ci: add a workflow to validate renovate config #1418
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1418 +/- ##
=======================================
Coverage 69.52% 69.52%
=======================================
Files 186 186
Lines 18326 18326
=======================================
Hits 12742 12742
Misses 4909 4909
Partials 675 675 ☔ View full report in Codecov by Sentry. |
|
Any reason why we don't just create a ruleset to enforce that the config is only edited in branches prefixed with (I'm like 97% sure that should work, but I've never actually used a ruleset to target files before) |
|
I think what you mean is this? I didn't prefer this because we have to document this rule somewhere to ask people to follow it. I didn't know rule set - this can be an option. |
|
Yeah, combined with this (which apparently apply across forks which is interesting). I don't think the documentation requirement is a big deal - it should be coverable by a comment in the contrib doc (or maybe even in the config itself), and really how often are we actually expecting the config to change, and for that to not be done by one of us? |
|
Since I have done the work to set up the workflow and it works, I may not spend more time investing the other option if there is some reason against this approach? |
|
Well the downside is it's pulling in more dependencies which scorecard will frown on (sorry forgot to mention that in my last comment). At the least, you need to pin everything in the workflow to a sha, which includes the npx call |
|
I have updated the file to pin the dependencies in the workflow, also updated the file to trigger the validation only on PR with changes on One thing I don't like about the other approach is that we need to wait until next time renovate runs on the repository. |
This PR defines a new workflow to validate renovate config.