Allow traffic analytics Docker updates to automerge

[ErisDS]

Summary

• add a narrow Renovate package rule for the ghost/traffic-analytics Docker image
• allow those Docker tag PRs to use PR automerge once CI has passed
• keep the rule scoped to this single internal image rather than enabling Docker automerge broadly

Why this change

The ghost/traffic-analytics Docker update PRs pass CI cleanly but are currently marked as manual because the shared Renovate preset only automerges npm, action, and uses-with dependency types. This adds a targeted Docker rule so future internal traffic analytics image updates can flow through the existing weekend/Monday automerge window without manual intervention.

[coderabbitai]

Walkthrough

The changes add a new package rule configuration to the Renovate configuration file that targets Docker image updates for the ghost/traffic-analytics package. This rule enables automatic merging of patch-level Docker image updates using pull requests. The change is limited to configuration and does not affect any exported public entities or source code.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: enabling automerge for the traffic analytics Docker updates in Renovate configuration.
Description check	✅ Passed	The description is well-related to the changeset, explaining what was added, why it was needed, and the scope of the change.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/renovate-automerge-traffic-analytics

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/renovate.json5:
- Around line 99-110: The automerge rule for the Docker package
"ghost/traffic-analytics" currently matches all update types; add a
matchUpdateTypes constraint to limit it to patches only by adding
matchUpdateTypes: ["patch"] alongside the existing matchDatasources and
matchPackageNames so that the automerge and automergeType settings only apply to
patch updates (refer to the rule using matchDatasources, matchPackageNames,
automerge, and automergeType).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f448869d-d4ef-4284-bf3d-496490da1167

📥 Commits

Reviewing files that changed from the base of the PR and between 04df2dd and a63fc20.

📒 Files selected for processing (1)

• .github/renovate.json5

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

In Renovate packageRules, if a rule has matchDatasources + matchPackageNames + automerge=true but no matchUpdateTypes, does it apply to all update types (major/minor/patch/digest/pin) for that dependency? Also, when another matching rule sets dependencyDashboardApproval=true for major updates, how are these rules combined?

💡 Result:

Yes. If a packageRules entry only has matchDatasources + matchPackageNames (and no matchUpdateTypes), then it matches that dependency regardless of update type—i.e., it’s not restricted to major/minor/patch/pin/digest unless you add a matcher like matchUpdateTypes. Renovate evaluates all rules, and a rule only “filters” on the match... fields you actually specify. [1] matchUpdateTypes is just an optional matcher (default is an empty list). [2]

When multiple packageRules match the same dependency update, Renovate merges the resulting config, and later rules can override earlier ones if they set the same option. [1]
So if one matching rule sets automerge: true (without matchUpdateTypes), and another matching rule sets dependencyDashboardApproval: true for matchUpdateTypes: ["major"], then for major updates you effectively get both: automerge=true and dependencyDashboardApproval=true (unless one of the rules explicitly overrides the other setting). [1][3]

Practical implication: major updates would still be subject to dashboard approval (Renovate “waits for your approval … before PRs are created”). [3] If your intent is “automerge everything except major”, then you typically either (a) scope the automerge rule to non-major update types, or (b) add a later major-only rule that sets automerge: false. [1][2]

Sources
[1] Renovate docs – packageRules are all evaluated; matching rules are merged; order matters/overrides; matcher logic (“all matchers must match”). (docs.renovatebot.com)
[2] Renovate docs – packageRules.matchUpdateTypes (matcher; default []; allowed update types). (docs.renovatebot.com)
[3] Renovate docs – dependencyDashboardApproval meaning (“wait for your approval … before PRs are created”; can be set in packageRules). (docs.renovatebot.com)

Citations:

• 1: https://docs.renovatebot.com/configuration-options/
• 2: https://docs.renovatebot.com/configuration-options/
• 3: https://docs.renovatebot.com/configuration-options/

---

Add matchUpdateTypes constraint to scope automerge to patch updates only

The rule at lines 99–110 lacks matchUpdateTypes, which means it applies to all Docker update types (major, minor, patch, etc.) for ghost/traffic-analytics, not just patches as the comment states. Without this constraint, the rule will automerge major and minor updates in addition to patches.

Suggested fix

        {
            "matchDatasources": [
                "docker"
            ],
            "matchPackageNames": [
                "ghost/traffic-analytics"
            ],
+           "matchUpdateTypes": [
+               "patch"
+           ],
            "automerge": true,
            "automergeType": "pr"
        },

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// Allow patch updates to the internal traffic analytics image to
	// automerge once CI has gone green.
	{
	"matchDatasources": [
	"docker"
	],
	"matchPackageNames": [
	"ghost/traffic-analytics"
	],
	"automerge": true,
	"automergeType": "pr"
	},
	// Allow patch updates to the internal traffic analytics image to
	// automerge once CI has gone green.
	{
	"matchDatasources": [
	"docker"
	],
	"matchPackageNames": [
	"ghost/traffic-analytics"
	],
	"matchUpdateTypes": [
	"patch"
	],
	"automerge": true,
	"automergeType": "pr"
	},

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/renovate.json5 around lines 99 - 110, The automerge rule for the
Docker package "ghost/traffic-analytics" currently matches all update types; add
a matchUpdateTypes constraint to limit it to patches only by adding
matchUpdateTypes: ["patch"] alongside the existing matchDatasources and
matchPackageNames so that the automerge and automergeType settings only apply to
patch updates (refer to the rule using matchDatasources, matchPackageNames,
automerge, and automergeType).

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 73.07%. Comparing base (0f7df8e) to head (a63fc20).
⚠️ Report is 12 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #27196      +/-   ##
==========================================
- Coverage   73.12%   73.07%   -0.06%     
==========================================
  Files        1531     1538       +7     
  Lines      121987   122291     +304     
  Branches    14698    14718      +20     
==========================================
+ Hits        89208    89364     +156     
- Misses      31784    31930     +146     
- Partials      995      997       +2     

Flag	Coverage Δ
admin-tests	54.38% <ø> (-0.02%)	⬇️
e2e-tests	73.07% <ø> (-0.06%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.