whitesource / merge-confidence Goto Github PK
View Code? Open in Web Editor NEWThe home of Mend's Merge Confidence feature, for Renovate and Mend Remediate
The home of Mend's Merge Confidence feature, for Renovate and Mend Remediate
I know that stabilityDays
has some edge cases, where it's not always functioning well.
I was thinking that Merge Confidence, is also a more useful concept, as it gives more feedback and information on the proposed upgrade. So it might make sense to scrap stabilityDays
in favor of a mergeConfidence
feature where you can select a preferred stability level.
So the question is what is the direction you're going to take this? Is Merge Confidence a straight up replacement of stabilityDays
or are you keeping both things around?
Not sure this is the right place to put this request, but I'd really like to be able to only get PRs for packages that are X days old. I've seen many times where I get a PR for a new boto3 version, but when my CI tests run it can't find that version yet. If I could put an age requirement on it, then I could avoid that situation. It seems like right now the Age only shows up on the badge, but you can't include it in the configuration options.
I just tried out WhiteSource Renovate today. So far, all of the PRs are causing failures during CI testing.
$ git fetch origin +refs/pull/364/merge:
fatal: couldn't find remote ref refs/pull/364/merge
$ git checkout -qf f2bb2ca98968b82ce4700d7e33c3500870444543
fatal: reference is not a tree: f2bb2ca98968b82ce4700d7e33c3500870444543
The command "git checkout -qf f2bb2ca98968b82ce4700d7e33c3500870444543" failed and exited with 128 during .
Seems it has something to do with the fact that every PR created by this app force-pushes and there's some race condition happening between the PR and the CI.
Nice work on the merge confidence feature! This is very interesting and feels like there’s lots that could be done with this data like you show in your blog post.
From the perspective of a package maintainer – I think I would be very interested in having access to the merge confidence data for my packages’ updates. Is this something you’ve considered? For example, as a maintainer of draftjs_exporter, when I make a release I would be interested in knowing whether users’ test suites are passing with this new release, whether people have managed to merge the upgrade, etc. Projects like Prettier, or any and all linters generally, could also be projects where it’s very interesting to know how much breakage there is with each release, as the breakage is somewhat inevitable.
Currently there isn’t really a good way to do this at scale in the package management ecosystem. Some package repositories have quantitative info about adoption in the form of "download statistics" for packages, but that’s about it. Some projects publish alpha/beta/RC releases in the hopes of collecting feedback from users, but that’s all very ad-hoc and qualitative rather than quantitative. Merge confidence feels like it could automate this feedback loop.
Trying to use it self-hosted renovate. We are getting above error.
Thank you for your help.
Create a public-facing website which lets users dig into Merge Confidence details, such as visualizing adoption usage across all releases.
The images used for age, adoption, passing, and confidence level are not accessible to screen readers. Currently, the markdown looks like:
![age](...)
The text in the square brackets should be useful alternative text. Just repeating the title is not describe the meaning of the image.
The markdown simply needs to be adjusted to reflect actual age, percentage, or confidence level.
I was looking through a Renovate dashboard for a big project, and I noticed they have a lot of major upgrades pending.
It would be nice if the Renovate bot can tell you on the dashboard about the confidence level of pending upgrades.
So that a team that's behind on upgrades can pick high confidence upgrades first.
I was thinking of adding a badge for all fields, but that would only clutter things up.
I think using the Merge Confidence badge alone is probably enough.
A badge with "low/neutral/high/very high", for a quick at-a-glance feel of whether the upgrade will be "hard" or "easy" to merge.
I don't know how to get different badges for my mock-up, so I'm grabbing them from a Renovate PR.
This issue contains a list of Renovate updates and their statuses.
These branches will be created by Renovate only once you click their checkbox below.
These updates are awaiting their schedule. Click on a checkbox to ignore the schedule.
These updates await pending status checks. To force their creation now, check the box below.
Badges don't currently display in gmail, seemingly because they are SVG. ref
Although SVG is generally preferable, we will look into rendering them as PNG due to this.
First of all, congrats for this great feature. I've had an idea that might take it one step further.
In my experience, I've had (minor or major) version upgrades failing because I needed to upgrade not just one but multiple dependencies at the same time, and sometimes, wait for Package B to release a version compatible with Package A's new version. Figuring that out takes a bit of time.
It seems that with the data you have, you may be able to find correlations between a release's test results and the presence and version of other dependencies, e.g.:
react
v17 from v16 has a 80% test success ratereact-dom
v16, this upgrade has a 20% success ratereact-dom
v17, this upgrade has a 98% success ratereact
v17 is successful when it is made along with react-dom
v17, and we can help developers upgrade by informing them of that correlation.This is a fictional example since react is a monorepo, but you probably get the idea.
There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.
Error type: Cannot find preset's package (github>whitesource/merge-confidence:beta)
How to use? --> "extends": ["github>whitesource/merge-confidence:beta"], adding on renovate.json we get this error above.
Hi,
i found whitesource's general privacy policy, but it would be useful for transparency and other reasons to clarify which kind of data is collected/transmitted etc..
(btw the privacy policy link on https://resources.whitesourcesoftware.com/news-whitesource/merge-confidence-feature# links back to the page itself)
regards,
strowi
Currently most monorepo updates such as for @angular
show low data because we currently exclude branches with more than one update from our statistics. However, for packages which are nearly always upgraded together, this means we filter out all the data!
First step will be to prefer source URL for each package and base our filtering on unique source URLs instead of package names.
Second step will be to include weighted scores for multi-source PRs, especially if they pass.
The markdown engine we are using for BitBucket server does not support @ in links.
We have been able to fix this by replacing {{replace '/' '%2f' depName}}
with {{replace '@' '%40' (replace '/' '%2f' depName)}}
There should be a way to disable merge confidence for specific repos so that internal project names are not leaked to https://badges.renovateapi.com
Take prettier
for example. From using it for 1-2 years:
Both scenarios (2) and (3) don't mean "bad upgrade!". In scenario (1), I shouldn't really care even if it broke something big like 40% of other repos. In scenario (2), it can be useful to know "it wasn't just me" but it doesn't really change my decision whether it's 2% or 40% of others breaking. For (3), if I see it causes a large percent of repos to fail then it's interesting to know but still doesn't change much.
The same thing goes especially for things like eslint plugins.
WhiteSource rebranded to Mend, so the image should be updated.
Hi guys, I am figuring out how to configure renovate to auto-merge my own dependencies.
It saves us some time when we release patches to our type libs.
Some advice about this?
Jose
I'm not certain this is a solvable issue, but here's what I've seen.
Using:
Steps:
poetry add fabric
(this adds Fabric
to pyproject.toml, poetry will not resolve fabric
)2.6.0
Fabric
instead of fabric
in the renovateapi urls shows the correct dataPackage | Change | Age | Adoption | Passing | Confidence |
---|---|---|---|---|---|
Fabric (source, changelog) | 2.6.0 -> 2.7.0 |
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [Fabric](https://fabfile.org) ([source](https://github.com/fabric/fabric), [changelog](https://www.fabfile.org/changelog.html)) | `2.6.0` -> `2.7.0` | [![age](https://badges.renovateapi.com/packages/pypi/Fabric/2.7.0/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/Fabric/2.7.0/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/Fabric/2.7.0/compatibility-slim/2.6.0)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/Fabric/2.7.0/confidence-slim/2.6.0)](https://docs.renovatebot.com/merge-confidence/) |
Package | Change | Age | Adoption | Passing | Confidence |
---|---|---|---|---|---|
Fabric (source, changelog) | 2.6.0 -> 2.7.0 |
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [Fabric](https://fabfile.org) ([source](https://github.com/fabric/fabric), [changelog](https://www.fabfile.org/changelog.html)) | `2.6.0` -> `2.7.0` | [![age](https://badges.renovateapi.com/packages/pypi/fabric/2.7.0/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/fabric/2.7.0/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/fabric/2.7.0/compatibility-slim/2.6.0)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/fabric/2.7.0/confidence-slim/2.6.0)](https://docs.renovatebot.com/merge-confidence/) |
whitesource/merge-confidence:beta
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.