Skip to content

Configure Renovate #6459

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Configure Renovate #6459

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
4b764b3
Add renovate.json
renovate[bot] Sep 1, 2025
e09e822
[Infra] Update renovate configuration
martincostello Sep 1, 2025
49ae6dd
[Infra] Remove requireConfig
martincostello Sep 1, 2025
5cc14c4
[Infra] Revert some unpinning
martincostello Sep 1, 2025
2d379a5
[Infra] Fix package version
martincostello Sep 1, 2025
eeab3e5
Merge branch 'main' into renovate/configure
martincostello Sep 10, 2025
afbd51f
[Infra] Restore SemVer ranges
martincostello Sep 10, 2025
dd3a7bb
Merge branch 'main' into renovate/configure
Kielek Sep 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
71 changes: 3 additions & 68 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,75 +1,10 @@
# This file is retained solely for automated tooling to see we do automated
# dependency updates as not all such scanners recognize the use of Renovate.
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
labels:
- "infra"
- package-ecosystem: "docker"
directory: "/examples/MicroserviceExample/WebApi"
schedule:
interval: "weekly"
day: "wednesday"
labels:
- "infra"
ignore:
- dependency-name: "*"
update-types:
- "version-update:semver-major"
- "version-update:semver-minor"
- package-ecosystem: "docker"
directory: "examples/MicroserviceExample/WorkerService"
schedule:
interval: "weekly"
day: "wednesday"
labels:
- "infra"
ignore:
- dependency-name: "*"
update-types:
- "version-update:semver-major"
- "version-update:semver-minor"
- package-ecosystem: "docker"
directory: "test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/IntegrationTest"
schedule:
interval: "weekly"
day: "wednesday"
labels:
- "infra"
ignore:
- dependency-name: "*"
update-types:
- "version-update:semver-major"
- "version-update:semver-minor"
- package-ecosystem: "docker"
directory: "test/OpenTelemetry.Instrumentation.W3cTraceContext.Tests"
schedule:
interval: "weekly"
day: "wednesday"
labels:
- "infra"
ignore:
- dependency-name: "*"
update-types:
- "version-update:semver-major"
- "version-update:semver-minor"
- package-ecosystem: "dotnet-sdk"
directory: "/"
schedule:
interval: "weekly"
day: "wednesday"
labels:
- "infra"
ignore:
- dependency-name: "*"
update-types:
- "version-update:semver-major"
- "version-update:semver-minor"
- package-ecosystem: "pip"
directory: "test/OpenTelemetry.Instrumentation.W3cTraceContext.Tests"
schedule:
interval: "weekly"
day: "wednesday"
interval: yearly
labels:
- "infra"
61 changes: 61 additions & 0 deletions .github/renovate.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"additionalBranchPrefix": "{{manager}}/",
"automerge": false,
"commitBodyTable": true,
"commitMessageAction": "Bump",
"dependencyDashboard": false,
"extends": [
"config:best-practices",
"customManagers:dockerfileVersions",
"customManagers:githubActionsVersions",
":automergeRequireAllStatusChecks",
":disableRateLimiting",
":enableVulnerabilityAlerts",
":gitSignOff",
":ignoreUnstable"
],
"labels": ["dependencies", "infra"],
"packageRules": [
{
"matchManagers": ["dockerfile"],
"addLabels": ["docker"]
},
{
"matchManagers": ["github-actions"],
"addLabels": ["github_actions"]
},
{
"matchManagers": ["nuget"],
"addLabels": [".NET"]
},
{
"matchManagers": ["pypi"],
"addLabels": ["python"]
},
{
"description": ["Skip pinned NuGet package versions"],
"matchManagers": ["nuget"],
"matchCurrentValue": "^\\[[^,]+,\\)$",
"enabled": false
},
{
"extends": ["monorepo:dotnet"],
"description": ["Disable major version updates for .NET"],
"matchUpdateTypes": ["major"],
"enabled": false
},
{
"matchDepNames": ["xunit"],
"description": ["Disable major version updates for xunit"],
"matchUpdateTypes": ["major"],
"enabled": false
}
],
"requireConfig": "required",
"schedule": ["* 8-17 * * 3"],
"timezone": "Etc/UTC",
"vulnerabilityAlerts": {
"addLabels": ["security"]
}
}
58 changes: 29 additions & 29 deletions Directory.Packages.props
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,13 +39,13 @@
<!--
OTel packages always point to latest stable release.
-->
<PackageVersion Include="OpenTelemetry" Version="[$(OTelLatestStableVer),2.0)" />
<PackageVersion Include="OpenTelemetry.Api" Version="[$(OTelLatestStableVer),2.0)" />
<PackageVersion Include="OpenTelemetry.Api.ProviderBuilderExtensions" Version="[$(OTelLatestStableVer),2.0)" />
<PackageVersion Include="OpenTelemetry.Exporter.InMemory" Version="[$(OTelLatestStableVer),2.0)" />
<PackageVersion Include="OpenTelemetry.Extensions.Hosting" Version="[$(OTelLatestStableVer),2.0)" />
<PackageVersion Include="OpenTelemetry.Extensions.Propagators" Version="[$(OTelLatestStableVer),2.0)" />
<PackageVersion Include="OpenTracing" Version="[0.12.1,0.13)" />
<PackageVersion Include="OpenTelemetry" Version="[$(OTelLatestStableVer),)" />
<PackageVersion Include="OpenTelemetry.Api" Version="[$(OTelLatestStableVer),)" />
<PackageVersion Include="OpenTelemetry.Api.ProviderBuilderExtensions" Version="[$(OTelLatestStableVer),)" />
<PackageVersion Include="OpenTelemetry.Exporter.InMemory" Version="[$(OTelLatestStableVer),)" />
<PackageVersion Include="OpenTelemetry.Extensions.Hosting" Version="[$(OTelLatestStableVer),)" />
<PackageVersion Include="OpenTelemetry.Extensions.Propagators" Version="[$(OTelLatestStableVer),)" />
<PackageVersion Include="OpenTracing" Version="[0.12.1,)" />
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is main concern on from my side. Other are minors.

"[$(OTelLatestStableVer),)" is not the same as "[$(OTelLatestStableVer),2.0)". It will allow to solve packages also with OpenTelemetry v2.0.0 if ever released.


<!--
Typically, the latest stable version of System.Diagnostics.DiagnosticSource should be used here because:
Expand Down Expand Up @@ -84,37 +84,37 @@
-->
<ItemGroup>
<PackageVersion Include="BenchmarkDotNet" Version="0.15.2" />
<PackageVersion Include="CommandLineParser" Version="[2.9.1,3.0)" />
<PackageVersion Include="CommandLineParser" Version="2.9.1" />
<PackageVersion Include="GitHubActionsTestLogger" Version="2.4.1" />
<PackageVersion Include="Grpc.AspNetCore" Version="[2.59.0,3.0)" />
<PackageVersion Include="Grpc.AspNetCore.Server" Version="[2.59.0, 3.0)" />
<PackageVersion Include="Grpc.Tools" Version="[2.59.0,3.0)" />
<PackageVersion Include="Google.Protobuf" Version="[3.22.5,4.0)" />
<PackageVersion Include="Grpc" Version="[2.44.0,3.0)" />
<PackageVersion Include="Grpc.Net.Client" Version="[2.52.0,3.0)" />
<PackageVersion Include="Grpc.AspNetCore" Version="2.59.0" />
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see we're removing upper version constraints across multiple packages. Could you please explain why this is needed.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So we get pull requests to update them and can then review them.

These are all test dependencies so there shouldn't be any harm in keeping them up to date.

There's more detailed commentary on the changes being made in the linked PR that was originally opened.

<PackageVersion Include="Grpc.AspNetCore.Server" Version="2.59.0" />
<PackageVersion Include="Grpc.Tools" Version="2.59.0" />
<PackageVersion Include="Google.Protobuf" Version="3.22.0" />
<PackageVersion Include="Grpc" Version="2.44.0" />
<PackageVersion Include="Grpc.Net.Client" Version="2.52.0" />
<PackageVersion Include="JunitXml.TestLogger" Version="6.1.0" />
<PackageVersion Include="Microsoft.CSharp" Version="[4.7.0]" />
<PackageVersion Include="Microsoft.CodeAnalysis.PublicApiAnalyzers" Version="[3.11.0-beta1.23525.2]" />
<PackageVersion Include="Microsoft.CSharp" Version="4.7.0" />
<PackageVersion Include="Microsoft.CodeAnalysis.PublicApiAnalyzers" Version="3.11.0-beta1.23525.2" />
<PackageVersion Include="Microsoft.Coyote" Version="1.7.11" />
<PackageVersion Include="Microsoft.Extensions.DependencyInjection" Version="$(LatestRuntimeOutOfBandVer)" />
<PackageVersion Include="Microsoft.Extensions.Hosting" Version="$(LatestRuntimeOutOfBandVer)" />
<PackageVersion Include="Microsoft.Extensions.Http" Version="$(LatestRuntimeOutOfBandVer)" />
<PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="$(LatestRuntimeOutOfBandVer)" />
<PackageVersion Include="Microsoft.Extensions.Telemetry.Abstractions" Version="[9.0.0,)" />
<PackageVersion Include="Microsoft.NETFramework.ReferenceAssemblies" Version="[1.0.3,2.0)" />
<PackageVersion Include="Microsoft.NET.Test.Sdk" Version="[17.13.0,18.0.0)" />
<PackageVersion Include="MinVer" Version="[5.0.0,6.0)" />
<PackageVersion Include="Microsoft.Extensions.Telemetry.Abstractions" Version="9.0.0" />
<PackageVersion Include="Microsoft.NETFramework.ReferenceAssemblies" Version="1.0.3" />
<PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.13.0" />
<PackageVersion Include="MinVer" Version="5.0.0" />
<PackageVersion Include="NuGet.Versioning" Version="6.11.0" />
<PackageVersion Include="OpenTelemetry.Instrumentation.AspNetCore" Version="[1.9.0,2.0)" />
<PackageVersion Include="OpenTelemetry.Instrumentation.GrpcNetClient" Version="[1.9.0-beta.1,2.0)" />
<PackageVersion Include="OpenTelemetry.Instrumentation.Http" Version="[1.9.0,2.0)" />
<PackageVersion Include="OpenTelemetry.Instrumentation.Runtime" Version="[1.9.0,2.0)" />
<PackageVersion Include="RabbitMQ.Client" Version="[6.8.1,7.0)" />
<PackageVersion Include="StyleCop.Analyzers" Version="[1.2.0-beta.556,2.0)" />
<PackageVersion Include="Swashbuckle.AspNetCore" Version="[6.7.3,)" />
<PackageVersion Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.9.0" />
<PackageVersion Include="OpenTelemetry.Instrumentation.GrpcNetClient" Version="1.9.0-beta.1" />
<PackageVersion Include="OpenTelemetry.Instrumentation.Http" Version="1.9.0" />
<PackageVersion Include="OpenTelemetry.Instrumentation.Runtime" Version="1.9.0" />
Comment on lines +108 to +111
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that we have 1.12.0 packages already. I am fine with keeping as is in this PR, and allow to fix it by renovate.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah I just unpinned it to let the PRs flow from dependabot. You can see in the description of this PR what updates are going to flow post-merge.

<PackageVersion Include="RabbitMQ.Client" Version="6.8.1" />
<PackageVersion Include="StyleCop.Analyzers" Version="1.2.0-beta.556" />
<PackageVersion Include="Swashbuckle.AspNetCore" Version="6.7.3" />
<PackageVersion Include="System.Runtime.InteropServices.RuntimeInformation" Version="4.3.0" />
<PackageVersion Include="xunit" Version="[2.9.3,3.0)" />
<PackageVersion Include="xunit.runner.visualstudio" Version="[2.8.2,3.0)" />
<PackageVersion Include="xunit" Version="2.9.3" />
<PackageVersion Include="xunit.runner.visualstudio" Version="2.8.2" />
</ItemGroup>

<ItemGroup Condition="'$(TargetFramework)' == 'net8.0'">
Expand Down
Loading