Excerpt |
---|
Proof-of-conceptSTATUS: IMPLEMENTED |
Context
The Sling Starter GitHub module is mainly a bill of materials, listing all dependencies that should be included in the final build. Updating these dependencies manually is tedious and time-consuming. With the CI checks we have in place, we are already able to validate most dependency updates without the need to manually verify the behaviour of the Sling Starter.
...
The Sling Starter policy is implemented via
Jira | ||||||
---|---|---|---|---|---|---|
|
A sample The proposed policy for the Sling Starter is
Code Block | ||||
---|---|---|---|---|
| ||||
{ "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ "config:base" ], "packageRules" : [ { "enabledManagersmatchPackagePrefixes": [ "osgifeature", "regex", "maven"], "regexManagers": [ org.apache.tika" ], "groupName": "Apache Tika" }, { "matchPackagePrefixes": [ "org.apache.httpcomponents:" ], "groupName": "Apache HTTPComponents" }, { "fileMatchmatchPackagePrefixes": [ "pom.xml"], org.apache.pdfbox:" ], "groupName": "Apache PDFBox" }, { "matchStringsmatchPackagePrefixes": ["<jackson.version>(?<currentValue>.*?)</jackson.version>\\n"], "org.apache.sling:org.apache.sling.models" ], "depNameTemplate": "com.fasterxml.jackson.core:jackson-core", "groupName": "Apache Sling Models" }, { "matchPackagePrefixes": [ "org.apache.jackrabbit:" ], "groupName": "Apache Jackrabbit and Jackrabbit Oak", "datasourceTemplateallowedVersions": "maven/^[0-9]+\\.[02468]+\\.[0-9]+$/" }, { "matchPackagePatterns": [ "guava" ], "packageRulesenabled": [ false }, { "matchManagers": ["maven"], "matchDepTypes": ["provided"], "enabled": false }, { "enabled": false, "matchDatasources": [ "docker" ], "matchUpdateTypes": [ "major" ] } ], "regexManagers": [ { "fileMatch": ["^pom\\.xml$"], "matchStrings" : [ "depName=(?<depName>.*?)\\s+-->\\s+<.*?\\.version>(?<currentValue>.*?)<\\/.*?\\.version>" ], "datasourceTemplate": "maven" } ] } |
- At line 6, we explicitly configure the managers we want to use
- At lines 7-14 we configure updates for dependecies which have their versions declared in the pom file
- At lines 16-20 we prevent dependencies of scope
provided
from being updated by Maven. This affects only dependencies declared in the pom.xml
Pending items
...
- Packages which should be updated together are marked using the
groupName
package rules - Jackrabbit and Jackrabbit Oak updated are restricted to stable versions only ( odd minor version component )
- Guava is not updated since it is tied to the Jackrabbit Oak version
- Only minor Docker version updates are activated
- Pom properties that control feature model versions are marked with a special syntax so renovate can process them (see the pom.xml snippet below)
Code Block | ||||
---|---|---|---|---|
| ||||
<project>
<!-- ... -->
<properties>
<!-- versions to be replaced in the feature files -->
<!-- renovate: depName=org.ow2.asm:asm -->
<asm.version>9.3</asm.version>
<!-- renovate: depName=org.apache.jackrabbit:jackrabbit-jcr-commons -->
<jackrabbit.version>2.20.6</jackrabbit.version>
<!-- renovate: depName=org.apache.jackrabbit:oak-api -->
<oak.version>1.44.0</oak.version>
<!-- ... -->
</properties>
<!-- ... -->
</project> |
...