sonarlint
renovate
sonarlint | renovate | |
---|---|---|
1 | 116 | |
17 | 15,794 | |
- | 2.1% | |
9.4 | 10.0 | |
6 days ago | 7 days ago | |
Java | TypeScript | |
MIT License | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
sonarlint
-
What are some essential things in the production grade CI/CD pipeline of Java Spring Boot project? What is something that must be included in the pipeline?
build and test will build the application using Gradle and run all the unit/integration tests. Via test (./gradlew test), it also runs sonarlint, a great way to continuously assure code quality without a ton of complexity that other such tools (such as SonarQube, Fortify, Checkmarx, etc) require.
renovate
- Git commit helper: add emojis to your commits
-
💡Automatic Deployment of your project dependencies updates on GCP : Efficiency vs. Cost?
This month, I gave a talk with my Zenika colleague Lise at the DevoxxFR conference about Renovate and Dependabot, two great tools to help you automatize and upgrade your dependencies.
-
How use Renovate Bot on self-hosted GitLab
There is no built-in Renovate Bot on a self-hosted GitLab. What can we do to set it up and enjoy all the benefits of automatic dependency updates?
-
Self-Hosted Is Awesome
> Yes, it is awesome until you have to sysadmin it, apply updates, patch it, fix security holes, etc. I am not saying all self-hosted solutions are like that. There are exceptions. However, the majority of open-source self-hosted solutions require a lot of extra work.
I'm currently self-hosting 10 different applications on my local server, which represents everything I've ever seen that looked fun or useful to me. Every one of them had a Docker image with an example compose file, which means updating them just requires periodically running Renovate [0] on the repo that stores all my compose files and then running a script that docker compose pulls the updates. It takes maybe 10 minutes every other week, and is actually kinda fun.
It helps that all the apps are only accessible from within my VPN, so I'm not too worried about fixing security updates within a tiny time window.
[0] https://github.com/renovatebot/renovate
-
Why I recommend Renovate over any other dependency update tools
This is a big deal! Where did you read this? I found:
https://github.com/renovatebot/renovate/discussions/26917
-
Locally test and validate your Renovate configuration files
Renovate is an automated dependency management tool that can be used to keep your dependencies up-to-date. It can be configured to automatically create pull requests to update your dependencies, and it supports a wide range of package managers and platforms.
-
Understanding Mend Renovate's Pull Request Workflow
To get started with Mend Renovate, the comprehensive official documentation provides detailed instructions on installation, configuration, and best practices. Additionally, the Mend Renovate community forum offers a platform for users to connect, share experiences, and access the collective knowledge base.
-
Unfork with ArgoCD
It is a good practice to keep software up to date. To track changes in upstream software, we can utilize automatic dependency tracking systems such as Dependabot or Renovate. This is a broad topic and requires a separate article to be covered. If you would like to read about it, please vote in the comments section below.
- 🦊 GitLab CI YAML Modifications: Tackling the Feedback Loop Problem
-
Evaluating New Software Forges
So do other forges: I have Renovate [0] set up on my self-hosted Forgejo and it's worked great so far.
[0] https://github.com/renovatebot/renovate
What are some alternatives?
SonarJava - :coffee: SonarSource Static Analyzer for Java Code Quality and Security
dependabot-core - 🤖 Dependabot's core logic for creating update PR's.
dexcount-gradle-plugin - A Gradle plugin to report the number of method references in your APK on every build.
dependabot
community-rust - SonarQube plugin to analyze Rust files
scala-steward - :robot: A bot that helps you keep your projects up-to-date
jumpstart
updatecli - A Declarative Dependency Management tool
jumpstart - Clonable application intended to jumpstart new projects. Java/Postgres/Spring Boot/Typescript/React
github-actions-and-renovate
bitbucket-branch-source-plugin - Bitbucket Branch Source Plugin
charts - Bitnami Helm Charts