Introduction
Bots are used to automate tasks in a plugin. The Plugin Health Scoring System tracks usage of two bots - Dependabot and Renovate.
Dependabot looks for dependencies that are outdated in a plugin. It can also raise a security alert if a security breach is found, like when the code depends on an insecure package.
Renovate provides automated dependency updates. It can also schedule PRs and customize behavior using configuration files.
Importance of the probe
This is a community requested probe to track the usage of Renovate. Bot tracking probes help in identifying which bot is used most by the plugins. In the future, the probe will aid in decision-making when the need arises to add or remove a bot.
The pull requests created by Renovate will be counted when scoring the probe.
Challenges
Dependabot
and Renovate
probes both had similar functionality: finding their respective configuration in GitHub
workflow.
Implementing the solution with the correct class design was a major challenge while working on this probe.
Outcome and Conclusion
Having implemented a similar class in the Security Scan probe, this probe was easy to complete. The probe has been successfully merged and pushed into production. The probe will help identify usage of Renovate in plugins.
Links
For more information or to find answers to any questions you might have, please visit the official GSoC 2023 project Adding Probes to "Plugin Health Score" description page.