From fb4fff09e1ebef8f6e1462c1ff73ff9f60308631 Mon Sep 17 00:00:00 2001 From: Todd Martin <106564991+trmartin4@users.noreply.github.com> Date: Tue, 4 Mar 2025 14:37:59 -0500 Subject: [PATCH] [PM-17933] Improve Github Actions dependency update process in Renovate (#13234) * Renamed to JSON5 * Renovate config to group actions by team. * Corresponding CODEOWNERS changes. * Updated linting script to use new file name. * Added note to check CODEOWNERS before changing. * Added json5 dependency. * Updated comments for package grouping. * A few comment adjustments. * Removed minor-only grouping and Platform cargo prefix. * Added comments. * Added back new line to remove extra change in PR. * Removed package rule for patch to move to base config. --- .github/CODEOWNERS | 20 ++++++++------ .github/renovate.json5 | 61 ++++++++++++++++++++++++++++++++++++------ 2 files changed, 65 insertions(+), 16 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 763b48ab1d9..d23cfa58283 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -90,7 +90,9 @@ apps/web/src/app/core @bitwarden/team-platform-dev apps/web/src/app/shared @bitwarden/team-platform-dev apps/web/src/translation-constants.ts @bitwarden/team-platform-dev # Workflows -.github/workflows/brew-bump-desktop.yml @bitwarden/team-platform-dev +# Any changes here should also be reflected in Renovate configuration +.github/workflows/automatic-issue-responses.yml @bitwarden/team-platform-dev +.github/workflows/automatic-pull-request-responses.yml @bitwarden/team-platform-dev .github/workflows/build-browser-target.yml @bitwarden/team-platform-dev .github/workflows/build-browser.yml @bitwarden/team-platform-dev .github/workflows/build-cli-target.yml @bitwarden/team-platform-dev @@ -100,10 +102,13 @@ apps/web/src/translation-constants.ts @bitwarden/team-platform-dev .github/workflows/build-web-target.yml @bitwarden/team-platform-dev .github/workflows/build-web.yml @bitwarden/team-platform-dev .github/workflows/chromatic.yml @bitwarden/team-platform-dev +.github/workflows/crowdin-pull.yml @bitwarden/team-platform-dev +.github/workflows/enforce-labels.yml @bitwarden/team-platform-dev .github/workflows/lint.yml @bitwarden/team-platform-dev .github/workflows/locales-lint.yml @bitwarden/team-platform-dev .github/workflows/repository-management.yml @bitwarden/team-platform-dev .github/workflows/scan.yml @bitwarden/team-platform-dev +.github/workflows/stale-bot.yml @bitwarden/team-platform-dev .github/workflows/test.yml @bitwarden/team-platform-dev .github/workflows/version-auto-bump.yml @bitwarden/team-platform-dev # ESLint custom rules @@ -152,6 +157,7 @@ apps/desktop/src/locales/en/messages.json apps/web/src/locales/en/messages.json ## BRE team owns these workflows ## +# Any changes here should also be reflected in Renovate configuration ## .github/workflows/brew-bump-desktop.yml @bitwarden/dept-bre .github/workflows/deploy-web.yml @bitwarden/dept-bre .github/workflows/publish-cli.yml @bitwarden/dept-bre @@ -159,13 +165,11 @@ apps/web/src/locales/en/messages.json .github/workflows/publish-web.yml @bitwarden/dept-bre .github/workflows/retrieve-current-desktop-rollout.yml @bitwarden/dept-bre .github/workflows/staged-rollout-desktop.yml @bitwarden/dept-bre - -## Shared ownership workflows ## -.github/workflows/release-browser.yml -.github/workflows/release-cli.yml -.github/workflows/release-desktop-beta.yml -.github/workflows/release-desktop.yml -.github/workflows/release-web.yml +.github/workflows/release-browser.yml @bitwarden/dept-bre +.github/workflows/release-cli.yml @bitwarden/dept-bre +.github/workflows/release-desktop-beta.yml @bitwarden/dept-bre +.github/workflows/release-desktop.yml @bitwarden/dept-bre +.github/workflows/release-web.yml @bitwarden/dept-bre ## Docker files have shared ownership ## **/Dockerfile diff --git a/.github/renovate.json5 b/.github/renovate.json5 index b9de0084c25..b898ffc8629 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -1,28 +1,65 @@ { $schema: "https://docs.renovatebot.com/renovate-schema.json", - extends: ["github>bitwarden/renovate-config"], // Extends our base config for pinned dependencies + extends: ["github>bitwarden/renovate-config"], // Extends our default configuration for pinned dependencies enabledManagers: ["cargo", "github-actions", "npm"], packageRules: [ { + // Group all build/test/lint workflows for GitHub Actions together for Platform + // Since they are code owners we don't need to assign a review team in Renovate + // Any changes here should also be reflected in CODEOWNERS groupName: "github-action minor", matchManagers: ["github-actions"], - matchUpdateTypes: ["minor"], - }, - { - matchManagers: ["cargo"], + matchFileNames: [ + "./github/workflows/automatic-issue-responses.yml", + "./github/workflows/automatic-pull-request-responses.yml", + "./github/workflows/build-browser.yml", + "./github/workflows/build-cli.yml", + "./github/workflows/build-desktop.yml", + "./github/workflows/build-web.yml", + "./github/workflows/chromatic.yml", + "./github/workflows/crowdin-pull.yml", + "./github/workflows/enforce-labels.yml", + "./github/workflows/lint.yml", + "./github/workflows/locales-lint.yml", + "./github/workflows/repository-management.yml", + "./github/workflows/scan.yml", + "./github/workflows/stale-bot.yml", + "./github/workflows/test.yml", + "./github/workflows/version-auto-bump.yml", + ], commitMessagePrefix: "[deps] Platform:", }, { - groupName: "napi", - matchPackageNames: ["napi", "napi-build", "napi-derive"], + // Group all release-related workflows for GitHub Actions together for BRE + // Since they are code owners we don't need to assign a review team in Renovate + // Any changes here should also be reflected in CODEOWNERS + groupName: "github-action minor", + matchManagers: ["github-actions"], + matchFileNames: [ + "./github/workflows/brew-bump-desktop.yml", + "./github/workflows/deploy-web.yml", + "./github/workflows/publish-cli.yml", + "./github/workflows/publish-desktop.yml", + "./github/workflows/publish-web.yml", + "./github/workflows/retrieve-current-desktop-rollout.yml", + "./github/workflows/staged-rollout-desktop.yml", + "./github/workflows/release-cli.yml", + "./github/workflows/release-desktop-beta.yml", + "./github/workflows/release-desktop.yml", + "./github/workflows/release-web.yml", + ], + commitMessagePrefix: "[deps] BRE:", }, { + // Disable major and minor updates for TypeScript and Zone.js because they are managed by Angular matchPackageNames: ["typescript", "zone.js"], matchUpdateTypes: ["major", "minor"], description: "Determined by Angular", enabled: false, }, { + // Disable major updates for core Angular dependencies because they are managed through ng update + // when we decide to upgrade. matchSourceUrls: [ "https://github.com/angular-eslint/angular-eslint", "https://github.com/angular/angular-cli", @@ -35,19 +72,27 @@ enabled: false, }, { + // Renovate should manage patch updates for TypeScript and Zone.js, despite ignoring major and minor matchPackageNames: ["typescript", "zone.js"], matchUpdateTypes: "patch", }, { + // We want to update all the Jest-related packages together, to reduce PR noise groupName: "jest", matchPackageNames: ["@types/jest", "jest", "ts-jest", "jest-preset-angular"], - matchUpdateTypes: "major", }, { + // We need to group all napi-related packages together to avoid build errors caused by version incompatibilities + groupName: "napi", + matchPackageNames: ["napi", "napi-build", "napi-derive"], + }, + { + // We need to group all macOS/iOS binding-related packages together to avoid build errors caused by version incompatibilities groupName: "macOS/iOS bindings", matchPackageNames: ["core-foundation", "security-framework", "security-framework-sys"], }, { + // We need to group all zbus-related packages together to avoid build errors caused by version incompatibilities groupName: "zbus", matchPackageNames: ["zbus", "zbus_polkit"], },