Dependabot vs Renovate

[jlosito]

Hi there,

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

Behavior

What happened?

It appears that this project is using both renovate and dependabot at the same time. Personally I'm impartial to either tool. I believe one tool should probably be chosen whether that be dependabot or renovate and the other should be removed from the project so that there's a single point of truth as to which packages should be upgraded.

I'm not too sure if there's any benefit having both tools. Maybe there is. From my understanding, these are competing tools and essentially try to achieve the same goal. My concern is that one config is stating to ignore some dependencies, the other is not ignoring those dependencies. Furthermore, I'm not entirely sure if renovate is able to track upgrading GitHub action packages or if it only includes go modules.

[jcudit]

Thanks for pointing this out. From a maintenance point of view, dependabot is more verbose, which helps to keep dependency upgrades visible. My preference here is to remove renovate, but am open to other opinions. I have not noticed any friction as yet within the community around this, so admittedly would not seek to address it ahead of other tasks.

[github-actions]

👋 Hey Friends, this issue has been automatically marked as stale because it has no recent activity. It will be closed if no further activity occurs. Please add the Status: Pinned label if you feel that this issue needs to remain open/active. Thank you for your contributions and help in keeping things tidy!

[kfcampbell]

In #1394 I removed Renovate from the project so we're officially using Dependabot here.