Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feat] CI: limit noise by Renovate updates #4478

Open
nilason opened this issue Oct 9, 2024 · 7 comments
Open

[Feat] CI: limit noise by Renovate updates #4478

nilason opened this issue Oct 9, 2024 · 7 comments
Labels
CI Continuous integration enhancement New feature or request

Comments

@nilason
Copy link
Contributor

nilason commented Oct 9, 2024

Currently, Renovate generates almost daily updates on some CI action. One such update triggers a PR, which someone must approve, and subsequently merge. This means at least three emails for someone that signed up to watch the progress of this project!

The number of commits to main that only updates the actions in the last three months amounts to 94, that is around a quarter of the total number of commits 1. This causes unnecessary noise and maintenance work, which only distracts from really important events for the project (and frankly, not a small amount of irritation on my side).

I suggest to put the Renovate on a schedule, with updates perhaps monthly or, better, every quarter of a year. If some action is broken in between, we will probably notice and it can be updated manually.

Footnotes

  1. Calculated with git log --oneline --since=2024-07-08 --grep="CI(deps): Update*" main | wc -l vs. git log --oneline --since=2024-07-08 main | wc -l

@nilason nilason added the enhancement New feature or request label Oct 9, 2024
@nilason
Copy link
Contributor Author

nilason commented Oct 9, 2024

I should add that the unnecessary noise also regards to the commit history.

@neteler neteler added the CI Continuous integration label Oct 9, 2024
@echoix
Copy link
Member

echoix commented Oct 9, 2024

Would you want to try weekly before that? Or twice a month?
We should at least keep the lock files weekly preset, that keeps the nix cache updated weekly, and tests that build weekly.

@nilason
Copy link
Contributor Author

nilason commented Oct 9, 2024

I'd say default to quarterly, and exempt whatever needed for nix to weekly.

@echoix
Copy link
Member

echoix commented Oct 9, 2024

There's also the 4 docker image pins (instead of moving tags) that could just be free whenever to be able to use the respins when they are re-published (the packages are updated, and is most useful for security patches). These are done about once a month each, so being quarterly would mean security patches up to 3+1 months after the docker image respin, that doesn't happen immediately too.

@nilason
Copy link
Contributor Author

nilason commented Oct 16, 2024

Given this another thought. What about default to quarterly, with nix and docker monthly? Let's get this ticket moving, please.

@wenzeslaus
Copy link
Member

Quarterly and monthly sounds good. Is there a setting to get, e.g., high-severity security updates right away?

The renovate bot is also our largest contributor in the last 2 years in terms of commits. That's probably okay, but I find it funny.

@echoix
Copy link
Member

echoix commented Oct 16, 2024

I would need to read if there's something to do to get security updates right away or it just does that by default. Otherwise, all PRs can be created with the Dependency Dashboard PR, they will be in a section "awaiting schedule". So we can create them on a case-by-case basis if needed.

GDAL chose monthly dependabot updates.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CI Continuous integration enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@neteler @wenzeslaus @nilason @echoix