Skip to content

Add Renovate configuration #3496

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add Renovate configuration #3496

wants to merge 1 commit into from

Conversation

opentelemetrybot
Copy link
Contributor

@opentelemetrybot opentelemetrybot requested a review from a team as a code owner May 12, 2025 20:16
@xrmx
Copy link
Contributor

xrmx commented May 13, 2025

Wouldn't this create a mess on test requirements for old versions?

@emdneto
Copy link
Member

emdneto commented May 13, 2025

Wouldn't this create a mess on test requirements for old versions?

Hmmmm. Not sure. I think we should probably migrate from Dependabot to Renovate due to the possibility of ignoring paths for the whole repo.

@trask, we are already using Dependabot, but there are a lot of warnings about dependencies in test-requirements.txt that we can't fix (it is only used during tests in CI to guarantee things work at the lower-direct resolution of dependencies). Is there any guidance/best practice for migrating to renovate and ignore those test-requirements.txt?

emdneto
emdneto requested changes May 13, 2025
View reviewed changes
Copy link
Member

@emdneto emdneto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some questions about the configuration

@trask
Copy link
Member

trask commented May 13, 2025

we are already using Dependabot

I don't see it enabled? https://github.com/open-telemetry/opentelemetry-python-contrib/network/updates

it is only used during tests in CI to guarantee things work at the lower-direct resolution of dependencies

yeah, we have the same issue in Java instrumentation repo. we have ignored the entire instrumentation directory:

https://github.com/open-telemetry/opentelemetry-java-instrumentation/blob/2e5c12bfd6fee02e2282234e90fb926d5da4ea1c/.github/renovate.json5#L7-L9

there may be better ways, but this was easy and lets us keep other dependencies up-to-date

@emdneto
Copy link
Member

emdneto commented May 13, 2025

we are already using Dependabot

I don't see it enabled? https://github.com/open-telemetry/opentelemetry-python-contrib/network/updates

it is only used during tests in CI to guarantee things work at the lower-direct resolution of dependencies

yeah, we have the same issue in Java instrumentation repo. we have ignored the entire instrumentation directory:

https://github.com/open-telemetry/opentelemetry-java-instrumentation/blob/2e5c12bfd6fee02e2282234e90fb926d5da4ea1c/.github/renovate.json5#L7-L9

there may be better ways, but this was easy and lets us keep other dependencies up-to-date

Awesome! Thanks for sharing.

About the dependabot warnings: https://github.com/open-telemetry/opentelemetry-python-contrib/security/dependabot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emdneto emdneto emdneto requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@opentelemetrybot @xrmx @emdneto @trask