Fixed Renovate rebasing all open PRs during workday

[9larsons]

The hourly self-hosted Renovate workflow was force-pushing every open Renovate PR on each tick, firing a fresh CI run on each — including during the workday, despite the off-hours schedule block in renovate.json5.

Renovate's schedule only gates new PR creation. Its updateNotScheduled option defaults to true, which keeps existing branches getting rebased and force-pushed any time the runner ticks. Combined with the '17 * * * *' cron, that was ~30 min of Actions compute every daytime hour plus a CI storm across all open Renovate PRs.

Changes:

• renovate.json5: updateNotScheduled: false so branch maintenance also obeys the windows. vulnerabilityAlerts.schedule: "at any time" overrides this per-block, so CVE-driven PRs continue to flow intraday.
• renovate.yml: replaced the hourly wildcard cron with 5 windowed entries matching the schedule windows, plus one weekday 14:17 UTC tick so the CVE path still has a runner. Roughly halves the weekly tick count and removes ~17h/day of daytime no-op runner time.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 61d7908f-4c49-4e72-a0e9-8e45b11385c8

📥 Commits

Reviewing files that changed from the base of the PR and between c5b4a80 and d944998.

📒 Files selected for processing (2)

• .github/renovate.json5
• .github/workflows/renovate.yml

---

Walkthrough

This PR optimizes Renovate scheduling by making two coordinated changes. The Renovate configuration is updated to set updateNotScheduled: false, which prevents Renovate from rebasing and force-pushing existing PR branches outside the configured schedule windows—while preserving the separate override that allows vulnerability alerts to be processed at any time. In parallel, the GitHub Actions Renovate workflow's schedule is updated from a single hourly cron to multiple targeted UTC time windows that correspond to Renovate's active periods, reducing unnecessary self-hosted runner wake-ups when no update activity is scheduled.

Possibly related PRs

• TryGhost/Ghost#28157: Modifies Renovate workflow scheduling (cron/window timing) to control when Renovate runs.
• TryGhost/Ghost#28196: Changes Renovate workflow cron timing (0 * * * * to 17 * * * *), directly related to scheduling updates.
• TryGhost/Ghost#28040: Modifies Renovate configuration for controlling when vulnerability/security-driven PR updates and rebasing occur.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly describes the main fix: preventing Renovate from rebasing open PRs during workday, which is the primary issue addressed in the changeset.
Description check	✅ Passed	The description is comprehensive and directly related to the changeset, explaining the problem, its root cause, and the specific changes made to both configuration files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/renovate-workday-rebase-storm

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}