From cf2a4aa5c236a434dff77baca43a623fae79a538 Mon Sep 17 00:00:00 2001 From: Stefan VanBuren Date: Thu, 19 Mar 2026 07:06:19 -0400 Subject: [PATCH] Switch from Dependabot to Renovate We've run into some rough edges with Python, `uv` and Dependabot, and have had success with Renovate over in connect-python (see connectrpc/connect-python#105). --- .github/dependabot.yml | 14 -------------- .github/renovate.json5 | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 14 deletions(-) delete mode 100644 .github/dependabot.yml create mode 100644 .github/renovate.json5 diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 43ce270..0000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,14 +0,0 @@ -version: 2 -updates: - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "weekly" - - package-ecosystem: "uv" - directory: "/" - schedule: - interval: "weekly" - ignore: - # We will manually update these as we drop compatibility for older versions. - - dependency-name: "protobuf" - - dependency-name: "types-protobuf" diff --git a/.github/renovate.json5 b/.github/renovate.json5 new file mode 100644 index 0000000..7617287 --- /dev/null +++ b/.github/renovate.json5 @@ -0,0 +1,40 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "helpers:pinGitHubActionDigests", + "schedule:earlyMondays" + ], + "prHourlyLimit": 0, + "lockFileMaintenance": { + "enabled": true + }, + "packageRules": [ + { + "matchManagers": [ + "github-actions" + ], + "groupName": "GitHub Actions" + }, + { + "matchManagers": [ + "pep621" + ], + "matchDepTypes": [ + "project.dependencies", + "project.optional-dependencies" + ], + "matchFileNames": [ + "pyproject.toml" + ], + // We manage production dependencies ourselves, only bumping + // when necessary. + "enabled": false + }, + { + "matchCategories": [ + "python" + ], + "groupName": "Python dependencies" + } + ] +}