renovate
yalc
Our great sponsors
renovate | yalc | |
---|---|---|
114 | 7 | |
15,732 | 5,374 | |
3.9% | - | |
10.0 | 1.1 | |
5 days ago | 3 months ago | |
TypeScript | TypeScript | |
GNU Affero General Public License v3.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
renovate
-
How use Renovate Bot on self-hosted GitLab
There is no built-in Renovate Bot on a self-hosted GitLab. What can we do to set it up and enjoy all the benefits of automatic dependency updates?
-
Self-Hosted Is Awesome
> Yes, it is awesome until you have to sysadmin it, apply updates, patch it, fix security holes, etc. I am not saying all self-hosted solutions are like that. There are exceptions. However, the majority of open-source self-hosted solutions require a lot of extra work.
I'm currently self-hosting 10 different applications on my local server, which represents everything I've ever seen that looked fun or useful to me. Every one of them had a Docker image with an example compose file, which means updating them just requires periodically running Renovate [0] on the repo that stores all my compose files and then running a script that docker compose pulls the updates. It takes maybe 10 minutes every other week, and is actually kinda fun.
It helps that all the apps are only accessible from within my VPN, so I'm not too worried about fixing security updates within a tiny time window.
[0] https://github.com/renovatebot/renovate
-
Why I recommend Renovate over any other dependency update tools
This is a big deal! Where did you read this? I found:
https://github.com/renovatebot/renovate/discussions/26917
-
Locally test and validate your Renovate configuration files
Renovate is an automated dependency management tool that can be used to keep your dependencies up-to-date. It can be configured to automatically create pull requests to update your dependencies, and it supports a wide range of package managers and platforms.
-
Understanding Mend Renovate's Pull Request Workflow
To get started with Mend Renovate, the comprehensive official documentation provides detailed instructions on installation, configuration, and best practices. Additionally, the Mend Renovate community forum offers a platform for users to connect, share experiences, and access the collective knowledge base.
-
Unfork with ArgoCD
It is a good practice to keep software up to date. To track changes in upstream software, we can utilize automatic dependency tracking systems such as Dependabot or Renovate. This is a broad topic and requires a separate article to be covered. If you would like to read about it, please vote in the comments section below.
- 🦊 GitLab CI YAML Modifications: Tackling the Feedback Loop Problem
-
Evaluating New Software Forges
So do other forges: I have Renovate [0] set up on my self-hosted Forgejo and it's worked great so far.
[0] https://github.com/renovatebot/renovate
-
Long Term Ownership of an Event-Driven System
You can ease some of the burden for yourself though using tooling. If you are using GitHub, dependabot can be configured to make automatic PRs to your repo whenever there are dependencies to update. If you're not a GitHub user, you can use renovate which even supports self hosting.
-
How to Manage Helm Chart Dependency Versions?
Hello! I'm using Helm in K8s and curious if there is a solution that could keep tabs on the deployed chart dependency versions and either alert us when something is out of date or when a new release is available. Does this exist? I was thinking something like Dependabot or Renovate, but neither seems to be able to manage this.
yalc
-
Useful Javascript Monorepo Tools To Consider While Managing Multiple projects
Yalc
-
What are the not-so-obvious tools that you don't want to miss?
Yalc - Makes it easy to mock-publish NPM packages and try them in real projects before you publish a new version to NPM.
-
Share private NPM packages across projects
As well as yarn/npm link mentioned in another comment, https://github.com/wclr/yalc can help with some of this, depending on your workflow/how much you're doing this.
-
How do you debug a library written in Typescript in a React app using it?
Ah okay, that's much easier. Clone the project repo, make your changes and build the library, then in the react app, either add the local project directory as a dependency, or use something like yalc to add the locally built dependency. This will allow you to use the local copy of the library instead.
-
We Halved Go Monorepo CI Build Time
Lets look at a concrete example and then maybe we can discuss alternatives.
In this particular case, I would respond with the following:
1. I don't see why this is a problem. Have an "open PRs" link in the onboarding handbook that gives you a view of pull requests from all repos in the organization. GitHub automatically shows you notifications from all repos.
- Have a (Grafana) dashboard where you can see the latest / newest stuff. Use standard GH tools you use for OSS, such as follows etc to keep up.
2. Don't prematurely split into multiple libraries. "No monorepo" doesn't mean not having poly-package repos. It means thinking what the sensible API boundary is - treating your projects as you would treat library development. In this case a separate repo with lib3, lib2 and lib1 sounds like a good way to go - at most one repo per orthogonal internal framework (e.g. core-react-components).
3. Help other teams upgrade. If you are responsible for repo A, once you publish a new version and tag it with semver appropriately, use the dashboard to look at your dependants and work with them (or rather, for them) to upgrade. Think of your dependants as internal customers, and make sure you add enough value for them to justify the upgrade effort.
4. There are other alternatives to `npm link` e.g. see `yalc` https://github.com/wclr/yalc
-
Using local NPM packages as dependencies with yalc
yalc makes it easy to use locally-developed packages in other projects. It has some other useful options that I didn't mention here; read more about them on the project's README. Hopefully, this helps you get started developing with local packages––good luck!
-
Where do I store components I need to use in multiple React apps that are being built simultaneously?
You can also use yalc which is like an npm store on your engine.. https://github.com/wclr/yalc
What are some alternatives?
dependabot-core - 🤖 Dependabot's core logic for creating update PR's.
verdaccio - 📦🔐 A lightweight Node.js private proxy registry
dependabot
corepack - Zero-runtime-dependency package acting as bridge between Node projects and their package managers
scala-steward - :robot: A bot that helps you keep your projects up-to-date
breakpad - Mirror of Google Breakpad project
updatecli - A Declarative Dependency Management tool
rumps - Ridiculously Uncomplicated macOS Python Statusbar apps
github-actions-and-renovate
bitbar - Put the output from any script or program into your macOS Menu Bar (the BitBar reboot)
bitbucket-branch-source-plugin - Bitbucket Branch Source Plugin
pre-commit - A framework for managing and maintaining multi-language pre-commit hooks.