As part of getting ready for my new job at Mend this week, working on Renovate, I've been thinking a little bit about my workflow. One of the choices the Renovate maintainers made a couple of years ago was that Q&A/feature requests should come through the GitHub Discussions on the project, then will be "promoted" into an Issue that then will get addressed after a level of triage. I'm a big fan of this, as well as the fact that the project is using Discussion category forms to provide a struct...| Jamie Tanna | Software Engineer
How a change targeting internal GitHub repositories backfired and inadvertently made Elastic's public-facing repositories private.| Jamie Tanna | Software Engineer
I'm not particularly jq-savvy, so when I have to play with it, I find it a little difficult at times. (Yes, LLMs make the process a little less painful, as I can outsource some of the thinking to them) Although there are online tools like the JQ Playground, y'all know my thoughts on the fact that you shouldn't use online tools, so I wanted to look for alternatives. I'd started looking into Neovim plugins for it, and then found a cool Terminal User Interface (TUI) called jqp which provides a l...| Jamie Tanna | Software Engineer
When working with GitHub Actions, you may have encountered a Workflow that pins the digest of the Action being used: steps:- uses:release-drafter/release-drafter@09c613e259eb8d4e7c81c2cb00618eb5fc4575a7# v5 So how do you go about determining the digest? We definitely don't want to manually update these over time, and so instead want to outsource this to tools like Renovate and Dependabot, which understand i.e. the v5 means "keep this up-to-date with the latest v5.x release". For folks not awa...| Jamie Tanna | Software Engineer
With oapi-codegen, as many other folks in the ecosystem, we've been asked a few times in the past "can you please update this dependency as it has a CVE". I'll generally reach for govulncheck as a way to confirm the impact, given it validates - via static analysis - whether the dependency is actually called as part of your operation (sometimes known as "reachability"). Although we're still working towards defining when dependencies with CVEs will be updated, this is a step towards being able ...| Jamie Tanna | Software Engineer
Early in 2024, I hit an issue with Go not allowing me to use go:embed. (Aside: this is one of those posts that has been on the backburner and I'm finally getting around to it given I had a few minutes spare, and I want to test some new functionality in my blog-to-LinkedIn syndication.) I can't remember the full details for what I was exactly doing, but I remember having a set of files such as: % ls -al total 20 drwxr-xr-x 2 jamie jamie 4096 Sep 10 15:00 . drwx------ 3 jamie jamie 4096 Sep 10 ...| Jamie Tanna | Software Engineer
I'm very excited to announce that in September, I'll be joining Mend to work on the Mend Renovate CLI (the Open Source project commonly known as "Renovate") 馃殌 Readers of my blog will be unsurprised that I was ecstatic to get the opportunity to join the team working on Renovate - Renovate is a project I've been working with for about ~6 years, got a tonne of joy out of, kept a load of software up-to-date, had viral blog posts (and many other opportunities to blog) and it built the foundatio...| Jamie Tanna | Software Engineer
I've written before about why I love Renovate for dependency management and some lessons learned self hosting Renovate. One thing I've not yet shared are some top tips for running Renovate "at scale" that I've found useful, in my own personal capacity. This post is primarily aimed to folks who operate Renovate as-a-service for other parts of their organisation, whether that's Mend Renovate CLI (the Open Source project) or Mend Renovate Community Edition or Mend Renovate Enterprise Edition. Th...| Jamie Tanna | Software Engineer
How to use the `tools.go` pattern to source-track your Go tool dependencies, but without polluting your top-level `go.mod`.| Jamie Tanna | Software Engineer
How to use `go install` to install a binary from the version tracked in `go.mod`.| Jamie Tanna | Software Engineer
Some tips for making Renovate work even better when working on a large multi-team monorepo, where each team has different requirements for their Renovate usage.| Jamie Tanna | Software Engineer
An example of how to reduce the size of a Go module's dependencies by taking advanage of Go module pruning.| Jamie Tanna | Software Engineer
Better dependency management for your tools and without needing to `go install` the tools before executing them.| Jamie Tanna | Software Engineer
Why I'm very excited about `go tool` landing in Go 1.24.| Jamie Tanna | Software Engineer
