This is an automated email from the ASF dual-hosted git repository.

dsmiley pushed a commit to branch branch_10x
in repository https://gitbox.apache.org/repos/asf/solr.git

commit 4d4a21b727d01a766b12377a9967377a6a5aac23
Author: Jan Høydahl <[email protected]>
AuthorDate: Thu Jul 2 01:20:58 2026 +0200

    Propose better Renovatebot grouping (#4581)
    
    (cherry picked from commit 9cf45b2ff6a251154f03cc01b74644310c74be35)
---
 .github/renovate.json             | 138 ++++++++++++++++++++++++++++++--------
 dev-docs/dependency-upgrades.adoc |  17 ++++-
 2 files changed, 123 insertions(+), 32 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index bd5ff8f4c5f..be5d63bbcc8 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -28,45 +28,131 @@
       "versioning": 
"regex:^(?<major>\\d{1,4})\\.(?<minor>\\d+)(\\.(?<patch>\\d+))?$"
     },
     {
-      "description": "Group these calcite dependency upgrades together in same 
PR",
-      "matchPackagePrefixes": ["org.apache.calcite"],
-      "groupName": "org.apache.calcite"
+      "description": "Byte Buddy publishes a -jdk5 backport variant alongside 
each release (e.g. 1.18.10-jdk5). Ignore those so we track the mainline 
versions (e.g. 1.18.10).",
+      "matchPackagePrefixes": ["net.bytebuddy"],
+      "allowedVersions": "!/-jdk5$/"
     },
     {
-      "description": "Group these httpcomponents dependency upgrades together 
in same PR",
-      "matchPackagePrefixes": ["org.apache.httpcomponents"],
-      "groupName": "org.apache.httpcomponents"
+      "description": "CATCH-ALL: bundle all remaining minor/patch bumps of 
otherwise-ungrouped libraries into one PR to cut churn. Major bumps are 
intentionally NOT grouped here - they stay as individual PRs. The test bucket 
and the logical groups below override this for their packages.",
+      "matchManagers": ["gradle"],
+      "matchUpdateTypes": ["minor", "patch"],
+      "groupName": "all non-major dependencies"
     },
     {
-      "description": "Test-dependencies are checked less often than the 
shipped deps",
+      "description": "CATCH-ALL for test-only deps: bundle their minor/patch 
bumps separately from shipped deps. Major bumps stay individual.",
+      "matchManagers": ["gradle"],
       "matchDepTypes": ["test"],
-      "schedule": ["before 9am on the first day of the month"]
+      "matchUpdateTypes": ["minor", "patch"],
+      "groupName": "all non-major test dependencies"
+    },
+    {
+      "description": "Admin UI (Kotlin Multiplatform / Compose stack in 
solr/ui) - compose, androidx, kotlin(x), decompose/essenty/mvikotlin, ktor and 
kotlin-logging all move together. The Compose compiler plugin is version-locked 
to the Kotlin release.",
+      "matchPackagePrefixes": [
+        "org.jetbrains.kotlin",
+        "org.jetbrains.compose",
+        "org.jetbrains.androidx",
+        "com.arkivanov",
+        "io.ktor",
+        "io.github.oshai"
+      ],
+      "groupName": "Admin UI"
+    },
+    {
+      "description": "Web/server stack - Jetty servlet container, the Jakarta 
EE APIs, and the Jersey (JAX-RS) impl with its HK2 DI. solr/core wires 
jersey-container-jetty-http + jersey-inject-hk2 + jakarta APIs onto Jetty, so 
they must stay compatible.",
+      "matchPackagePrefixes": [
+        "org.eclipse.jetty",
+        "jakarta.",
+        "org.glassfish.jersey",
+        "org.glassfish.hk2"
+      ],
+      "groupName": "Web server stack"
+    },
+    {
+      "description": "gRPC / Netty / protobuf transport stack - grpc-netty 
uses Netty as its transport and grpc-protobuf uses protobuf. Shared by both the 
OpenTelemetry OTLP exporter and the GCS client, so it is its own group rather 
than owned by either.",
+      "matchPackagePrefixes": [
+        "io.grpc",
+        "io.netty",
+        "com.google.protobuf"
+      ],
+      "groupName": "gRPC and Netty"
+    },
+    {
+      "description": "Telemetry - OpenTelemetry 
API/SDK/exporters/instrumentation plus the Prometheus metrics libraries it 
exports to (solr/core uses otel-exporter-prometheus with 
prometheus-metrics-*).",
+      "matchPackagePrefixes": [
+        "io.opentelemetry",
+        "io.prometheus"
+      ],
+      "groupName": "Telemetry (OpenTelemetry & Prometheus)"
+    },
+    {
+      "description": "Google Cloud client stack used by the GCS repository - 
cloud client, api and auth libraries plus the BOM. Kept separate from the gRPC 
transport it consumes and from general com.google.* utility libs (guava, gson, 
errorprone).",
+      "matchPackagePrefixes": [
+        "com.google.cloud",
+        "com.google.api",
+        "com.google.auth"
+      ],
+      "groupName": "Google Cloud"
+    },
+    {
+      "description": "FasterXML Jackson and the Woodstox XML stack - 
jackson-bom family, plus woodstox-core (com.fasterxml.woodstox) and its 
required stax2-api (org.codehaus.woodstox), which are used together in 
solr/core.",
+      "matchPackagePrefixes": [
+        "com.fasterxml.jackson",
+        "com.fasterxml.woodstox",
+        "org.codehaus.woodstox"
+      ],
+      "groupName": "Jackson & Woodstox"
+    },
+    {
+      "description": "Logging stack - Log4j, SLF4J (the log4j-slf4j2-impl 
bridge and jul/jcl bridges tie them together) and LMAX Disruptor, which is only 
present for Log4j2 async logging.",
+      "matchPackagePrefixes": [
+        "org.apache.logging.log4j",
+        "org.slf4j",
+        "com.lmax"
+      ],
+      "groupName": "Logging"
+    },
+    {
+      "description": "ZooKeeper and Curator - Curator is a ZooKeeper client 
library and must stay compatible with the ZooKeeper version.",
+      "matchPackagePrefixes": [
+        "org.apache.zookeeper",
+        "org.apache.curator"
+      ],
+      "groupName": "ZooKeeper & Curator"
+    },
+    {
+      "description": "Calcite (calcite-core/linq4j + avatica) must move 
together",
+      "matchPackagePrefixes": ["org.apache.calcite"],
+      "groupName": "Calcite"
+    },
+    {
+      "description": "Apache HttpComponents (httpclient/httpcore/httpmime) 
must move together",
+      "matchPackagePrefixes": ["org.apache.httpcomponents"],
+      "groupName": "Apache HttpComponents"
     },
     {
-      "description": "AWS SDK packages checked less often",
+      "description": "AWS SDK - single BOM-aligned version across ~11 
artifacts",
       "matchPackagePrefixes": ["software.amazon.awssdk"],
-      "groupName": "AWS SDK",
-      "schedule": ["before 9am on the first day of the month"]
+      "groupName": "AWS SDK"
     },
     {
-      "description": "Google Cloud BOM checked less often to avoid spam",
-      "matchPackageNames": ["com.google.cloud:google-cloud-bom"],
-      "schedule": ["before 9am on the first day of the month"]
+      "description": "OkHttp and Okio - okhttp depends on a compatible okio",
+      "matchPackagePrefixes": ["com.squareup.okhttp3", "com.squareup.okio"],
+      "groupName": "OkHttp & Okio"
     },
     {
-      "description": "Workaround for 
https://github.com/renovatebot/renovate/issues/19226";,
-      "matchPackageNames": ["solr:modules", "HH:mm"],
+      "description": "Skip major jetty upgrades - must be done manually 
(overrides the Web server stack group above for jetty majors only)",
+      "matchPackagePrefixes": ["org.eclipse.jetty"],
+      "matchUpdateTypes": ["major"],
       "enabled": false
     },
     {
-      "description": "Lucene dependencies should be skipped",
+      "description": "Lucene dependencies should be skipped (upgraded together 
with the Lucene release)",
       "matchPackagePrefixes": ["org.apache.lucene"],
       "enabled": false
     },
     {
-      "description": "Skip major jetty upgrades - must be done manually",
-      "matchPackagePrefixes": ["org.eclipse.jetty"],
-      "matchUpdateTypes": ["major"],
+      "description": "Workaround for 
https://github.com/renovatebot/renovate/issues/19226";,
+      "matchPackageNames": ["solr:modules", "HH:mm"],
       "enabled": false
     },
     {
@@ -96,18 +182,12 @@
       "changelogUrl": 
"https://commons.apache.org/proper/commons-configuration/changes-report.html";
     },
     {
-      "description": "Group these UI dependency upgrades together in same PR",
-      "matchPackagePrefixes": ["com.arkivanov", "org.jetbrains.compose"],
-      "groupName": "Admin UI libraries"
-    },
-    {
-      "description": "Group all GitHub Actions upgrades together in same PR, 
checked once per month",
+      "description": "Group all GitHub Actions upgrades together in same PR",
       "matchManagers": ["github-actions"],
-      "groupName": "GitHub Actions",
-      "schedule": ["before 9am on the first day of the month"]
+      "groupName": "GitHub Actions"
     }
   ],
-  "schedule": ["* * * * 0"],
+  "schedule": ["before 9am on the first day of the month"],
   "prConcurrentLimit": 300,
   "prHourlyLimit": 20,
   "minimumReleaseAge": "5 days"
diff --git a/dev-docs/dependency-upgrades.adoc 
b/dev-docs/dependency-upgrades.adoc
index 12a13ff0232..cbc16809aca 100644
--- a/dev-docs/dependency-upgrades.adoc
+++ b/dev-docs/dependency-upgrades.adoc
@@ -70,15 +70,26 @@ changes resulting from the gradle tasks `resolveAndLockAll` 
and `updateLicenses`
 Community members and committers can then review, and if manual changes are 
needed, help bring the PR to completion.
 For many dependencies, a changelog is included in the PR text, which may help 
guide the upgrade decision.
 
-The scans are run on a schedule. New PRs are filed every Sunday, and only 
dependency versions that are at least
-5 days old are suggested, to guard against bad apples. If a new *major* 
version of a dependency is available,
-that will get its own separate Pull Request, so you can choose.
+The scans are run on a schedule. New PRs are filed once a month (before 9am on 
the first day of the month), and only
+dependency versions that are at least 5 days old are suggested, to guard 
against bad apples. Since Solr only releases
+every couple of months, a monthly cadence keeps the number of open dependency 
PRs manageable. A Release Manager who
+wants to be on the very latest right before a release can temporarily switch 
to a more frequent schedule (e.g.
+`["* * * * 0"]` for weekly) by editing `renovate.json`.
+
+To further cut down on the number of tiny PRs, upgrades are *grouped*. There 
are a handful of logical groups for
+libraries that must stay version-compatible (e.g. Admin UI, Web server stack, 
Logging), and then two large
+catch-all groups - "all non-major dependencies" and "all non-major test 
dependencies" - that bundle the *minor and
+patch* bumps of everything else. *Major* bumps are never grouped; each gets 
its own PR for individual review. See
+`renovate.json` for the exact group definitions.
 
 If an upgrade is decided, simply merge (and backport) the PR. To skip an 
upgrade, close the PR. If a PR is left open,
 it will be re-used and auto updated whenever a newer patch- or minor version 
gets available. Thus, one can reduce
 churn from frequently-updated dependencies by delaying merge until a few weeks 
before a new release. One can also
 choose to change to a less frequent schedule or disable the bot, by editing 
`renovate.json`.
 
+The `branch_9x` branch has its own `renovate.json` that layers on top of (and 
inherits from) this one, overriding only
+the schedule and the lockfile/license commands. Grouping rules defined here 
therefore apply to `branch_9x` too.
+
 Please note that Solr version prior to 10.X use a versions resolution plugin 
that uses `versions.lock` instead of
 `libs.version.toml`. Therefore, changes cannot be backported via cherry-pick.
 

Reply via email to