From e100122baeec2ada65bb97193d1029fa552fb294 Mon Sep 17 00:00:00 2001 From: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com> Date: Mon, 9 Aug 2021 11:53:49 +0200 Subject: [PATCH 1/7] docs: create dependency dashboard showcase page --- docs/usage/dependency-dashboard.md | 146 +++++++++++++++++++++++++++++ 1 file changed, 146 insertions(+) create mode 100644 docs/usage/dependency-dashboard.md diff --git a/docs/usage/dependency-dashboard.md b/docs/usage/dependency-dashboard.md new file mode 100644 index 00000000000000..a62ae559fb3a17 --- /dev/null +++ b/docs/usage/dependency-dashboard.md @@ -0,0 +1,146 @@ +--- +title: Dependency Dashboard +description: Learn all about Renovate's Dependency Dashboard +--- + +# Introduction + +Renovate has a Dependency Dashboard that shows a overview of the state of your repositories' dependencies. + +When you turn on the Dependency Dashboard, Renovate will create a new issue on the repository. +This issue contains a "dashboard" where you can get a overview of the status of all updates. + +Having the Dependency Dashboard enabled also allows you to opt-in to different behavior for certain or even all updates with the "Dependency Dashboard Approval" workflow. + +## Supported platforms + +The Dependency Dashboard requires that the host platforms supports the concept of issues. +Read [our FAQ, Renovate core features not supported on all platforms](https://docs.renovatebot.com/faq/#renovate-core-features-not-supported-on-all-platforms) to see if your platform can use the Dependency Dashboard feature. + +## How to enable the dashboard + + + +To turn on the Dashboard manually, add the `:dependencyDashboard` preset to your `extends` array in the Renovate configuration file: + +```json +{ + "extends": ["config:base", ":dependencyDashboard"] +} +``` + +Or set `dependencyDashboardApproval` to `true`: + +``` +{ + "dependencyDashboardApproval": true +} +``` + + + +## How to disable the dashboard + + + +To disable the Dependency Dashboard, set `dependencyDashboard` to `false`. + +```json +{ + "extends": ["config:base"], + "dependencyDashboard": false +} +``` + +## Usecases + +This section explains some common usecases where having the Dependency Dashboard can help. + +### Visibility into rejected/deferred updates + +Renovate's Dependency Dashboard shows a overview of all updates that are still "to do". + +If you close a update PR from Renovate, the Dashboard will list this update. +If you later change your mind about the update, you can get a new PR by clicking the corresponding checkbox on the dashboard. + +### Show errored out updates + + + +### Dependency Dashboard Approval workflow + +Sometimes you want Renovate to wait for your approval before creating a update PR. +You can customize this "wait for approval" behavior however you like best. + +At a high level the options are: + +- Require approval for _all_ updates +- Require approval for a type of updates (`major` for example) +- Require approval for specific packages + +You can mix and match these options as well. + +#### Require approval for all updates + +Maybe you find Renovate too noisy, and want to opt-out of getting automatic updates whenever they're ready. + +In this case, you can tell Renovate to wait for your approval before making any pull requests. +This means that you have full control over when you get updates. + + + +Make sure you explictly enable the Dependency Dashboard this way have visibility into all pending updates. + +To require manual approval for _all updates_, add the `:dependencyDashboard` and the `:dependencyDashboardApproval` presets to the `extends` array in your Renovate configuration file: + +```json +{ + "extends": [ + "config:base", + ":dependencyDashboard", + ":dependencyDashboardApproval" + ] +} +``` + +#### Require approval for major updates + +Major updates are likely to break tests and/or require manual work before they can be merged. +So maybe you only want to get major updates when you approve them. + +If you want to require approval for major updates, set `dependencyDashboardApproval` to `true` within a `major` object: + +```json +{ + "major": { + "dependencyDashboardApproval": true + } +} +``` + +#### Require approval for specific packages + +Sometimes you only want to update specific packages when you say so. + +Maybe a package doesn't follow Semantic Versioning, and has breaking changes on every new release, so you want to update on your terms. + +Or maybe you have a package that updates too rapidly for you to keep up with, and you want to update once in a while manually. + +If you want to approve specific packages, set `dependencyDashboardApproval` to `true` within a `packageRules` entry where you have defined a specific package or pattern. + +```json +{ + "packageRules": [ + { + "matchPackagePatterns": ["^@package-name"], + "dependencyDashboardApproval": true + } + ] +} +``` From 543bb41e29db1442dfb1c8f9713b47f26e812843 Mon Sep 17 00:00:00 2001 From: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com> Date: Mon, 9 Aug 2021 14:04:42 +0200 Subject: [PATCH 2/7] add comments from rarkins in other issue --- docs/usage/dependency-dashboard.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/usage/dependency-dashboard.md b/docs/usage/dependency-dashboard.md index a62ae559fb3a17..6773d88a91f796 100644 --- a/docs/usage/dependency-dashboard.md +++ b/docs/usage/dependency-dashboard.md @@ -88,6 +88,10 @@ You can mix and match these options as well. #### Require approval for all updates +We do not recommend that you require approval for _all_ updates. +When you require prior approval, you need to check the dashboard issue regularly to check for important updates. +You'll probably forgot to check often enough, out of sight is out of mind! + Maybe you find Renovate too noisy, and want to opt-out of getting automatic updates whenever they're ready. In this case, you can tell Renovate to wait for your approval before making any pull requests. @@ -114,6 +118,8 @@ To require manual approval for _all updates_, add the `:dependencyDashboard` and Major updates are likely to break tests and/or require manual work before they can be merged. So maybe you only want to get major updates when you approve them. +Dependency Dashboard Approval is far superior to disabling major updates because at least you can fully see what's pending on the dashboard, instead of updates being totally invisible. + If you want to require approval for major updates, set `dependencyDashboardApproval` to `true` within a `major` object: ```json From fd0e51d951c5bc53e91e7ca776554e8010b21662 Mon Sep 17 00:00:00 2001 From: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com> Date: Mon, 9 Aug 2021 15:36:15 +0200 Subject: [PATCH 3/7] Fix bad enable dashboard config Co-authored-by: Michael Kriese --- docs/usage/dependency-dashboard.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/usage/dependency-dashboard.md b/docs/usage/dependency-dashboard.md index 6773d88a91f796..26c64d87d84985 100644 --- a/docs/usage/dependency-dashboard.md +++ b/docs/usage/dependency-dashboard.md @@ -29,11 +29,11 @@ To turn on the Dashboard manually, add the `:dependencyDashboard` preset to your } ``` -Or set `dependencyDashboardApproval` to `true`: +Or set `dependencyDashboard` to `true`: ``` { - "dependencyDashboardApproval": true + "dependencyDashboard": true } ``` From 4371aedd1f6a51f405ee2ff5f5afd86cfabf79c8 Mon Sep 17 00:00:00 2001 From: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com> Date: Thu, 12 Aug 2021 13:43:37 +0200 Subject: [PATCH 4/7] Move dependency-dashboard.md into key-concepts folder --- docs/usage/{ => key-concepts}/dependency-dashboard.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename docs/usage/{ => key-concepts}/dependency-dashboard.md (100%) diff --git a/docs/usage/dependency-dashboard.md b/docs/usage/key-concepts/dependency-dashboard.md similarity index 100% rename from docs/usage/dependency-dashboard.md rename to docs/usage/key-concepts/dependency-dashboard.md From 9f5fb776f0dea27a4b9e7bcdd9ce852b448f6195 Mon Sep 17 00:00:00 2001 From: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com> Date: Fri, 13 Aug 2021 11:18:49 +0200 Subject: [PATCH 5/7] Apply suggestions from code review Co-authored-by: Rhys Arkins --- .../key-concepts/dependency-dashboard.md | 49 ++++++------------- 1 file changed, 14 insertions(+), 35 deletions(-) diff --git a/docs/usage/key-concepts/dependency-dashboard.md b/docs/usage/key-concepts/dependency-dashboard.md index 26c64d87d84985..aa10be8135ab15 100644 --- a/docs/usage/key-concepts/dependency-dashboard.md +++ b/docs/usage/key-concepts/dependency-dashboard.md @@ -7,20 +7,18 @@ description: Learn all about Renovate's Dependency Dashboard Renovate has a Dependency Dashboard that shows a overview of the state of your repositories' dependencies. -When you turn on the Dependency Dashboard, Renovate will create a new issue on the repository. +When the Dependency Dashboard is enabled, Renovate will create a new issue in the repository. This issue contains a "dashboard" where you can get a overview of the status of all updates. -Having the Dependency Dashboard enabled also allows you to opt-in to different behavior for certain or even all updates with the "Dependency Dashboard Approval" workflow. +Having the Dependency Dashboard also enables the concept of an "approval" workflow for new upgrades, either for selected dependencies (recommended) or even for all. ## Supported platforms -The Dependency Dashboard requires that the host platforms supports the concept of issues. +The Dependency Dashboard requires that the host platforms supports the concept of issues with dynamic Markdown checkboxes. Read [our FAQ, Renovate core features not supported on all platforms](https://docs.renovatebot.com/faq/#renovate-core-features-not-supported-on-all-platforms) to see if your platform can use the Dependency Dashboard feature. ## How to enable the dashboard - - To turn on the Dashboard manually, add the `:dependencyDashboard` preset to your `extends` array in the Renovate configuration file: ```json @@ -37,42 +35,26 @@ Or set `dependencyDashboard` to `true`: } ``` - - ## How to disable the dashboard - - -To disable the Dependency Dashboard, set `dependencyDashboard` to `false`. +To disable the Dependency Dashboard, add the preset `:disableDependencyDashboard` or set `dependencyDashboard` to `false`. ```json { - "extends": ["config:base"], - "dependencyDashboard": false + "extends": ["config:base", ":disableDependencyDashboard"] } -``` -## Usecases +## Use cases -This section explains some common usecases where having the Dependency Dashboard can help. +This section explains some common use cases where having the Dependency Dashboard can help. ### Visibility into rejected/deferred updates Renovate's Dependency Dashboard shows a overview of all updates that are still "to do". -If you close a update PR from Renovate, the Dashboard will list this update. +If you close an update PR from Renovate without merging, the Dashboard will list this update in the Closed/Ignored section. If you later change your mind about the update, you can get a new PR by clicking the corresponding checkbox on the dashboard. -### Show errored out updates - - - ### Dependency Dashboard Approval workflow Sometimes you want Renovate to wait for your approval before creating a update PR. @@ -90,24 +72,21 @@ You can mix and match these options as well. We do not recommend that you require approval for _all_ updates. When you require prior approval, you need to check the dashboard issue regularly to check for important updates. -You'll probably forgot to check often enough, out of sight is out of mind! +You'll probably forgot to check often enough, and out of sight means out of mind! Maybe you find Renovate too noisy, and want to opt-out of getting automatic updates whenever they're ready. In this case, you can tell Renovate to wait for your approval before making any pull requests. This means that you have full control over when you get updates. - - -Make sure you explictly enable the Dependency Dashboard this way have visibility into all pending updates. +However, vulnerability remediation PRs will still get created immediately without requiring approval. -To require manual approval for _all updates_, add the `:dependencyDashboard` and the `:dependencyDashboardApproval` presets to the `extends` array in your Renovate configuration file: +To require manual approval for _all updates_, add the `:dependencyDashboardApproval` presets to the `extends` array in your Renovate configuration file: ```json { "extends": [ "config:base", - ":dependencyDashboard", ":dependencyDashboardApproval" ] } @@ -115,8 +94,8 @@ To require manual approval for _all updates_, add the `:dependencyDashboard` and #### Require approval for major updates -Major updates are likely to break tests and/or require manual work before they can be merged. -So maybe you only want to get major updates when you approve them. +Major updates often contain breaking changes which require manual changes in your code before they can be merged. +So maybe you only want to get major updates when you have sufficient time to check them carefully. Dependency Dashboard Approval is far superior to disabling major updates because at least you can fully see what's pending on the dashboard, instead of updates being totally invisible. @@ -144,7 +123,7 @@ If you want to approve specific packages, set `dependencyDashboardApproval` to ` { "packageRules": [ { - "matchPackagePatterns": ["^@package-name"], + "matchPackagePatterns": ["^@somescope"], "dependencyDashboardApproval": true } ] From 0d8171a4fc29493e3c11f62bd5d21c9f5abb1d92 Mon Sep 17 00:00:00 2001 From: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com> Date: Fri, 13 Aug 2021 11:21:01 +0200 Subject: [PATCH 6/7] run linter, fix missing code fence --- docs/usage/key-concepts/dependency-dashboard.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/docs/usage/key-concepts/dependency-dashboard.md b/docs/usage/key-concepts/dependency-dashboard.md index aa10be8135ab15..0994fca5e41688 100644 --- a/docs/usage/key-concepts/dependency-dashboard.md +++ b/docs/usage/key-concepts/dependency-dashboard.md @@ -43,6 +43,7 @@ To disable the Dependency Dashboard, add the preset `:disableDependencyDashboard { "extends": ["config:base", ":disableDependencyDashboard"] } +``` ## Use cases @@ -85,10 +86,7 @@ To require manual approval for _all updates_, add the `:dependencyDashboardAppro ```json { - "extends": [ - "config:base", - ":dependencyDashboardApproval" - ] + "extends": ["config:base", ":dependencyDashboardApproval"] } ``` From 44e9f3f427c8198d9c00de6b5bf14399d5471042 Mon Sep 17 00:00:00 2001 From: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com> Date: Fri, 13 Aug 2021 11:21:29 +0200 Subject: [PATCH 7/7] rename file to dashboard.md --- docs/usage/key-concepts/{dependency-dashboard.md => dashboard.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename docs/usage/key-concepts/{dependency-dashboard.md => dashboard.md} (100%) diff --git a/docs/usage/key-concepts/dependency-dashboard.md b/docs/usage/key-concepts/dashboard.md similarity index 100% rename from docs/usage/key-concepts/dependency-dashboard.md rename to docs/usage/key-concepts/dashboard.md