Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 0 additions & 15 deletions .github/dependabot.yml

This file was deleted.

5 changes: 4 additions & 1 deletion .github/workflows/pr_title.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,11 @@ jobs:
echo 'module.exports = {
// Workaround for https://github.com/dependabot/dependabot-core/issues/5923

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this comment still relevant if we no longer use dependabot?

"ignores": [
// Dependabot PR descriptions
(message) => /^Bumps \[.+]\(.+\) from .+ to .+\.$/m.test(message),
(message) => /^Updates the requirements on .+ to permit the latest version\.$/m.test(message)
(message) => /^Updates the requirements on .+ to permit the latest version\.$/m.test(message),
// Renovate PR descriptions
(message) => /^This PR contains the following updates:$/m.test(message),
],
"rules": {
"body-max-line-length": [0, "always", Infinity],
Expand Down
9 changes: 9 additions & 0 deletions renovate.json

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a way to validate that this works before merging?

@nielspardon nielspardon May 12, 2026

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've been testing this on my private fork and I found that the current pixi support for Renovate is only covering the direct Pixi dependencies in [tool.pixi.dependencies] e.g. NodeJS which when it does update the version also updates the pixi.lock file: https://github.com/nielspardon/substrait/pull/5/changes

When it updates one of the dependencies in the dev dependency group in [dependency-groups] it does not update those using the Pixi manager and Renovate thus also not updating the pixi.lock file currently: https://github.com/nielspardon/substrait/pull/7/changes

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I logged a feature request with Renovate to help us fix this gap: renovatebot/renovate#43260

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI: Renovate also supports postUpgradeTasks if you are hosting it yourself. When using the hosted one with the Github App it does not allow custom commands for security reasons.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for investigating. Hopefully we can figure out something that will work for our setup.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I opened a PR to fix renovate for pixi lock file updates: renovatebot/renovate#44004

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we need dependency groups? in our case, what's the difference between dependencies and a dev dependency group? isn't the whole thing a single dev environment anyway?

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe we should discuss this in a separate issue. feels unrelated to switching from dependabot to renovate.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, just a possible shortcut 😆 doesn't really matter though if the issue is being addressed in renovate anyway

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The issue with Renovate is not caused by the dependencies being in a dependency group. We would have the same issue if they were regular Python dependencies in [project.dependencies] in pyproject.toml. The issue is that the pixi support in Renovate today would only update the pixi.lock file when suggesting a dependency update in pixi.toml or in [tool.pixi.dependencies] in pyproject.toml. This is better than dependabot which has no pixi support at all but wouldn't help since we are using pyproject.toml in this repo and no pixi.toml.

The PR I opened in Renovate which got one approval already makes sure the pixi.lock file gets updated when Python dependencies in pyproject.toml (outside of [tool.pixi.dependencies]) get bumped including dependency groups.

Whether we should declare the dependencies as project dependencies or in a dev dependency group is orthogonal in my opinion.

Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:recommended"
],
"semanticCommits": "enabled",
"semanticCommitType": "build",
"semanticCommitScope": "deps"
}
Loading