feat!: update github-releases datasource digest computation to use git tag, and preserve existing digest semantics as separate datasource
#20178
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was referenced Feb 2, 2023
viceice
reviewed
Feb 2, 2023
|
I considered doing this, but it felt like this would potentially make things unnecessarily slow, magical and I felt like long-term this might be the best way forward. Happy to make that change if you feel like it |
|
the problem is, we've a lot users who rely on current behavior. so if we change it without an alternative we would make them very angry about renovate. |
|
yeah, I see that, but do we actually know that many users rely on this digesting? I haven't seen many issues for this data source, and I would have expected some given the current issues with the digesting. My understanding is that this digest logic was just added for the custom regex manager use-case and other data sources like for Gitlab don't support it either. I don't feel strongly at all though- happy to continue supporting that mechanism |
|
The last time I looked at this, it seemed like a mistake we should eventually correct. I forget where/why it's being used though - can we revisit that to understand the impact? |
devversion
force-pushed
the
fix-digest-github-releases
branch
2 times, most recently
from
43b4f57 to
26b8b94
Compare
devversion
changed the title
github-releases datasource getDigest to consult underlying Git taggithub-releases datasource digest computation to use git tag, and preserve existing digest semantics as separate datasource
|
Hi all, I've copied the existing datasource into please let me know if you'd prefer to have this separate PRs. I've kept two commits to make review a little easier. |
viceice
changed the title
github-releases datasource digest computation to use git tag, and preserve existing digest semantics as separate datasourcegithub-releases datasource digest computation to use git tag, and preserve existing digest semantics as separate datasource
|
change to feature. please target v35 branch because of the breaking changes. will try to review later. |
devversion
force-pushed
the
fix-digest-github-releases
branch
from
26b8b94 to
c1e8379
Compare
|
Thanks, done. The CI failures seem to be because 5a6a046 is not part of the |
|
|
rarkins
approved these changes
Feb 11, 2023
viceice
reviewed
Feb 13, 2023
…ebot#19942) Changes `rangeStrategy` default value from `'replace'` to `'auto'`. Changes `auto` behavior so that `update-lockfile` is preferred if the manager supports the `updateLockedDependency()` function. Closes renovatebot#19800 BREAKING CHANGE: Renovate will now default to updating locked dependency versions. To revert to previous behavior, configure rangeStrategy=replace.
…novatebot#19958) Sets new defaults: - `prConcurrentLimit`: 10 (instead of 0) - `prHourlyLimit`: 2 (instead of 0) Closes renovatebot#19800 BREAKING CHANGE: Renovate now defaults to applying hourly and concurrent PR limits. To revert to unlimited, configure them back to `0`.
Set default GOPROXY value to match `go`'s own default. Closes renovatebot#20040 BREAKING CHANGE: Renovate will now use go's default `GOPROXY` settings. To avoid using the public proxy, configure `GOPROXY=direct`.
rarkins
requested changes
Feb 21, 2023
viceice
reviewed
Feb 22, 2023
lib/modules/datasource/github-release-attachments/index.spec.ts
Outdated
Show resolved
Hide resolved
lib/modules/datasource/github-release-attachments/index.spec.ts
Outdated
Show resolved
Hide resolved
viceice
approved these changes
Feb 22, 2023
rarkins
approved these changes
Feb 22, 2023
|
Thanks for reviewing & merging. Is there any rough idea when v35 will be around (no promises needed, thx!)? |
rarkins
added a commit
that referenced
this pull request
Feb 23, 2023
…git tag, and preserve existing digest semantics as separate datasource (#20178) Co-authored-by: RahulGautamSingh <[email protected]> Co-authored-by: Rhys Arkins <[email protected]> Co-authored-by: Michael Kriese <[email protected]> Co-authored-by: HonkingGoose <[email protected]>
rarkins
added a commit
that referenced
this pull request
Feb 25, 2023
…git tag, and preserve existing digest semantics as separate datasource (#20178) Co-authored-by: RahulGautamSingh <[email protected]> Co-authored-by: Rhys Arkins <[email protected]> Co-authored-by: Michael Kriese <[email protected]> Co-authored-by: HonkingGoose <[email protected]>
rarkins
added a commit
that referenced
this pull request
Feb 27, 2023
…git tag, and preserve existing digest semantics as separate datasource (#20178) Co-authored-by: RahulGautamSingh <[email protected]> Co-authored-by: Rhys Arkins <[email protected]> Co-authored-by: Michael Kriese <[email protected]> Co-authored-by: HonkingGoose <[email protected]>
rarkins
added a commit
that referenced
this pull request
Mar 4, 2023
…git tag, and preserve existing digest semantics as separate datasource (#20178) Co-authored-by: RahulGautamSingh <[email protected]> Co-authored-by: Rhys Arkins <[email protected]> Co-authored-by: Michael Kriese <[email protected]> Co-authored-by: HonkingGoose <[email protected]>
rarkins
added a commit
that referenced
this pull request
Mar 8, 2023
…git tag, and preserve existing digest semantics as separate datasource (#20178) Co-authored-by: RahulGautamSingh <[email protected]> Co-authored-by: Rhys Arkins <[email protected]> Co-authored-by: Michael Kriese <[email protected]> Co-authored-by: HonkingGoose <[email protected]>
rarkins
added a commit
that referenced
this pull request
Mar 10, 2023
…git tag, and preserve existing digest semantics as separate datasource (#20178) Co-authored-by: RahulGautamSingh <[email protected]> Co-authored-by: Rhys Arkins <[email protected]> Co-authored-by: Michael Kriese <[email protected]> Co-authored-by: HonkingGoose <[email protected]>
rarkins
pushed a commit
that referenced
this pull request
Mar 10, 2023
…t file digest (#20178) The github-releases datasource has been copied into a new datasource called github-release-attachments. The github-releases general datasource is updated to use the underlying Git tag of a GitHub release entry for digest computation. Fixes #20160, Fixes #19552 BREAKING CHANGE: Regex Manager configurations relying on the github-release data-source with digests will have different digest semantics. The digest will now always correspond to the underlying Git SHA of the release/version. The old behavior can be preserved by switching to the github-release-attachments datasource.
rarkins
pushed a commit
that referenced
this pull request
Mar 10, 2023
…t file digest (#20178) The github-releases datasource has been copied into a new datasource called github-release-attachments. The github-releases general datasource is updated to use the underlying Git tag of a GitHub release entry for digest computation. Fixes #20160, Fixes #19552 BREAKING CHANGE: Regex Manager configurations relying on the github-release data-source with digests will have different digest semantics. The digest will now always correspond to the underlying Git SHA of the release/version. The old behavior can be preserved by switching to the github-release-attachments datasource.
rarkins
pushed a commit
that referenced
this pull request
Mar 10, 2023
…t file digest (#20178) The github-releases datasource has been copied into a new datasource called github-release-attachments. The github-releases general datasource is updated to use the underlying Git tag of a GitHub release entry for digest computation. Fixes #20160, Fixes #19552 BREAKING CHANGE: Regex Manager configurations relying on the github-release data-source with digests will have different digest semantics. The digest will now always correspond to the underlying Git SHA of the release/version. The old behavior can be preserved by switching to the github-release-attachments datasource.
gandro
added a commit
to gandro/cilium
that referenced
this pull request
Mar 20, 2023
Renovate v35 had a breaking change in how it computes the digest of GitHub releses. Previously, it would use the digest of the release attachements, but now it's just using a git sha as the "digest". This commit changes the data source for the Hubble artifacts to use the data source which preserves the old behavior. Ref: renovatebot/renovate#20178 Signed-off-by: Sebastian Wicki <[email protected]>
aanm
pushed a commit
to cilium/cilium
that referenced
this pull request
Mar 21, 2023
Renovate v35 had a breaking change in how it computes the digest of GitHub releses. Previously, it would use the digest of the release attachements, but now it's just using a git sha as the "digest". This commit changes the data source for the Hubble artifacts to use the data source which preserves the old behavior. Ref: renovatebot/renovate#20178 Signed-off-by: Sebastian Wicki <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
github-releasesdatasource has been copied into a new datasource calledgithub-release-attachments.github-releasesgeneral datasource is updated to use the underlying Git tag of a GitHub release entry for digest computation.BREAKING CHANGE: Regex Manager configurations relying on the
github-releasedata-source with digests will have different digest semantics. The digest will now always correspond to the underlying Git SHA of the release/version. The old behavior can be preserved by switching to thegithub-release-attachmentsdatasource.Fixes #20160. Fixes #19552.
Context
See: #20160, #19552, and #20175
Currently the
github-releasesdatasourcegetDigestmethod is rather magical and depends/requires an existing digest and version. This makes it difficult to use in some situations where pinning is enabled but no initial digest is explicitly known. In such cases, Renovate just silently stops updating: see. #20160.Additionally, some managers like
bazelnever pass adigestbecause they handle the digest on their own. i.e. for Bazel updates with github releases, the actual artifact checksum is used as digest and needs to use an algorithm as determined by the manager.The current approach of
getDigest(introduced with #6422) involves consulting the current digest and iterating through the releases of thecurrentValueto figure out which artifact is used for the digest. The artifact is then mapped back to the new release (with some trickery to also ignore version names in the filename..). This is somewhat reasonable but the data source generally does not have a clear insight into what GitHub artifact(s) are used by the manager. Or, alternatively, a manager might not even want the digest of an individual artifact. e.g. as seen in: #19550Documentation (please check one with an [x])
How I've tested my work (please select one)
I have verified these changes via: