-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathrenovate.json5
More file actions
96 lines (87 loc) · 3.11 KB
/
Copy pathrenovate.json5
File metadata and controls
96 lines (87 loc) · 3.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
{
$schema: "https://docs.renovatebot.com/renovate-schema.json",
extends: [
// Use the best-practices preset. Adds options to pin dependencies.
// https://docs.renovatebot.com/upgrade-best-practices/#whats-in-the-configbest-practices-preset
"config:best-practices",
// Update dependencies monthly
"schedule:monthly",
// Add DCO sign-off
":gitSignOff",
// Add Aqua present to allow updating CLI tools.
// https://aquaproj.github.io/docs/guides/renovate/
"github>aquaproj/aqua-renovate-config#2.12.0",
// Update version numbers in Makefile.
// https://docs.renovatebot.com/presets-customManagers/#custommanagersmakefileversions
"customManagers:makefileVersions",
],
// NOTE: Set the prHourlyLimit to 0 to disable the hourly limit. This is done
// because we are using a monthly schedule and the default hourly limit of 2
// would cause Renovate to only create 2 PRs every month.
// Similarly set prConcurrentLimit to 0 to disable the concurrent PR limit.
prHourlyLimit: 0,
prConcurrentLimit: 0,
// Security alerts/updates.
vulnerabilityAlerts: {
enabled: true,
// Explicitly set the schedule to "at any time" to ensure that security
// update PRs are created as soon as possible.
schedule: ["at any time"],
},
osvVulnerabilityAlerts: true,
// Apply a dependency cooldown of 14 days. This helps to avoid issues with
// compromised releases.
// https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns
minimumReleaseAge: "14 days",
// These options suppress PR creation for dependencies that were released
// within minimumReleaseAge.
// https://docs.renovatebot.com/configuration-options/#suppress-branchpr-creation-for-x-days
prCreation: "not-pending",
internalChecksFilter: "strict",
// Enable the lock file maintenance feature to keep transitive dependencies up
// to date.
lockFileMaintenance: {
enabled: true,
// NOTE: Same as schedule:monthly preset.
schedule: ["* 0-3 1 * *"],
},
// Create a new issue for each config warning. By default, Renovate re-opens
// an existing issue which can be very old and is easily missed. Opening new
// issues is more intuitive.
configWarningReuseIssue: false,
// Group various ecosystem updates. Security updates are always separate.
packageRules: [
{
matchUpdateTypes: ["minor", "patch"],
groupName: "aqua",
matchFileNames: [".aqua.yaml", ".aqua-checksums.yaml"],
},
{
matchUpdateTypes: ["minor", "patch"],
groupName: "makefile",
matchFileNames: ["Makefile"],
},
{
matchManagers: ["github-actions"],
matchUpdateTypes: ["minor", "patch"],
groupName: "github-actions",
pinDigests: true,
},
{
matchManagers: ["pip_requirements"],
matchUpdateTypes: ["minor", "patch"],
groupName: "python",
},
{
matchManagers: ["npm"],
matchDepTypes: ["dependencies"],
matchUpdateTypes: ["minor", "patch"],
groupName: "npm",
},
{
matchManagers: ["npm"],
matchDepTypes: ["devDependencies"],
groupName: "npm dev",
},
],
}