Versions Compared

Old Version 1

changes.mady.by.user Robert Munteanu

Saved on

compared with

New Version Current

changes.mady.by.user Robert Munteanu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Excerpt

DRAFTSTATUS: IMPLEMENTED

Context

The Sling Starter GitHub module is mainly a bill of materials, listing all dependencies that should be included in the final build. Updating these dependencies manually is tedious and time-consuming. With the CI checks we have in place, we are already able to validate most dependency updates without the need to manually verify the behaviour of the Sling Starter.

...

As discussed at large in Dependabot, not all automatic updates are welcome. Dependabot Renovate permits a more strict filtering of updates through the renovate.json  file. A sample .

The Sling Starter policy is implemented via

Jira
serverASF JIRA
serverId5aa69414-a9e9-3523-82ec-879b028fb15b
keySLING-11822
and https://github.com/apache/sling-org-apache-sling-starter/pull/85 .

The proposed policy for the Sling Starter is

Code Block
languagejs
linenumberstrue
{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "config:base"
  ],
  "enabledManagers"packageRules" : [
     {
       "matchPackagePrefixes": [ "osgifeature", "regex", "maven"],
  "regexManagers": [org.apache.tika" ],
       "groupName": "Apache Tika"
     },
     {
       "matchPackagePrefixes": [ "org.apache.httpcomponents:" ],
       "groupName": "Apache HTTPComponents"
     },
     {
       "fileMatchmatchPackagePrefixes": [ "pom.xml"org.apache.pdfbox:" ],
       "groupName": "Apache "matchStringsPDFBox"
     },
     {
       "matchPackagePrefixes": ["<jackson.version>(?<currentValue>.*?)</jackson.version>\\n"],
 "org.apache.sling:org.apache.sling.models" ],
        "depNameTemplate": "com.fasterxml.jackson.core:jackson-core",
"groupName": "Apache Sling Models"
     },
     {
       "matchPackagePrefixes": [ "org.apache.jackrabbit:" ],
       "groupName": "Apache Jackrabbit and Jackrabbit Oak",
       "datasourceTemplateallowedVersions": "maven/^[0-9]+\\.[02468]+\\.[0-9]+$/"
     },
     {
       "matchPackagePatterns": [ "guava" ],
        "packageRulesenabled": [
false
     },
     {
       "matchManagers": ["maven"],
       "matchDepTypes": ["provided"],
       "enabled": false
     },
     {
        "enabled": false,
        "matchDatasources": [
          "docker"
        ],
        "matchUpdateTypes": [
          "major"
        ]
      }
  ],
  "regexManagers": [
    {
      "fileMatch": ["^pom\\.xml$"],
      "matchStrings" : [
        "depName=(?<depName>.*?)\\s+-->\\s+<.*?\\.version>(?<currentValue>.*?)<\\/.*?\\.version>"
      ],
      "datasourceTemplate": "maven"
    }
  ]
}
  1. Packages which should be updated together are marked using the groupName  package rules
  2. Jackrabbit and Jackrabbit Oak updated are restricted to stable versions only ( odd minor version component )
  3. Guava is not updated since it is tied to the Jackrabbit Oak version
  4. Only minor Docker version updates are activated
  5. Pom properties that control feature model versions are marked with a special syntax so renovate can process them (see the pom.xml snippet below)
Code Block
xml
xml
<project>
  <!-- ... -->
  <properties>
    <!-- versions to be replaced in the feature files -->
    <!-- renovate: depName=org.ow2.asm:asm -->
    <asm.version>9.3</asm.version>
    <!-- renovate: depName=org.apache.jackrabbit:jackrabbit-jcr-commons -->
    <jackrabbit.version>2.20.6</jackrabbit.version>
    <!-- renovate: depName=org.apache.jackrabbit:oak-api -->
    <oak.version>1.44.0</oak.version>
    <!-- ... -->
  </properties>
  <!-- ... --> 
</project>