chore(deps): defer Prisma major updates pending coordinated upgrade ADR (#39)
CI / check (push) Successful in 3m1s
CI / commits (push) Has been skipped
CI / scan (push) Failing after 2m41s
CI / a11y (push) Successful in 2m12s
CI / perf (push) Failing after 2m48s

## Summary
Renovate kept proposing Prisma 7 even though we deliberately downgraded to Prisma 6 in #3 — `nestjs-prisma@0.27.0` is incompatible with Prisma 7's driver-adapter contract, and the upgrade is non-trivial enough to warrant its own ADR rather than a silent Renovate merge.

- **`renovate.json`** — add `enabled: false` packageRule for `matchUpdateTypes: ["major"]` on `prisma`, `@prisma/*`, `nestjs-prisma`. Patch and minor bumps of the 6.x line keep flowing.
- **ADR-0006** — new "Prisma version pin: 6.x in v1" subsection records the narrowing of "latest stable major" to 6.x and the two triggers for revisiting:
  1. `nestjs-prisma` ships a release supporting Prisma 7, or
  2. We decide to drop `nestjs-prisma` for a hand-rolled `PrismaModule`.

  Either path needs its own ADR (schema, client instantiation, request-scoped lifecycle all to re-validate).

## Test plan
- [ ] Once merged, the open Prisma 7 PR can be closed (see closure comment below) and won't be recreated.
- [ ] Next Renovate run confirms no Prisma-major PR is created (check the dependency dashboard issue).
- [ ] Next patch/minor of Prisma 6.x still produces a normal grouped "Prisma" PR.

---------

Co-authored-by: Julien Gautier <julien.gautier@apf.asso.fr>
Reviewed-on: #39
This commit was merged in pull request #39.
This commit is contained in:
2026-05-06 19:31:48 +02:00
parent 68a819d88a
commit 8bb2d7b43f
2 changed files with 24 additions and 1 deletions
@@ -46,6 +46,22 @@ The engine is pinned to the latest stable major at workspace bootstrap, and trac
Prisma is wired into NestJS via the `nestjs-prisma` integration, with a dedicated `PrismaService` extending `PrismaClient` and exposed through DI. Migrations are managed by `prisma migrate`, committed to the repository, validated in CI, and applied through a controlled deployment step (covered by a future infrastructure ADR). Prisma is wired into NestJS via the `nestjs-prisma` integration, with a dedicated `PrismaService` extending `PrismaClient` and exposed through DI. Migrations are managed by `prisma migrate`, committed to the repository, validated in CI, and applied through a controlled deployment step (covered by a future infrastructure ADR).
### Prisma version pin: 6.x in v1
The "latest stable major" rule above is **temporarily** narrowed to **Prisma 6.x** in v1. Reason: at the time of workspace bootstrap, Prisma 7 was the latest major, but `nestjs-prisma@0.27.0` (the only maintained NestJS integration) is not compatible with Prisma 7 — `PrismaClient` instantiation throws under the new driver-adapter contract. We hit this directly in PR #3 and downgraded to Prisma 6.
Concretely:
- `prisma` and `@prisma/client` are constrained to `6.x` in `package.json`.
- `renovate.json` declares an `enabled: false` rule for **major** bumps of `prisma`, `@prisma/*`, `nestjs-prisma` so Renovate stops re-proposing the upgrade until we lift the pin.
This pin is revisited (and an upgrade ADR is opened) when **either** of these triggers fires:
1. `nestjs-prisma` ships a release that supports Prisma 7 (the wrapper catches up); or
2. We decide to drop `nestjs-prisma` in favour of a hand-rolled `PrismaModule` (the wrapper is replaced).
Either path is a non-trivial change — schema, client instantiation, and the request-scoped lifecycle all need to be re-validated — so it warrants its own ADR rather than a silent Renovate merge.
### Consequences ### Consequences
- Good, because PostgreSQL is the de facto enterprise open-source RDBMS — mature HA, replication, RLS, JSONB, full-text search. - Good, because PostgreSQL is the de facto enterprise open-source RDBMS — mature HA, replication, RLS, JSONB, full-text search.
@@ -58,9 +74,10 @@ Prisma is wired into NestJS via the `nestjs-prisma` integration, with a dedicate
### Confirmation ### Confirmation
- `apps/portal-bff` depends on `prisma` and `@prisma/client`. - `apps/portal-bff` depends on `prisma` and `@prisma/client`, both pinned to `6.x` (see "Prisma version pin: 6.x in v1" above).
- A single `schema.prisma` lives at `apps/portal-bff/prisma/schema.prisma`. - A single `schema.prisma` lives at `apps/portal-bff/prisma/schema.prisma`.
- `nestjs-prisma`'s `PrismaModule` is imported globally in the BFF. - `nestjs-prisma`'s `PrismaModule` is imported globally in the BFF.
- `renovate.json` carries an `enabled: false` rule on `matchUpdateTypes: ["major"]` for `prisma`, `@prisma/*`, `nestjs-prisma`. The rule disappears in the same PR as the Prisma 7 upgrade ADR.
- CI runs `prisma validate` and `prisma migrate diff` against the staging schema. - CI runs `prisma validate` and `prisma migrate diff` against the staging schema.
- Database engine version is pinned in deployment manifests. - Database engine version is pinned in deployment manifests.
+6
View File
@@ -38,6 +38,12 @@
"groupName": "Prisma", "groupName": "Prisma",
"matchPackageNames": ["prisma", "@prisma/*", "nestjs-prisma"] "matchPackageNames": ["prisma", "@prisma/*", "nestjs-prisma"]
}, },
{
"matchPackageNames": ["prisma", "@prisma/*", "nestjs-prisma"],
"matchUpdateTypes": ["major"],
"enabled": false,
"description": "Prisma 7 requires a coordinated upgrade with nestjs-prisma compatibility (Prisma 7 was downgraded to 6 in PR #3 because nestjs-prisma 0.27.0 is incompatible with Prisma 7). Re-enable once a Prisma 7 ADR lands and the wrapper situation is settled — see ADR-0006 §'Prisma version pin: 6.x in v1'."
},
{ {
"groupName": "Vitest", "groupName": "Vitest",
"matchPackageNames": ["vitest", "@vitest/*", "/^vitest-/"] "matchPackageNames": ["vitest", "@vitest/*", "/^vitest-/"]