Automatic dependency & security updates like GitHub Dependabot #799

Open
opened 2 weeks ago by alexruf · 1 comments

Currently, CI integration is in work with Woodpecker CI.

An extremely helpful feature for many open source projects would be to have a similar feature like Github Dependabot integrated in Codeberg to do automatic dependecy & security updates for repositories via pull-requests.
Despite that Dependabot from GitHub is deeply integrated in their platform, it can be easily used by others due to its capability to run on Docker.
However, Dependabot has significant issues, like for example the fact that it is uncapable to properly deal with private packages in languages like Go.

I recently discovered that there is also Renovate, which is much more powerfull than GitHub's Dependabot. It is OpenSource as well, and has much more features like for example automatic completion of pull-requests and scanning of multiple repositories for dependecy updates at once.

Would be really cool to seem something like this on Codeberg and help a lot of users to improve their code quality and security.

Currently, CI integration is in work with [Woodpecker CI](https://woodpecker-ci.org/). An extremely helpful feature for many open source projects would be to have a similar feature like [Github Dependabot](https://github.com/dependabot) integrated in Codeberg to do automatic dependecy & security updates for repositories via pull-requests. Despite that Dependabot from GitHub is deeply integrated in their platform, it can be easily used by others due to its capability to run on Docker. However, Dependabot has significant issues, like for example the fact that it is uncapable to properly deal with private packages in languages like Go. I recently discovered that there is also [Renovate](https://renovatebot.com/), which is much more powerfull than GitHub's Dependabot. It is OpenSource as well, and has much more features like for example automatic completion of pull-requests and scanning of multiple repositories for dependecy updates at once. Would be really cool to seem something like this on Codeberg and help a lot of users to improve their code quality and security.
Owner

There has been some effort towards this some months ago in Codeberg-Infrastructure/configuration-as-code#29. @Epsilon_02 can you say what the problems were? I recall that Renovate wasn't very efficient?

There has been some effort towards this some months ago in https://codeberg.org/Codeberg-Infrastructure/configuration-as-code/pulls/29. @Epsilon_02 can you say what the problems were? I recall that Renovate wasn't very efficient?
fnetX added the
contribution welcome
infrastructure
service
Codeberg
labels 2 weeks ago
Sign in to join this conversation.
No Milestone
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Codeberg/Community#799
Loading…
There is no content yet.