Skip to content

chore: Add renovate custom manager to update upper-bound files #3894

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lqiu96 merged 17 commits into from
Oct 14, 2025
Merged

chore: Add renovate custom manager to update upper-bound files #3894

lqiu96 merged 17 commits into from
Oct 14, 2025

Conversation

@lqiu96
Copy link
Member

@lqiu96 lqiu96 commented Aug 29, 2025
edited
Loading

Dependencies CI Test: https://github.com/googleapis/sdk-platform-java/actions/runs/18327368470/job/52195017520

Changes

In order to keep the current Maven pom.xml files the same, we create a new format in the dependencies.txt file:
{GroupID}:{ArtifactID},{MavenPropertyID}={Version}. The GroupID, ArtifactID, and Version values are by renovate bot to determine there should be a dependency bump. The MavenPropertyID and Version values are used to build the maven test command.

The format may not look intuitive and can be changed in the future. Values/ Separators were chosen so that it doesn't have any weird edge cases/ impact in shell scripts (avoiding ';', '*', '|' characters)

Local Renovate Bot Invocation

Local invocation of renovate shows that it is able to match the versions:

{
     "depName": "com.fasterxml.jackson:jackson-bom",
     "currentValue": "2.19.2",
     "datasource": "maven",
     "replaceString": "com.fasterxml.jackson:jackson-bom=2.19.2\n",
     "updates": [
       {
         "bucket": "non-major",
         "newVersion": "2.20.0",
         "newValue": "2.20.0",
         "releaseTimestamp": "2025-08-28T22:48:03.000Z",
         "newVersionAgeInDays": 0,
         "newMajor": 2,
         "newMinor": 20,
         "newPatch": 0,
         "updateType": "minor",
         "isBreaking": false,
         "branchName": "renovate/com.fasterxml.jackson-jackson-bom-2.x"
       }
     ],
     ...
 ],
   "matchStrings": ["(?<depName>.*)=(?<currentValue>.*)\\n"],
   "datasourceTemplate": "maven",
   "packageFile": "dependencies.txt"
 }

@product-auto-label product-auto-label bot added the size: m Pull request size is medium. label Aug 29, 2025
lqiu96
lqiu96 commented Aug 29, 2025
View reviewed changes
lqiu96
lqiu96 commented Aug 29, 2025
View reviewed changes
@sonarqubecloud
Copy link

sonarqubecloud bot commented Aug 29, 2025

Quality Gate Passed Quality Gate passed for 'gapic-generator-java-root'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarqubecloud
Copy link

sonarqubecloud bot commented Aug 29, 2025

Quality Gate Passed Quality Gate passed for 'java_showcase_integration_tests'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@product-auto-label product-auto-label bot added size: l Pull request size is large. and removed size: m Pull request size is medium. labels Oct 7, 2025
@lqiu96 lqiu96 force-pushed the renovate-bot-upper-bound-file branch from 5e8d7b3 to ba9bb67 Compare October 7, 2025 16:19
@product-auto-label product-auto-label bot added size: m Pull request size is medium. and removed size: l Pull request size is large. labels Oct 7, 2025
@lqiu96 lqiu96 marked this pull request as ready for review October 7, 2025 22:05
@lqiu96 lqiu96 requested a review from blakeli0 October 7, 2025 22:05
blakeli0
blakeli0 reviewed Oct 10, 2025
View reviewed changes
gapic-generator-java-pom-parent/pom.xml
<properties>
<skipUnitTests>false</skipUnitTests>
<checkstyle.header.file>java.header</checkstyle.header.file>
<maven.compiler.release>8</maven.compiler.release>
Copy link
Contributor

@blakeli0 blakeli0 Oct 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think changes in this file is unintentional? If yes, can we revert it?

Copy link
Member Author

@lqiu96 lqiu96 Oct 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moved the non-dependency property up (I think above is moreso a section for maven plugins.

lqiu96
lqiu96 commented Oct 10, 2025
View reviewed changes
dependencies.txt
Comment on lines +11 to +15
javax.annotation:javax.annotation-api,javax.annotation-api=1.3.2
io.grpc:grpc-bom,grpc=1.74.0
com.google.auth:google-auth-library-bom,google.auth=1.37.1
com.google.http-client:google-http-client,google.http-client=1.47.1
com.google.code.gson:gson,gson=2.13.1
Copy link
Member Author

@lqiu96 lqiu96 Oct 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These may have some old versions that weren't merged properly. I think we should see renovate-bot raise a PR for these once this is merged in.

Copy link
Contributor

@blakeli0 blakeli0 Oct 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where are the old versions pulled from? Can we keep the latest versions?

Copy link
Member Author

@lqiu96 lqiu96 Oct 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are just old versions from this stale PR. Hopefully renovate bot can group the deps in these files in one deps PR.

Copy link
Contributor

@blakeli0 blakeli0 Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SG. As long as we upgrade them before releasing sdk-platform-java, we should be good.

Copy link
Member Author

@lqiu96 lqiu96 Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SG. As long as we upgrade them before releasing sdk-platform-java, we should be good.

I will merge this in and test this. Hopefully this should all come in as one big PR!

@lqiu96 lqiu96 requested a review from blakeli0 October 10, 2025 21:27
@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 10, 2025

Quality Gate Passed Quality Gate passed for 'gapic-generator-java-root'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 10, 2025

Quality Gate Passed Quality Gate passed for 'java_showcase_integration_tests'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@lqiu96 lqiu96 merged commit 4223a86 into main Oct 14, 2025
60 of 63 checks passed
@lqiu96 lqiu96 deleted the renovate-bot-upper-bound-file branch October 14, 2025 21:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@blakeli0 blakeli0 blakeli0 approved these changes

Assignees

No one assigned

Labels

size: m Pull request size is medium.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lqiu96 @blakeli0