This is an automated email from the ASF dual-hosted git repository. dsmiley pushed a commit to branch branch_10x in repository https://gitbox.apache.org/repos/asf/solr.git
commit 4d4a21b727d01a766b12377a9967377a6a5aac23 Author: Jan Høydahl <[email protected]> AuthorDate: Thu Jul 2 01:20:58 2026 +0200 Propose better Renovatebot grouping (#4581) (cherry picked from commit 9cf45b2ff6a251154f03cc01b74644310c74be35) --- .github/renovate.json | 138 ++++++++++++++++++++++++++++++-------- dev-docs/dependency-upgrades.adoc | 17 ++++- 2 files changed, 123 insertions(+), 32 deletions(-) diff --git a/.github/renovate.json b/.github/renovate.json index bd5ff8f4c5f..be5d63bbcc8 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -28,45 +28,131 @@ "versioning": "regex:^(?<major>\\d{1,4})\\.(?<minor>\\d+)(\\.(?<patch>\\d+))?$" }, { - "description": "Group these calcite dependency upgrades together in same PR", - "matchPackagePrefixes": ["org.apache.calcite"], - "groupName": "org.apache.calcite" + "description": "Byte Buddy publishes a -jdk5 backport variant alongside each release (e.g. 1.18.10-jdk5). Ignore those so we track the mainline versions (e.g. 1.18.10).", + "matchPackagePrefixes": ["net.bytebuddy"], + "allowedVersions": "!/-jdk5$/" }, { - "description": "Group these httpcomponents dependency upgrades together in same PR", - "matchPackagePrefixes": ["org.apache.httpcomponents"], - "groupName": "org.apache.httpcomponents" + "description": "CATCH-ALL: bundle all remaining minor/patch bumps of otherwise-ungrouped libraries into one PR to cut churn. Major bumps are intentionally NOT grouped here - they stay as individual PRs. The test bucket and the logical groups below override this for their packages.", + "matchManagers": ["gradle"], + "matchUpdateTypes": ["minor", "patch"], + "groupName": "all non-major dependencies" }, { - "description": "Test-dependencies are checked less often than the shipped deps", + "description": "CATCH-ALL for test-only deps: bundle their minor/patch bumps separately from shipped deps. Major bumps stay individual.", + "matchManagers": ["gradle"], "matchDepTypes": ["test"], - "schedule": ["before 9am on the first day of the month"] + "matchUpdateTypes": ["minor", "patch"], + "groupName": "all non-major test dependencies" + }, + { + "description": "Admin UI (Kotlin Multiplatform / Compose stack in solr/ui) - compose, androidx, kotlin(x), decompose/essenty/mvikotlin, ktor and kotlin-logging all move together. The Compose compiler plugin is version-locked to the Kotlin release.", + "matchPackagePrefixes": [ + "org.jetbrains.kotlin", + "org.jetbrains.compose", + "org.jetbrains.androidx", + "com.arkivanov", + "io.ktor", + "io.github.oshai" + ], + "groupName": "Admin UI" + }, + { + "description": "Web/server stack - Jetty servlet container, the Jakarta EE APIs, and the Jersey (JAX-RS) impl with its HK2 DI. solr/core wires jersey-container-jetty-http + jersey-inject-hk2 + jakarta APIs onto Jetty, so they must stay compatible.", + "matchPackagePrefixes": [ + "org.eclipse.jetty", + "jakarta.", + "org.glassfish.jersey", + "org.glassfish.hk2" + ], + "groupName": "Web server stack" + }, + { + "description": "gRPC / Netty / protobuf transport stack - grpc-netty uses Netty as its transport and grpc-protobuf uses protobuf. Shared by both the OpenTelemetry OTLP exporter and the GCS client, so it is its own group rather than owned by either.", + "matchPackagePrefixes": [ + "io.grpc", + "io.netty", + "com.google.protobuf" + ], + "groupName": "gRPC and Netty" + }, + { + "description": "Telemetry - OpenTelemetry API/SDK/exporters/instrumentation plus the Prometheus metrics libraries it exports to (solr/core uses otel-exporter-prometheus with prometheus-metrics-*).", + "matchPackagePrefixes": [ + "io.opentelemetry", + "io.prometheus" + ], + "groupName": "Telemetry (OpenTelemetry & Prometheus)" + }, + { + "description": "Google Cloud client stack used by the GCS repository - cloud client, api and auth libraries plus the BOM. Kept separate from the gRPC transport it consumes and from general com.google.* utility libs (guava, gson, errorprone).", + "matchPackagePrefixes": [ + "com.google.cloud", + "com.google.api", + "com.google.auth" + ], + "groupName": "Google Cloud" + }, + { + "description": "FasterXML Jackson and the Woodstox XML stack - jackson-bom family, plus woodstox-core (com.fasterxml.woodstox) and its required stax2-api (org.codehaus.woodstox), which are used together in solr/core.", + "matchPackagePrefixes": [ + "com.fasterxml.jackson", + "com.fasterxml.woodstox", + "org.codehaus.woodstox" + ], + "groupName": "Jackson & Woodstox" + }, + { + "description": "Logging stack - Log4j, SLF4J (the log4j-slf4j2-impl bridge and jul/jcl bridges tie them together) and LMAX Disruptor, which is only present for Log4j2 async logging.", + "matchPackagePrefixes": [ + "org.apache.logging.log4j", + "org.slf4j", + "com.lmax" + ], + "groupName": "Logging" + }, + { + "description": "ZooKeeper and Curator - Curator is a ZooKeeper client library and must stay compatible with the ZooKeeper version.", + "matchPackagePrefixes": [ + "org.apache.zookeeper", + "org.apache.curator" + ], + "groupName": "ZooKeeper & Curator" + }, + { + "description": "Calcite (calcite-core/linq4j + avatica) must move together", + "matchPackagePrefixes": ["org.apache.calcite"], + "groupName": "Calcite" + }, + { + "description": "Apache HttpComponents (httpclient/httpcore/httpmime) must move together", + "matchPackagePrefixes": ["org.apache.httpcomponents"], + "groupName": "Apache HttpComponents" }, { - "description": "AWS SDK packages checked less often", + "description": "AWS SDK - single BOM-aligned version across ~11 artifacts", "matchPackagePrefixes": ["software.amazon.awssdk"], - "groupName": "AWS SDK", - "schedule": ["before 9am on the first day of the month"] + "groupName": "AWS SDK" }, { - "description": "Google Cloud BOM checked less often to avoid spam", - "matchPackageNames": ["com.google.cloud:google-cloud-bom"], - "schedule": ["before 9am on the first day of the month"] + "description": "OkHttp and Okio - okhttp depends on a compatible okio", + "matchPackagePrefixes": ["com.squareup.okhttp3", "com.squareup.okio"], + "groupName": "OkHttp & Okio" }, { - "description": "Workaround for https://github.com/renovatebot/renovate/issues/19226", - "matchPackageNames": ["solr:modules", "HH:mm"], + "description": "Skip major jetty upgrades - must be done manually (overrides the Web server stack group above for jetty majors only)", + "matchPackagePrefixes": ["org.eclipse.jetty"], + "matchUpdateTypes": ["major"], "enabled": false }, { - "description": "Lucene dependencies should be skipped", + "description": "Lucene dependencies should be skipped (upgraded together with the Lucene release)", "matchPackagePrefixes": ["org.apache.lucene"], "enabled": false }, { - "description": "Skip major jetty upgrades - must be done manually", - "matchPackagePrefixes": ["org.eclipse.jetty"], - "matchUpdateTypes": ["major"], + "description": "Workaround for https://github.com/renovatebot/renovate/issues/19226", + "matchPackageNames": ["solr:modules", "HH:mm"], "enabled": false }, { @@ -96,18 +182,12 @@ "changelogUrl": "https://commons.apache.org/proper/commons-configuration/changes-report.html" }, { - "description": "Group these UI dependency upgrades together in same PR", - "matchPackagePrefixes": ["com.arkivanov", "org.jetbrains.compose"], - "groupName": "Admin UI libraries" - }, - { - "description": "Group all GitHub Actions upgrades together in same PR, checked once per month", + "description": "Group all GitHub Actions upgrades together in same PR", "matchManagers": ["github-actions"], - "groupName": "GitHub Actions", - "schedule": ["before 9am on the first day of the month"] + "groupName": "GitHub Actions" } ], - "schedule": ["* * * * 0"], + "schedule": ["before 9am on the first day of the month"], "prConcurrentLimit": 300, "prHourlyLimit": 20, "minimumReleaseAge": "5 days" diff --git a/dev-docs/dependency-upgrades.adoc b/dev-docs/dependency-upgrades.adoc index 12a13ff0232..cbc16809aca 100644 --- a/dev-docs/dependency-upgrades.adoc +++ b/dev-docs/dependency-upgrades.adoc @@ -70,15 +70,26 @@ changes resulting from the gradle tasks `resolveAndLockAll` and `updateLicenses` Community members and committers can then review, and if manual changes are needed, help bring the PR to completion. For many dependencies, a changelog is included in the PR text, which may help guide the upgrade decision. -The scans are run on a schedule. New PRs are filed every Sunday, and only dependency versions that are at least -5 days old are suggested, to guard against bad apples. If a new *major* version of a dependency is available, -that will get its own separate Pull Request, so you can choose. +The scans are run on a schedule. New PRs are filed once a month (before 9am on the first day of the month), and only +dependency versions that are at least 5 days old are suggested, to guard against bad apples. Since Solr only releases +every couple of months, a monthly cadence keeps the number of open dependency PRs manageable. A Release Manager who +wants to be on the very latest right before a release can temporarily switch to a more frequent schedule (e.g. +`["* * * * 0"]` for weekly) by editing `renovate.json`. + +To further cut down on the number of tiny PRs, upgrades are *grouped*. There are a handful of logical groups for +libraries that must stay version-compatible (e.g. Admin UI, Web server stack, Logging), and then two large +catch-all groups - "all non-major dependencies" and "all non-major test dependencies" - that bundle the *minor and +patch* bumps of everything else. *Major* bumps are never grouped; each gets its own PR for individual review. See +`renovate.json` for the exact group definitions. If an upgrade is decided, simply merge (and backport) the PR. To skip an upgrade, close the PR. If a PR is left open, it will be re-used and auto updated whenever a newer patch- or minor version gets available. Thus, one can reduce churn from frequently-updated dependencies by delaying merge until a few weeks before a new release. One can also choose to change to a less frequent schedule or disable the bot, by editing `renovate.json`. +The `branch_9x` branch has its own `renovate.json` that layers on top of (and inherits from) this one, overriding only +the schedule and the lockfile/license commands. Grouping rules defined here therefore apply to `branch_9x` too. + Please note that Solr version prior to 10.X use a versions resolution plugin that uses `versions.lock` instead of `libs.version.toml`. Therefore, changes cannot be backported via cherry-pick.
