Skip to content

Configure Renovate #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 21, 2025
Merged

Configure Renovate #39

merged 2 commits into from
Jun 21, 2025

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Jun 21, 2025

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

Detected Package Files

  • .github/workflows/codeql.yml (github-actions)
  • .github/workflows/dependency-review.yml (github-actions)
  • .github/workflows/lint.yml (github-actions)
  • .github/workflows/ossf-scorecard.yml (github-actions)
  • .github/workflows/release.yml (github-actions)
  • .github/workflows/update-tags.yml (github-actions)
  • .github/workflows/lint.yml (regex)

Configuration Summary

Based on the default config's presets, Renovate will:

  • Start dependency updates only once this onboarding PR is merged
  • Hopefully safe environment variables to allow users to configure.
  • Enable Renovate Dependency Dashboard creation.
  • Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
  • Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
  • Group known monorepo packages together.
  • Use curated list of recommended non-monorepo package groupings.
  • Apply crowd-sourced package replacement rules.
  • Apply crowd-sourced workarounds for known problems with packages.
  • Pin Docker digests.
  • Pin github-action digests.
  • Enable Renovate configuration migration PRs when needed.
  • Pin dependency versions for development dependencies.
  • Update _VERSION variables in Dockerfiles.
  • Update _VERSION environment variables in GitHub Action files.
  • Require all status checks to pass before any automerging.
  • Remove hourly and concurrent rate limits.
  • Raise PR when vulnerability alerts are detected.
  • Append Signed-off-by: to signoff Git commits.
  • Upgrade to unstable versions only if the existing version is unstable.
  • Evaluate schedules according to timezone Europe/London.
  • Show all Merge Confidence badges for pull requests.
  • Enable Renovate Dependency Dashboard creation.
  • Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
  • Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
  • Group known monorepo packages together.
  • Use curated list of recommended non-monorepo package groupings.
  • Apply crowd-sourced package replacement rules.
  • Apply crowd-sourced workarounds for known problems with packages.
  • Run Renovate on following schedule: * 5-21 * * MON-FRI

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

What to Expect

With your current configuration, Renovate will create 1 Pull Request:

Bump rhysd/actionlint Docker digest to 887a259
  • Schedule: ["* 5-21 * * MON-FRI"]
  • Branch name: renovate/github-actions/rhysd-actionlint
  • Merge into: main
  • Upgrade rhysd/actionlint to sha256:887a259a5a534f3c4f36cb02dca341673c6089431057242cdc931e9f133147e9

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

This PR was generated by Mend Renovate. View the repository job log.

@renovate
Add renovate.json
24674e5 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot added the dependencies Pull requests that update a dependency file label Jun 21, 2025
@renovate renovate bot requested a review from martincostello as a code owner June 21, 2025 10:13
@renovate renovate bot added the dependencies Pull requests that update a dependency file label Jun 21, 2025
@martincostello
Update Renovate configuration
9c9b693 
- Move to `.github`.
- Disable dependabot.
- Add label to actionlint.
@martincostello martincostello enabled auto-merge (squash) June 21, 2025 10:21
@martincostello martincostello merged commit 5c7ef6a into main Jun 21, 2025
6 checks passed
@martincostello martincostello deleted the renovate/configure branch June 21, 2025 10:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@martincostello martincostello martincostello approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@martincostello