Skip to content

Commit 17c73e9

Browse files
authored
Merge branch 'pwnage101/ENT-11563' of github.com:openedx/openedx-platform into pwnage101/ENT-11563
2 parents 8a889ec + 714ab83 commit 17c73e9

1,572 files changed

Lines changed: 26115 additions & 25533 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/renovate.json5

Lines changed: 36 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -1,45 +1,50 @@
11
{
22
extends: [
3-
'config:recommended',
4-
'schedule:weekly',
5-
':automergeLinters',
6-
':automergeMinor',
7-
':automergeTesters',
8-
':enableVulnerabilityAlerts',
9-
':semanticCommits',
10-
':updateNotScheduled',
3+
'config:recommended', // Renovate base defaults: dependency dashboard, monorepo grouping, sane PR limits
4+
'schedule:weekly', // Only open new PRs once a week
5+
':automergeLinters', // Automerge linter updates (eslint, prettier, etc.)
6+
':automergeTesters', // Automerge test runner updates (jest, mocha, etc.)
7+
':enableVulnerabilityAlerts', // Open security PRs immediately, ignoring the weekly schedule
8+
':semanticCommits', // Use conventional commit format (fix(deps):, chore(deps):)
9+
':updateNotScheduled', // Allow vulnerability fixes to bypass the weekly schedule
1110
],
11+
12+
// Never auto-rebase PRs; let humans decide when to rebase
13+
rebaseWhen: 'never',
14+
15+
// Wait 3 days after a release before opening a PR, giving time for early bugs and
16+
// potentially malicious releases (e.g. supply chain attacks) to be detected
17+
minimumReleaseAge: '3 days',
18+
19+
// Only manage npm dependencies
20+
enabledManagers: [
21+
'npm',
22+
],
23+
24+
// Only create PRs during Eastern time (aligns with the weekly schedule)
25+
timezone: 'America/New_York',
26+
27+
// Cap the number of open Renovate PRs at any one time
28+
prConcurrentLimit: 3,
29+
30+
// Packages with known breaking changes or no active maintainer
31+
ignoreDeps: [
32+
'karma-spec-reporter',
33+
],
34+
1235
packageRules: [
1336
{
14-
matchDepTypes: [
15-
'devDependencies',
16-
],
17-
matchUpdateTypes: [
18-
'lockFileMaintenance',
19-
'minor',
20-
'patch',
21-
'pin',
37+
// Automerge minor and patch updates for @edx and @openedx scoped packages;
38+
// these are maintained by the same org so breakage is caught upstream
39+
matchPackageNames: [
40+
'/@edx/',
41+
'/@openedx/',
2242
],
23-
automerge: true,
24-
},
25-
{
2643
matchUpdateTypes: [
2744
'minor',
2845
'patch',
2946
],
3047
automerge: true,
31-
matchPackageNames: [
32-
'/@edx/',
33-
'/@openedx/',
34-
],
3548
},
3649
],
37-
ignoreDeps: [
38-
'karma-spec-reporter',
39-
],
40-
timezone: 'America/New_York',
41-
prConcurrentLimit: 3,
42-
enabledManagers: [
43-
'npm',
44-
],
4550
}
Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
name: Create quarterly issues for GitHub audit
2+
on:
3+
schedule:
4+
- cron: 0 0 1 1,4,7,10 *
5+
workflow_dispatch: {}
6+
7+
env:
8+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
9+
10+
jobs:
11+
create_issue:
12+
name: Create quarterly constraint check issue
13+
runs-on: ubuntu-latest
14+
permissions:
15+
issues: write
16+
steps:
17+
- run: |
18+
# Platform constraints audit
19+
new_issue_url=$(gh issue create --repo "openedx/openedx-platform" \
20+
--title "Quarterly audit of openedx-platform constraints" \
21+
--label "code health" \
22+
--body "It is time to perform the quartely audit of constrained dependencies in \`openedx-platform\`. The goal is to remove any constraints that are no longer necessary to proactively prevent version conflicts and keep us up to date with security patches. The playbook for performing the audit can be found [here](https://openedx.atlassian.net/wiki/spaces/AC/pages/6340968449/Quarterly+Platform+Constraints+Audit).")
23+
echo "NEW_ISSUE_URL=$new_issue_url" >> $GITHUB_ENV
24+
25+
- name: Comment on issue
26+
run: gh issue comment $NEW_ISSUE_URL --body "@openedx/wg-maintenance-openedx-platform-oncall heads up on this request"

0 commit comments

Comments
 (0)