ci(renovate): block NuGet packages with commercial license fees#50469
Conversation
chouetz
added
changelog/no-changelog
github-actions
Bot
added
the
short review
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 75a0ccdce8
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| "allowedVersions": "<8.0.0" | ||
| }, | ||
| { | ||
| "matchDepNames": ["WixToolset.Dtf.WindowsInstaller"], | ||
| "allowedVersions": "<6.0.0" |
There was a problem hiding this comment.
These rules target NuGet PackageReference dependencies, so Renovate evaluates allowedVersions with NuGet versioning rather than npm-style semver ranges. The <8.0.0 / <6.0.0 strings are not valid NuGet ranges, which causes the Renovate config validation for these dependencies to fail instead of blocking the paid major versions; use NuGet bracket ranges such as (,8.0.0) and (,6.0.0).
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Good catch — fixed in the latest commit. Switched to NuGet bracket notation: (,8.0.0) and (,6.0.0).
Files inventory check summaryFile checks results against ancestor a4176470: Results for datadog-agent_7.80.0~devel.git.561.c52eaa5.pipeline.111982213-1_amd64.deb:No change detected |
github-actions
Bot
added
medium review
Semver-style `<X.0.0` is not valid NuGet range syntax; Renovate parses NuGet allowedVersions with the nuget versioning module which only accepts bracket ranges. Switch to `(,8.0.0)` and `(,6.0.0)` so the version caps on FluentAssertions and WixToolset.Dtf.WindowsInstaller are actually enforced. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
gh-worker-dd-mergequeue-cf854d
Bot
deleted the
nschweitzer/renovate-license-blocklist
branch
Regression DetectorRegression Detector ResultsMetrics dashboard Baseline: e6684af Optimization Goals: ✅ No significant changes detected
|
| perf | experiment | goal | Δ mean % | Δ mean % CI | trials | links |
|---|---|---|---|---|---|---|
| ➖ | docker_containers_cpu | % cpu utilization | +0.46 | [-2.50, +3.42] | 1 | Logs |
Fine details of change detection per experiment
| perf | experiment | goal | Δ mean % | Δ mean % CI | trials | links |
|---|---|---|---|---|---|---|
| ➖ | docker_containers_cpu | % cpu utilization | +0.46 | [-2.50, +3.42] | 1 | Logs |
| ➖ | file_tree | memory utilization | +0.35 | [+0.31, +0.39] | 1 | Logs |
| ➖ | ddot_logs | memory utilization | +0.33 | [+0.26, +0.40] | 1 | Logs |
| ➖ | ddot_metrics | memory utilization | +0.30 | [+0.11, +0.50] | 1 | Logs |
| ➖ | docker_containers_memory | memory utilization | +0.26 | [+0.15, +0.37] | 1 | Logs |
| ➖ | otlp_ingest_metrics | memory utilization | +0.26 | [+0.11, +0.40] | 1 | Logs |
| ➖ | quality_gate_logs | % cpu utilization | +0.24 | [-0.73, +1.21] | 1 | Logs bounds checks dashboard |
| ➖ | quality_gate_metrics_logs | memory utilization | +0.19 | [-0.06, +0.44] | 1 | Logs bounds checks dashboard |
| ➖ | quality_gate_idle_all_features | memory utilization | +0.17 | [+0.13, +0.22] | 1 | Logs bounds checks dashboard |
| ➖ | uds_dogstatsd_to_api_v3 | ingress throughput | +0.03 | [-0.17, +0.22] | 1 | Logs |
| ➖ | file_to_blackhole_1000ms_latency | egress throughput | +0.02 | [-0.40, +0.45] | 1 | Logs |
| ➖ | tcp_dd_logs_filter_exclude | ingress throughput | +0.02 | [-0.09, +0.12] | 1 | Logs |
| ➖ | uds_dogstatsd_to_api | ingress throughput | +0.01 | [-0.20, +0.21] | 1 | Logs |
| ➖ | file_to_blackhole_100ms_latency | egress throughput | -0.00 | [-0.14, +0.13] | 1 | Logs |
| ➖ | uds_dogstatsd_20mb_12k_contexts_20_senders | memory utilization | -0.00 | [-0.05, +0.04] | 1 | Logs |
| ➖ | ddot_metrics_sum_cumulativetodelta_exporter | memory utilization | -0.02 | [-0.26, +0.22] | 1 | Logs |
| ➖ | file_to_blackhole_0ms_latency | egress throughput | -0.03 | [-0.53, +0.48] | 1 | Logs |
| ➖ | file_to_blackhole_500ms_latency | egress throughput | -0.03 | [-0.43, +0.36] | 1 | Logs |
| ➖ | quality_gate_idle | memory utilization | -0.18 | [-0.22, -0.13] | 1 | Logs bounds checks dashboard |
| ➖ | ddot_metrics_sum_delta | memory utilization | -0.20 | [-0.39, -0.02] | 1 | Logs |
| ➖ | otlp_ingest_logs | memory utilization | -0.26 | [-0.36, -0.15] | 1 | Logs |
| ➖ | ddot_metrics_sum_cumulative | memory utilization | -0.36 | [-0.51, -0.20] | 1 | Logs |
| ➖ | tcp_syslog_to_blackhole | ingress throughput | -1.12 | [-1.32, -0.92] | 1 | Logs |
Bounds Checks: ✅ Passed
| perf | experiment | bounds_check_name | replicates_passed | observed_value | links |
|---|---|---|---|---|---|
| ✅ | docker_containers_cpu | simple_check_run | 10/10 | 714 ≥ 26 | |
| ✅ | docker_containers_memory | memory_usage | 10/10 | 244.05MiB ≤ 370MiB | |
| ✅ | docker_containers_memory | simple_check_run | 10/10 | 720 ≥ 26 | |
| ✅ | file_to_blackhole_0ms_latency | memory_usage | 10/10 | 0.16GiB ≤ 1.20GiB | |
| ✅ | file_to_blackhole_0ms_latency | missed_bytes | 10/10 | 0B = 0B | |
| ✅ | file_to_blackhole_1000ms_latency | memory_usage | 10/10 | 0.21GiB ≤ 1.20GiB | |
| ✅ | file_to_blackhole_1000ms_latency | missed_bytes | 10/10 | 0B = 0B | |
| ✅ | file_to_blackhole_100ms_latency | memory_usage | 10/10 | 0.17GiB ≤ 1.20GiB | |
| ✅ | file_to_blackhole_100ms_latency | missed_bytes | 10/10 | 0B = 0B | |
| ✅ | file_to_blackhole_500ms_latency | memory_usage | 10/10 | 0.19GiB ≤ 1.20GiB | |
| ✅ | file_to_blackhole_500ms_latency | missed_bytes | 10/10 | 0B = 0B | |
| ✅ | quality_gate_idle | intake_connections | 10/10 | 3 ≤ 4 | bounds checks dashboard |
| ✅ | quality_gate_idle | memory_usage | 10/10 | 140.54MiB ≤ 147MiB | bounds checks dashboard |
| ✅ | quality_gate_idle_all_features | intake_connections | 10/10 | 3 ≤ 4 | bounds checks dashboard |
| ✅ | quality_gate_idle_all_features | memory_usage | 10/10 | 471.31MiB ≤ 495MiB | bounds checks dashboard |
| ✅ | quality_gate_logs | intake_connections | 10/10 | 4 ≤ 6 | bounds checks dashboard |
| ✅ | quality_gate_logs | memory_usage | 10/10 | 181.27MiB ≤ 195MiB | bounds checks dashboard |
| ✅ | quality_gate_logs | missed_bytes | 10/10 | 0B = 0B | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | cpu_usage | 10/10 | 347.95 ≤ 2000 | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | intake_connections | 10/10 | 4 ≤ 6 | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | memory_usage | 10/10 | 364.56MiB ≤ 430MiB | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | missed_bytes | 10/10 | 0B = 0B | bounds checks dashboard |
Explanation
Confidence level: 90.00%
Effect size tolerance: |Δ mean %| ≥ 5.00%
Performance changes are noted in the perf column of each table:
- ✅ = significantly better comparison variant performance
- ❌ = significantly worse comparison variant performance
- ➖ = no significant change in performance
A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".
For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:
-
Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.
-
Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.
-
Its configuration does not mark it "erratic".
CI Pass/Fail Decision
✅ Passed. All Quality Gates passed.
- quality_gate_idle, bounds check intake_connections: 10/10 replicas passed. Gate passed.
- quality_gate_idle, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_idle_all_features, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_idle_all_features, bounds check intake_connections: 10/10 replicas passed. Gate passed.
- quality_gate_logs, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_logs, bounds check intake_connections: 10/10 replicas passed. Gate passed.
- quality_gate_logs, bounds check missed_bytes: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check intake_connections: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check missed_bytes: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check cpu_usage: 10/10 replicas passed. Gate passed.
2 participants
What does this PR do?
Adds
allowedVersionsconstraints inrenovate.jsonto prevent Renovate from proposing updates to NuGet packages that have introduced commercial license fees:FluentAssertions: capped at<8.0.0(v8+ requires a paid license for commercial use)WixToolset.Dtf.WindowsInstaller: capped at<6.0.0(v6+ requires an Open Source Maintenance Fee for revenue-generating users)Motivation
Two Renovate PRs were declined because the proposed versions crossed a license boundary:
FluentAssertionsv7 → v8)WixToolset.Dtf.WindowsInstallerv5 → v6)Using
allowedVersions(rather thanenabled: false) keeps patch/minor updates flowing within the free tier, while permanently blocking the paid major versions.Describe how you validated your changes
Verified the license change boundaries:
Additional Notes
All other NuGet packages tracked in the Renovate dashboard were audited and confirmed to have free/open-source licenses (MIT, Apache 2.0, BSD-3-Clause).