opencommit/roadmap

PatchBot #1

New issue

Open

opened 2026-04-11 21:51:31 +02:00 by mvdkleijn · 0 comments

mvdkleijn commented

2026-04-11 21:51:31 +02:00

Owner

1. What

Development of a managed automation service that leverages the Renovate engine to provide "zero-configuration" dependency management for OpenCommit users. Rather than requiring users to configure their own bots, PatchBot acts as a platform-level orchestrator that automatically detects repositories and manages the lifecycle of dependency updates (scanning, PR creation, and configuration injection) via our centralized infrastructure.

PatchBot will be opt-in for users.

2. Why

Zero-Friction Experience: Delivers an immediate "magic" moment for new users; they host code on OpenCommit, and automated dependency updates "just appear".
Platform Security: Standardizes security posture across the entire ecosystem by actively promoting best practices in dependency patching.
Operational Efficiency: Centralizing Renovate execution within our Kubernetes infrastructure reduces the compute/maintenance burden on individual users and simplifies platform-wide auditing.
Ecosystem Trust: Positions OpenCommit as a high-maturity, "hands-off" platform for developers who prioritize security without manual overhead.

3. Boundaries

In-Scope:
- Orchestration Layer: A service to monitor Forgejo/Git repositories and trigger Renovate scans based on a schedule or event.
- Configuration Injection: An automated mechanism to inject a standardized, optimized renovate.json into user repositories at runtime.
- Resource Management: Managing the lifecycle of ephemeral Renovate containers/runners within our K8s cluster.
- Identity & Auth: Managing the "PatchBot" bot-user credentials and permissions to allow seamless PR creation in user repos.
Out-of-Scope:
- Developing custom dependency parsing logic (leveraging Renovate's existing engine).
- Handling complex, manual code refactoring required by breaking changes.
- Providing a standalone, user-configurable Renovate UI (the focus is on the "Zero-Config" managed approach).

4. Definition of Done

Automated Discovery: The service successfully identifies new repositories within the OpenCommit organization and prepares them for automated scanning.
Opt-In: The service only activates for repositories which were opt-ed in by the owner.
Seamless Configuration: A user's repository is updated with dependency PRs without the user ever having to write a single line of Renovate configuration.
Resource Isolation: Renovate execution is isolated within our infrastructure, ensuring that heavy scans do not impact the performance of the core OpenCommit services.
Identity Integrity: The PatchBot identity can successfully authenticate, create branches, and submit Pull Requests back to user-owned repositories.
Observability: Platform admins can monitor the success/failure rates of the orchestration layer via our centralized logging system.

## **1. What** Development of a managed automation service that leverages the Renovate engine to provide "zero-configuration" dependency management for OpenCommit users. Rather than requiring users to configure their own bots, PatchBot acts as a platform-level orchestrator that automatically detects repositories and manages the lifecycle of dependency updates (scanning, PR creation, and configuration injection) via our centralized infrastructure. PatchBot will be opt-in for users. ## **2. Why** * **Zero-Friction Experience:** Delivers an immediate "magic" moment for new users; they host code on OpenCommit, and automated dependency updates "just appear". * **Platform Security:** Standardizes security posture across the entire ecosystem by actively promoting best practices in dependency patching. * **Operational Efficiency:** Centralizing Renovate execution within our Kubernetes infrastructure reduces the compute/maintenance burden on individual users and simplifies platform-wide auditing. * **Ecosystem Trust:** Positions OpenCommit as a high-maturity, "hands-off" platform for developers who prioritize security without manual overhead. ## **3. Boundaries** * **In-Scope:** * **Orchestration Layer:** A service to monitor Forgejo/Git repositories and trigger Renovate scans based on a schedule or event. * **Configuration Injection:** An automated mechanism to inject a standardized, optimized `renovate.json` into user repositories at runtime. * **Resource Management:** Managing the lifecycle of ephemeral Renovate containers/runners within our K8s cluster. * **Identity & Auth:** Managing the "PatchBot" bot-user credentials and permissions to allow seamless PR creation in user repos. * **Out-of-Scope:** * Developing custom dependency parsing logic (leveraging Renovate's existing engine). * Handling complex, manual code refactoring required by breaking changes. * Providing a standalone, user-configurable Renovate UI (the focus is on the "Zero-Config" managed approach). ## **4. Definition of Done** * [ ] **Automated Discovery:** The service successfully identifies new repositories within the OpenCommit organization and prepares them for automated scanning. * [ ] **Opt-In:** The service only activates for repositories which were opt-ed in by the owner. * [ ] **Seamless Configuration:** A user's repository is updated with dependency PRs without the user ever having to write a single line of Renovate configuration. * [ ] **Resource Isolation:** Renovate execution is isolated within our infrastructure, ensuring that heavy scans do not impact the performance of the core OpenCommit services. * [ ] **Identity Integrity:** The PatchBot identity can successfully authenticate, create branches, and submit Pull Requests back to user-owned repositories. * [ ] **Observability:** Platform admins can monitor the success/failure rates of the orchestration layer via our centralized logging system.