Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2025-03-12 13:39:14 +01:00
Code Issues Projects Releases Wiki Activity

[PM-17933] Improve Github Actions dependency update process in Renovate (#13234)

Browse Source 
* Renamed to JSON5

* Renovate config to group actions by team.

* Corresponding CODEOWNERS changes.

* Updated linting script to use new file name.

* Added note to check CODEOWNERS before changing.

* Added json5 dependency.

* Updated comments for package grouping.

* A few comment adjustments.

* Removed minor-only grouping and Platform cargo prefix.

* Added comments.

* Added back new line to remove extra change in PR.

* Removed package rule for patch to move to base config.
This commit is contained in:
Todd Martin 2025-03-04 14:37:59 -05:00 committed by GitHub
parent 17393050b5
commit fb4fff09e1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 65 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
.github/CODEOWNERS vendored
View File

@ -90,7 +90,9 @@ apps/web/src/app/core @bitwarden/team-platform-dev
apps/web/src/app/shared @bitwarden/team-platform-dev apps/web/src/app/shared @bitwarden/team-platform-dev
apps/web/src/translation-constants.ts @bitwarden/team-platform-dev apps/web/src/translation-constants.ts @bitwarden/team-platform-dev
# Workflows # Workflows
.github/workflows/brew-bump-desktop.yml @bitwarden/team-platform-dev # Any changes here should also be reflected in Renovate configuration
.github/workflows/automatic-issue-responses.yml @bitwarden/team-platform-dev
.github/workflows/automatic-pull-request-responses.yml @bitwarden/team-platform-dev
.github/workflows/build-browser-target.yml @bitwarden/team-platform-dev .github/workflows/build-browser-target.yml @bitwarden/team-platform-dev
.github/workflows/build-browser.yml @bitwarden/team-platform-dev .github/workflows/build-browser.yml @bitwarden/team-platform-dev
.github/workflows/build-cli-target.yml @bitwarden/team-platform-dev .github/workflows/build-cli-target.yml @bitwarden/team-platform-dev
@ -100,10 +102,13 @@ apps/web/src/translation-constants.ts @bitwarden/team-platform-dev
.github/workflows/build-web-target.yml @bitwarden/team-platform-dev .github/workflows/build-web-target.yml @bitwarden/team-platform-dev
.github/workflows/build-web.yml @bitwarden/team-platform-dev .github/workflows/build-web.yml @bitwarden/team-platform-dev
.github/workflows/chromatic.yml @bitwarden/team-platform-dev .github/workflows/chromatic.yml @bitwarden/team-platform-dev
.github/workflows/crowdin-pull.yml @bitwarden/team-platform-dev
.github/workflows/enforce-labels.yml @bitwarden/team-platform-dev
.github/workflows/lint.yml @bitwarden/team-platform-dev .github/workflows/lint.yml @bitwarden/team-platform-dev
.github/workflows/locales-lint.yml @bitwarden/team-platform-dev .github/workflows/locales-lint.yml @bitwarden/team-platform-dev
.github/workflows/repository-management.yml @bitwarden/team-platform-dev .github/workflows/repository-management.yml @bitwarden/team-platform-dev
.github/workflows/scan.yml @bitwarden/team-platform-dev .github/workflows/scan.yml @bitwarden/team-platform-dev
.github/workflows/stale-bot.yml @bitwarden/team-platform-dev
.github/workflows/test.yml @bitwarden/team-platform-dev .github/workflows/test.yml @bitwarden/team-platform-dev
.github/workflows/version-auto-bump.yml @bitwarden/team-platform-dev .github/workflows/version-auto-bump.yml @bitwarden/team-platform-dev
# ESLint custom rules # ESLint custom rules
@ -152,6 +157,7 @@ apps/desktop/src/locales/en/messages.json
apps/web/src/locales/en/messages.json apps/web/src/locales/en/messages.json
## BRE team owns these workflows ## ## BRE team owns these workflows ##
# Any changes here should also be reflected in Renovate configuration ##
.github/workflows/brew-bump-desktop.yml @bitwarden/dept-bre .github/workflows/brew-bump-desktop.yml @bitwarden/dept-bre
.github/workflows/deploy-web.yml @bitwarden/dept-bre .github/workflows/deploy-web.yml @bitwarden/dept-bre
.github/workflows/publish-cli.yml @bitwarden/dept-bre .github/workflows/publish-cli.yml @bitwarden/dept-bre
@ -159,13 +165,11 @@ apps/web/src/locales/en/messages.json
.github/workflows/publish-web.yml @bitwarden/dept-bre .github/workflows/publish-web.yml @bitwarden/dept-bre
.github/workflows/retrieve-current-desktop-rollout.yml @bitwarden/dept-bre .github/workflows/retrieve-current-desktop-rollout.yml @bitwarden/dept-bre
.github/workflows/staged-rollout-desktop.yml @bitwarden/dept-bre .github/workflows/staged-rollout-desktop.yml @bitwarden/dept-bre
.github/workflows/release-browser.yml @bitwarden/dept-bre
## Shared ownership workflows ## .github/workflows/release-cli.yml @bitwarden/dept-bre
.github/workflows/release-browser.yml .github/workflows/release-desktop-beta.yml @bitwarden/dept-bre
.github/workflows/release-cli.yml .github/workflows/release-desktop.yml @bitwarden/dept-bre
.github/workflows/release-desktop-beta.yml .github/workflows/release-web.yml @bitwarden/dept-bre
.github/workflows/release-desktop.yml
.github/workflows/release-web.yml
## Docker files have shared ownership ## ## Docker files have shared ownership ##
**/Dockerfile **/Dockerfile

61
.github/renovate.json5 vendored
View File

@ -1,28 +1,65 @@
{ {
$schema: "https://docs.renovatebot.com/renovate-schema.json", $schema: "https://docs.renovatebot.com/renovate-schema.json",
extends: ["github>bitwarden/renovate-config"], // Extends our base config for pinned dependencies extends: ["github>bitwarden/renovate-config"], // Extends our default configuration for pinned dependencies
enabledManagers: ["cargo", "github-actions", "npm"], enabledManagers: ["cargo", "github-actions", "npm"],
packageRules: [ packageRules: [
{ {
// Group all build/test/lint workflows for GitHub Actions together for Platform
// Since they are code owners we don't need to assign a review team in Renovate
// Any changes here should also be reflected in CODEOWNERS
groupName: "github-action minor", groupName: "github-action minor",
matchManagers: ["github-actions"], matchManagers: ["github-actions"],
matchUpdateTypes: ["minor"], matchFileNames: [
}, "./github/workflows/automatic-issue-responses.yml",
{ "./github/workflows/automatic-pull-request-responses.yml",
matchManagers: ["cargo"], "./github/workflows/build-browser.yml",
"./github/workflows/build-cli.yml",
"./github/workflows/build-desktop.yml",
"./github/workflows/build-web.yml",
"./github/workflows/chromatic.yml",
"./github/workflows/crowdin-pull.yml",
"./github/workflows/enforce-labels.yml",
"./github/workflows/lint.yml",
"./github/workflows/locales-lint.yml",
"./github/workflows/repository-management.yml",
"./github/workflows/scan.yml",
"./github/workflows/stale-bot.yml",
"./github/workflows/test.yml",
"./github/workflows/version-auto-bump.yml",
],
commitMessagePrefix: "[deps] Platform:", commitMessagePrefix: "[deps] Platform:",
}, },
{ {
groupName: "napi", // Group all release-related workflows for GitHub Actions together for BRE
matchPackageNames: ["napi", "napi-build", "napi-derive"], // Since they are code owners we don't need to assign a review team in Renovate
// Any changes here should also be reflected in CODEOWNERS
groupName: "github-action minor",
matchManagers: ["github-actions"],
matchFileNames: [
"./github/workflows/brew-bump-desktop.yml",
"./github/workflows/deploy-web.yml",
"./github/workflows/publish-cli.yml",
"./github/workflows/publish-desktop.yml",
"./github/workflows/publish-web.yml",
"./github/workflows/retrieve-current-desktop-rollout.yml",
"./github/workflows/staged-rollout-desktop.yml",
"./github/workflows/release-cli.yml",
"./github/workflows/release-desktop-beta.yml",
"./github/workflows/release-desktop.yml",
"./github/workflows/release-web.yml",
],
commitMessagePrefix: "[deps] BRE:",
}, },
{ {
// Disable major and minor updates for TypeScript and Zone.js because they are managed by Angular
matchPackageNames: ["typescript", "zone.js"], matchPackageNames: ["typescript", "zone.js"],
matchUpdateTypes: ["major", "minor"], matchUpdateTypes: ["major", "minor"],
description: "Determined by Angular", description: "Determined by Angular",
enabled: false, enabled: false,
}, },
{ {
// Disable major updates for core Angular dependencies because they are managed through ng update
// when we decide to upgrade.
matchSourceUrls: [ matchSourceUrls: [
"https://github.com/angular-eslint/angular-eslint", "https://github.com/angular-eslint/angular-eslint",
"https://github.com/angular/angular-cli", "https://github.com/angular/angular-cli",
@ -35,19 +72,27 @@
enabled: false, enabled: false,
}, },
{ {
// Renovate should manage patch updates for TypeScript and Zone.js, despite ignoring major and minor
matchPackageNames: ["typescript", "zone.js"], matchPackageNames: ["typescript", "zone.js"],
matchUpdateTypes: "patch", matchUpdateTypes: "patch",
}, },
{ {
// We want to update all the Jest-related packages together, to reduce PR noise
groupName: "jest", groupName: "jest",
matchPackageNames: ["@types/jest", "jest", "ts-jest", "jest-preset-angular"], matchPackageNames: ["@types/jest", "jest", "ts-jest", "jest-preset-angular"],
matchUpdateTypes: "major",
}, },
{ {
// We need to group all napi-related packages together to avoid build errors caused by version incompatibilities
groupName: "napi",
matchPackageNames: ["napi", "napi-build", "napi-derive"],
},
{
// We need to group all macOS/iOS binding-related packages together to avoid build errors caused by version incompatibilities
groupName: "macOS/iOS bindings", groupName: "macOS/iOS bindings",
matchPackageNames: ["core-foundation", "security-framework", "security-framework-sys"], matchPackageNames: ["core-foundation", "security-framework", "security-framework-sys"],
}, },
{ {
// We need to group all zbus-related packages together to avoid build errors caused by version incompatibilities
groupName: "zbus", groupName: "zbus",
matchPackageNames: ["zbus", "zbus_polkit"], matchPackageNames: ["zbus", "zbus_polkit"],
}, },