Renovate's onboarding PRs are a great feature compared to the onboarding experience for any other tools in this space.
It provides a tonne of value to a newly onboarding project, and I've found at a previous company that despite Dependabot being installed on a project, the maintainers weren't aware of how many of their dependencies were still out-of-date!
However, when using a large repo / monorepo (related: #41414) this can lead to the Onboarding PR being truncated, due to the size of the repo, and pending updates.
Something we've discussed before (links to be added) is whether we can split the PR description across multiple comments, due to size.
As a medium-term alternative, we should instead detect if we're going to hit Platform limits, and if so, provide an alternative view of the Onboarding PR.
If we take some examples from the 551 public repos: https://github.com/search?q=%22configure+renovate%22+%22truncated+due+to+%22+author%3Arenovate%5Bbot%5D&type=pullrequests on the Mend Developer Platform seeing this, we can see that:
- there are usually 20+ package files detected
- there are often >10 security updates
- there are >150 general updates
In this new view, I would expect that we:
- Don't list out all package files
- Maybe list i.e.
utils/user-data (npm, custom.regex), but not more than 2 levels from the root
- Provide a summary table of the PRs, such as
# security, # minor
- If any of these updates have a specific
schedule, show these
- Prioritise showing
# security updates, as an indication that the repository has updates that should be triaged
Other potential data:
- Show the LibYears that are seen across ecosystems
We should also add a feedback thread for this, and consider whether there are improvements we can take into the "non-over-Platform-limit" PRs.
Other options
In the meantime/as well as:
- Log a JSON representation of the data that makes up the Markdown body (at
DEBUG)
- Log the full Markdown body (at
TRACE)
Renovate's onboarding PRs are a great feature compared to the onboarding experience for any other tools in this space.
It provides a tonne of value to a newly onboarding project, and I've found at a previous company that despite Dependabot being installed on a project, the maintainers weren't aware of how many of their dependencies were still out-of-date!
However, when using a large repo / monorepo (related: #41414) this can lead to the Onboarding PR being truncated, due to the size of the repo, and pending updates.
Something we've discussed before (links to be added) is whether we can split the PR description across multiple comments, due to size.
As a medium-term alternative, we should instead detect if we're going to hit Platform limits, and if so, provide an alternative view of the Onboarding PR.
If we take some examples from the 551 public repos: https://github.com/search?q=%22configure+renovate%22+%22truncated+due+to+%22+author%3Arenovate%5Bbot%5D&type=pullrequests on the Mend Developer Platform seeing this, we can see that:
In this new view, I would expect that we:
utils/user-data (npm, custom.regex), but not more than 2 levels from the root# security,# minorschedule, show these# securityupdates, as an indication that the repository has updates that should be triagedOther potential data:
We should also add a feedback thread for this, and consider whether there are improvements we can take into the "non-over-Platform-limit" PRs.
Other options
In the meantime/as well as:
DEBUG)TRACE)