Configure your repository scan to use Smart Merge Control
Overview
Mend Renovate offers several parameters to configure your repository integration scans for Smart Merge Control. There is not a one-fits-all, optimal configuration for Smart Merge Control, as it’s usage is very flexible on what you wish to implement.
Getting it done
Smart Merge Control - packageRules.matchConfidence parameter
Note: For background knowledge, visit the Renovate Docs on Merge Confidence.
Smart Merge Control is regulated by the matchConfidence parameter within the packageRules block of a Renovate configuration. The matchConfidence parameter can have a string value of low, neutral, high, or very high:
Low Confidence - We think the update is likely to fail your tests because it has failed many other repository tests.
Neutral Confidence - We don't have enough data about the update, or we can't decide if the update should be low or high confidence.
High Confidence - We rank updates as high confidence when the combination of Age, Adoption, and Passing tests means there's a very low chance of breaking changes.
Very High Confidence - We only use this for updates that have either high Merge Confidence Adoption or very high Merge Confidence Passing scores.
Smart Merge Control configuration file
Depending on your Mend repository integration setup, the configuration for Smart Merge Control can be included in the following Mend configuration files:
.whitesource file - Local repository configuration - Insert the Smart Merge Control configuration directly into your .whitesource file to apply to one repository. The Renovate configuration is located within the
remediateSettingsblock.repo-config.json file - Global repository configuration - Insert the Smart Merge Control configuration directly into your repo-config.json file to apply to all integrated repositories. The Renovate configuration is located within the
remediateSettingsblock.renovate.json file - (GitHub.com only) Standalone Renovate configuration - To point to an existing renovate.json file that includes your Smart Merge Control configuration, include the path to the renovate.json file within the
extendsblock of your Renovate configuration located in your .whitesource or repo-config.json file.Or - renovate.json5 file - An alternative file name ending for the renovate.json file. Using the json5 format allows comments to be included in the file.
Tip: Looking for examples to follow? Visit our KB space for Smart Merge Control Implementation Examples.
Reference
Supported platforms for Smart Merge Control
Smart Merge Control is supported by all repository integrations.
Self-Hosted repository integrations must set MEND_ADVANCED_MERGE_CONFIDENCE_ENABLED=true as described in Advanced Technical Information
Supported languages for Smart Merge Control
The following languages and their package managers are supported by Smart Merge Control:
https://docs.renovatebot.com/merge-confidence/#supported-languages
Boundaries of Smart Merge Control
When using Smart Merge Control, there are interactions between other parameters that can occur. Therefore, we offer the following guidance:
Due to the restriction of dependencyDashboard support in Mend for Azure Repos and Bitbucket Cloud, we caution against setting dependencyDashboardApproval to true in these repository integrations. Doing so will result in Renovate pull requests not being created as there will be no way to review and approve pending updates when there is no Dependency Dashboard available.
However, some updates that were withheld for approval based on age or confidence might eventually be created when the age or confidence levels reach user-defined limits.
If you are using Remediate and Renovate together, we do not recommend suppressing low and neutral confidence level updates. Please note that the Mend Repository Integrations’ Least Vulnerable Packages feature will not be usable with this configuration, as it requires Remediate to be enabled.