[Feature Request] Implement Renovate and trunk into the GitHub repo

I git cloned bolt.diy into my local on-premise install of GitLab-CE and enabled a basic Renovate config to the repo.

Renovate feedback

Question

  • Is somebody busy implementing dependency management and/or security management into the GitHub repo? Although, I’m more accustomed working with GitLab than with GitHub, but I’m more than willing to give it a try for a proper PR. We can work from there.
  • Is there interest in a DevSecOps engineer to assist for the bolt.diy project? I can assist and have spare time to invest.

Resources

Next steps (I will report back into this topic) after:

  • Implement all renovate merge requests
  • Docker build a new image
  • Check status vulnerabilities
  • (if still possible) Test out the Docker image/container

Docker scout

Critical and high high level vulnerabilities can already be resolved.

@Bolt-diy-core-team take a look here pls :slight_smile:

I love renovate but as there are quite some dependencies in this project, I believe we will be overwhelmed with PRs.
Automerge is a must in this setup, if you ask me.
And automerge without at least solid automated testing is… dangerous.

Thus, my first priority would be to bring test coverage up and then go for renovate.

Thoughts? Or better: Test engineer volunteers?

1 Like

@mrsimpson

I totally agree: automated testing is a prerequisite.

Well, overwhelmed is an understatement. I just went ahead on my GitLab instance and oh my… :face_with_spiral_eyes:

Due to the lock file nature Renovate can not merge all requests. Command line statements were required. A simple β€˜pnpm up’ and β€˜pnpm lint:fix’ became quite the challenge to say the least.

Ended up with numerous files with all kinds of errors like:

025-01-25 17:22:39.327 [info] πŸ” Running pre-commit hook to check the code looks good... πŸ”
Checking if pnpm is available...
Running typecheck...

> bolt@0.0.6 typecheck /home/gdo/bolt.diy
> tsc

app/components/chat/Chat.client.tsx(487,9): error TS2322: Type 'RefObject<HTMLTextAreaElement | null>' is not assignable to type 'RefObject<HTMLTextAreaElement>'.
  Type 'HTMLTextAreaElement | null' is not assignable to type 'HTMLTextAreaElement'.
    Type 'null' is not assignable to type 'HTMLTextAreaElement'.
app/components/editor/codemirror/CodeMirrorEditor.tsx(138,21): error TS2554: Expected 1 arguments, but got 0.
app/components/editor/codemirror/CodeMirrorEditor.tsx(139,22): error TS2554: Expected 1 arguments, but got 0.
app/components/editor/codemirror/CodeMirrorEditor.tsx(140,20): error TS2554: Expected 1 arguments, but got 0.
app/components/editor/codemirror/CodeMirrorEditor.tsx(141,29): error TS2554: Expected 1 arguments, but got 0.
app/components/editor/codemirror/CodeMirrorEditor.tsx(154,7): error TS2322: Type 'EditorDocument | undefined' is not assignable to type 'EditorDocument'.
  Type 'undefined' is not assignable to type 'EditorDocument'.
app/components/editor/codemirror/CodeMirrorEditor.tsx(191,9): error TS2322: Type 'undefined' is not assignable to type 'EditorView'.
app/components/ui/IconButton.tsx(23,22): error TS2503: Cannot find namespace 'JSX'.
app/components/ui/IconButton.tsx(23,36): error TS2503: Cannot find namespace 'JSX'.
app/components/ui/PanelHeaderButton.tsx(8,22): error TS2503: Cannot find namespace 'JSX'.
app/components/ui/PanelHeaderButton.tsx(8,42): error TS2503: Cannot find namespace 'JSX'.
app/components/ui/Slider.tsx(40,22): error TS2503: Cannot find namespace 'JSX'.
app/components/ui/Slider.tsx(40,42): error TS2503: Cannot find namespace 'JSX'.
app/components/workbench/FileBreadcrumb.tsx(90,19): error TS2322: Type '(ref: HTMLSpanElement | null) => HTMLSpanElement | null' is not assignable to type 'Ref<HTMLSpanElement> | undefined'.
  Type '(ref: HTMLSpanElement | null) => HTMLSpanElement | null' is not assignable to type '(instance: HTMLSpanElement | null) => void | (() => VoidOrUndefinedOnly)'.
    Type 'HTMLSpanElement | null' is not assignable to type 'void | (() => VoidOrUndefinedOnly)'.
      Type 'null' is not assignable to type 'void | (() => VoidOrUndefinedOnly)'.
app/components/workbench/Preview.tsx(386,17): error TS2322: Type 'RefObject<HTMLIFrameElement | null>' is not assignable to type 'RefObject<HTMLElement>'.
  Type 'HTMLIFrameElement | null' is not assignable to type 'HTMLElement'.
    Type 'null' is not assignable to type 'HTMLElement'.
app/components/workbench/Workbench.client.tsx(249,13): error TS2503: Cannot find namespace 'JSX'.
app/components/workbench/terminal/Terminal.tsx(28,27): error TS2554: Expected 1 arguments, but got 0.
app/lib/hooks/useSnapScroll.ts(5,25): error TS2554: Expected 1 arguments, but got 0.
app/lib/hooks/useSnapScroll.ts(6,23): error TS2554: Expected 1 arguments, but got 0.
app/lib/hooks/useSnapScroll.ts(7,23): error TS2554: Expected 1 arguments, but got 0.
app/lib/hooks/useSnapScroll.ts(25,7): error TS2322: Type 'undefined' is not assignable to type 'ResizeObserver'.
app/lib/hooks/useSnapScroll.ts(46,7): error TS2322: Type 'undefined' is not assignable to type 'HTMLDivElement'.
app/lib/hooks/useSnapScroll.ts(47,7): error TS2322: Type 'undefined' is not assignable to type '() => void'.
app/routes/webcontainer.preview.$id.tsx(20,31): error TS2554: Expected 1 arguments, but got 0.
app/utils/react.ts(3,44): error TS2503: Cannot find namespace 'JSX'.
app/utils/react.ts(5,52): error TS2344: Type 'T' does not satisfy the constraint 'JSXElementConstructor<any> | keyof IntrinsicElements'.
  Type 'string | number | symbol | JSXElementConstructor<any>' is not assignable to type 'JSXElementConstructor<any> | keyof IntrinsicElements'.
    Type 'string' is not assignable to type 'JSXElementConstructor<any> | keyof IntrinsicElements'.
app/utils/react.ts(5,88): error TS2344: Type 'T' does not satisfy the constraint 'JSXElementConstructor<any> | keyof IntrinsicElements'.
  Type 'string | number | symbol | JSXElementConstructor<any>' is not assignable to type 'JSXElementConstructor<any> | keyof IntrinsicElements'.
    Type 'string' is not assignable to type 'JSXElementConstructor<any> | keyof IntrinsicElements'.
 ELIFECYCLE  Command failed with exit code 2.
❌ Type checking failed! Please review TypeScript types.
Once you're done, don't forget to add your changes to the commit! πŸš€
husky - pre-commit script failed (code 1)

and also hit a wall with:

> pnpm up --latest
 WARN  2 deprecated subdependencies found: rollup-plugin-inject@3.0.2, sourcemap-codec@1.4.8
Already up to date
Progress: resolved 1399, reused 1248, downloaded 0, added 0, done
 WARN  Issues with peer dependencies found
.
β”œβ”€β”¬ @remix-run/react 2.15.2
β”‚ β”œβ”€β”€ βœ• unmet peer react@^18.0.0: found 19.0.0
β”‚ └── βœ• unmet peer react-dom@^18.0.0: found 19.0.0
└─┬ @remix-run/dev 2.15.2
  └── βœ• unmet peer vite@^5.1.0: found 6.0.11

I do very much like this kind of challenges. Besides that, I feel like when this project really takes off, this dependency management will become a real burden over time.

what is so special about the lockfile?
Renovate should support pnpm out-of-the-box, shouldn’t it?

Yes, Renovate should have out-of-box support. No doubt about that.


Note: As a newbie user on this platform, I’m not allowed to include more than one media item. It hinders me quite a bit in posting.

This is what I get (within GitLab) with numerous MRs:

This MR contains the following updates:

Package Type Update Change
@types/react devDependencies patch 18.3.12 β†’ 18.3.18
@types/react-dom devDependencies patch 18.3.1 β†’ 18.3.5

tab Changes (2):

Clicked on Resolve locally of tab Overview. This a non-workable solution.

Check out, review, and resolve locally

Step 1. Fetch and check out this merge request’s feature branch:
git fetch origin git checkout -b 'renovate/react-monorepo' 'origin/renovate/react-monorepo'
Step 2. Review the changes locally.
Step 3. Resolve any conflicts.
Step 4. Push the source branch up to GitLab.
git push origin 'renovate/react-monorepo'

I’m less familiar with the above and I really have to dive into it to come up with a proper and workable solution. Preferably and thinking along the lines of a proper CI pipeline and a devcontainer construction.

@remko.lems upgraded you to basic user. should work now.

1 Like