Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Lock SDK to 6.0.100 and ignore with Renovate updates #294

Merged
merged 3 commits into from
Nov 28, 2023

Conversation

Hinton
Copy link
Member

@Hinton Hinton commented Oct 16, 2023

Type of change

- [ ] Bug fix
- [ ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [x] Other

Objective

Disable renovate from bumping the dotnet-sdk. We have prefer latest which should be sufficient.

Before you submit

  • Please add unit tests where it makes sense to do so (encouraged but not required)

@bitwarden-bot
Copy link

bitwarden-bot commented Oct 16, 2023

Logo
Checkmarx One – Scan Summary & Detailsba13e011-be3b-4d58-a12f-fb4138035f2c

No New Or Fixed Issues Found

@withinfocus
Copy link
Contributor

Is #286 an example? I don't see the harm really despite the rollForward.

@Hinton
Copy link
Member Author

Hinton commented Oct 16, 2023

@withinfocus yes. It's an annoyance since the dotnet tooling will complain about missing SDK version. Requiring developers to always be on the latest version can be somewhat tedious.

@withinfocus
Copy link
Contributor

You mean the runners not being able to pull them? On a weekly cadence that seems rare since these get out in a day or two.

Your point is certainly valid since this will still roll up to the latest release, but when that's available could actually be of importance to us and our team / processes. Microsoft may issue an SDK update here for security reasons and we want to force the updates and conversation if we can; the potentially week-long delay for the update is already large and we want to push upgrades wherever as possible as quickly as possible. If we weren't in the security software space I think this change would be an easier sell, but I am taking pause here because in our seat we want to push harder.

@Hinton
Copy link
Member Author

Hinton commented Oct 16, 2023

No, I'm referring to the developer workflow. A developer should not have to update their SDK every time a patch released is issued. We should enforce that the deployed code is built with appropriate releases though. But that's outside the scope of the global.json.

@withinfocus
Copy link
Contributor

Hmm not sure I agree -- we want our developers updated too, and this is ease to automate. With one regular command that I run regularly locally I get these updates (https://github.com/isen-ng/homebrew-dotnet-sdk-versions).

@Hinton
Copy link
Member Author

Hinton commented Oct 17, 2023

I generally try and avoid taps and installs it directly from Microsoft to ensure the integrity.

@Hinton Hinton changed the title Prevent renovate from bumping the dotnet sdk Lock SDK to 6.0.100 and ignore with Renovate updates Nov 28, 2023
@withinfocus
Copy link
Contributor

Relates to bitwarden/server#3478 -- we are opting for an easier developer experience as of now.

@@ -45,5 +45,6 @@
"matchManagers": ["github-actions"],
"matchUpdateTypes": ["minor", "patch"]
}
]
],
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ℹ️ If lockfiles show up for the .NET SDK here (I hope they don't) then we may need to force a Renovate constraint.

@@ -1,6 +1,6 @@
{
"sdk": {
"version": "6.0.413",
"version": "6.0.100",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ℹ️ I may take a quick look at an SDK upgrade to 8, unless you foresee an issue.

Copy link
Member Author

@Hinton Hinton Nov 28, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As long as the package remains compatible with all actively supported .NET versions. We may need to explore adding .net standard support in the future.

@Hinton Hinton merged commit 56fb552 into master Nov 28, 2023
46 checks passed
@Hinton Hinton deleted the ps/disable-renovate-dotnet-sdk branch November 28, 2023 14:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants