Configure Renovate for GitHub Actions#157952
Open
Turbo87 wants to merge 4 commits into
Open
Conversation
Removes the `enabledManagers` override so all managers run, but requires manual approval from the Dependency Dashboard before any PRs are opened. The dashboard then acts as a preview without cluttering the PR list.
rustbot
added
the
S-waiting-on-review
This comment has been minimized.
This comment has been minimized.
Subtrees are updated in their upstream repositories and synced into the tree, so Renovate should not manage their dependencies here. Without this, Renovate would surface pinned actions from every subtree workflow file (see rust-lang#134127). Mirrors the subtree list in `external-repos.md`.
Pins GitHub Actions to their commit SHA digests and keeps them updated. This lets Renovate handle the pinning that was proposed in rust-lang#155089 instead of maintaining it manually.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This sets up Renovate to keep our GitHub Actions pinned to commit SHAs and up to date, as a follow-up to #155089 where we pinned them by hand. The actual pinning is handled by the
helpers:pinGitHubActionDigestspreset.For now every update has to be approved from the Dependency Dashboard before Renovate opens a PR. I expect this to be temporary while we get the config right, since it lets us preview what Renovate wants to do without flooding the PR list. Once the pinning and the update PRs look correct, we can drop the approval requirement for the github-actions manager and let those flow through automatically.
Renovate also skips the subtree paths, since those tools are maintained in their own repositories and synced back in, and #134127 showed what happens when it starts editing them directly. The lockfile maintenance job is gone as well, since it was broken anyway.
r? @marcoieni