@ -260,8 +260,7 @@ We are using [Gradle version catalog](https://docs.gradle.org/current/userguide/
All the dependencies (including android artifact, gradle plugin, etc.) should be declared in [../gradle/libs.versions.toml](libs.versions.toml) file.
All the dependencies (including android artifact, gradle plugin, etc.) should be declared in [../gradle/libs.versions.toml](libs.versions.toml) file.
Some dependency, mainly because they are not shared can be declared in `build.gradle.kts` files.
Some dependency, mainly because they are not shared can be declared in `build.gradle.kts` files.
[Dependabot](https://github.com/dependabot) is set up on the project. This tool will automatically create Pull Request to upgrade our dependencies one by one.
[Renovate](https://github.com/apps/renovate) is set up on the project. This tool will automatically create Pull Request to upgrade our dependencies one by one. A [dependency dashboard issue](https://github.com/vector-im/element-x-android/issues/150) is maintained by the tool and allow to perform some actions.
**Note** Dependabot does not support yet Gradle version catalog. This is tracked by [this issue](https://github.com/dependabot/dependabot-core/issues/3121).
* [Avoid fixing other unrelated issue in a big PR](#avoid-fixing-other-unrelated-issue-in-a-big-pr)
* [Avoid fixing other unrelated issue in a big PR](#avoid-fixing-other-unrelated-issue-in-a-big-pr)
* [Bots](#bots)
* [Bots](#bots)
* [Dependabot](#dependabot)
* [Renovate](#renovate)
* [Gradle wrapper](#gradle-wrapper)
* [Gradle wrapper](#gradle-wrapper)
* [Sync analytics plan](#sync-analytics-plan)
* [Sync analytics plan](#sync-analytics-plan)
* [Reviewing PR](#reviewing-pr)
* [Reviewing PR](#reviewing-pr)
@ -135,9 +135,9 @@ It's also applicable for code rework (such as renaming for instance), or code fo
Some bots can create PR, but they still have to be reviewed by the team
Some bots can create PR, but they still have to be reviewed by the team
##### Dependabot
##### Renovate
Dependabot is a tool which maintain all our external dependencies up to date. A dedicated PR is created for each new available release for one of our external dependency.Dependabot
Renovate is a tool which maintain all our external dependencies up to date. A dedicated PR is created for each new available release for one of our external dependencies.
To review such PR, you have to
To review such PR, you have to
- **IMPORTANT** check the diff files (as always).
- **IMPORTANT** check the diff files (as always).
@ -146,7 +146,7 @@ To review such PR, you have to
- If the code does not compile (API break for instance), you have to checkout the branch and push new commits
- If the code does not compile (API break for instance), you have to checkout the branch and push new commits
- Do some smoke test, depending of the library which has been upgraded
- Do some smoke test, depending of the library which has been upgraded
For some reason dependabot sometimes does not upgrade some dependencies. In this case, and when detected, the upgrade has to be done manually.
For some reasons (like for instance a change in package declaration) the tool sometimes does not upgrade some dependencies. In this case, and when detected, the upgrade has to be done manually.