortable with the tools they use.

If a maintainer is working alone on a project and prefers Dependabot to Renovate, we should allow them to choose Dependabot and discontinue the use of Renovate.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should section should really be configure a dependency update tool either renovate or dependabot.

When this was written dependabot was the only one in use. Since then renovate has been used a lot more as it is way more powerful

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we all have biases when it comes to choosing our dependency update tool.

Do we really need a "more powerful" tool when a simple one does the trick?

I believe it depends on several factors:

  1. The complexity of updating certain dependencies
  2. The maintainers' skills
  3. The willingness of maintainers to learn a new tool

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we really need a "more powerful" tool when a simple one does the trick?

Yes, dependabot doesn't scale. Its fine for simple cases.

I'm not saying prefer renovate here just to give the option.

In terms of this pull request I think removing the blog link and rewording to:

If you have renovate configured there is no need to configure dependabot

Would be good to work renovate.json in, keeping in mind it can be in a number of places and people will put it in different ones

jtnord
jtnord reviewed Jun 24, 2024
View reviewed changes
Copy link
Contributor

@jtnord jtnord left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Whilst I agree the whole Renovate/Dependabot discussion is relevant I think this should be be taken outside this PR because:

  1. if the user does have something then it is important to not override it.
  2. if the user does not have anything then they likely do not need the power of renovate, it can be changed at a later time.
  3. as is this PR would prevent some issues coming up like this where a well intended PR was submitted following these current instructions.

@MarkEWaite @jtnord
Use an admonition
6147a88 
Co-authored-by: James Nord <jtnord@users.noreply.github.com>
MarkEWaite
MarkEWaite approved these changes Jun 25, 2024
View reviewed changes
Copy link
Contributor

@MarkEWaite MarkEWaite left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it is wise to warn people not to add dependabot if renovate is already configured.

content/doc/developer/publishing/releasing-cd.adoc Outdated Show resolved Hide resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kmartens27 kmartens27 kmartens27 left review comments

@timja timja timja left review comments

@jtnord jtnord jtnord left review comments

@gounthar gounthar gounthar left review comments

@MarkEWaite MarkEWaite MarkEWaite approved these changes

Assignees
No one assigned
Labels
documentation Jenkins documentation, including user and developer docs, solution pages, etc.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@vwagh-dev @gounthar @MarkEWaite @jtnord @timja @kmartens27