Amp-wp: Switch from Renovate to Dependabot for dependency updates
Feature description
We've seen that Dependabot does better at updating PHP dependencies in the composer.json.
Also, now that we have a GitHub action which does ZIP builds for PRs, this is restricted to PRs not coming from forks, which is another benefit that Dependabot provides.
Therefore, we should decommission Renovate and switch instead to Dependabot.
_Do not alter or remove anything below. The following sections will be managed by moderators only._
Acceptance criteria
Implementation brief
QA testing instructions
Demo
Changelog entry
westonruter
All 5 comments
FYI: Renovate has now been disabled for amp-wp.
@schlessera It has also been disabled for amp-toolbox-php.
westonruter
on 2 Nov 2020
Please let me know if you see any issues following disable.
kristoferbaxter
on 2 Nov 2020
Only outstanding issue is needing to add dependabot-preview to the CLAassistant allowlist:
westonruter
on 2 Nov 2020
^ Coincidentally just asked about this in the #wg-infra Slack channel.
swissspidy
on 4 Nov 2020
Thanks to @kristoferbaxter and @rsimha, dependabot is now in the allowlist for the CLA.
The check is passing:
https://github.com/ampproject/amp-wp/pulls/app%2Fdependabot-preview
westonruter
on 11 Nov 2020
Related issues
miina
路
5Comments
maciejmackowiak
路
5Comments
westonruter
路
5Comments
GitaStreet
路
4Comments
swissspidy
路
4Comments
Most helpful comment
Thanks to @kristoferbaxter and @rsimha, dependabot is now in the allowlist for the CLA.
The check is passing:
https://github.com/ampproject/amp-wp/pulls/app%2Fdependabot-preview