From 4d6b272761ecfd93f24afacb9cb1c1bf491c77fb Mon Sep 17 00:00:00 2001 From: Misha Sugakov Date: Tue, 16 Sep 2025 10:50:58 +0200 Subject: [PATCH 1/6] Adjust Renovate schedules As part of https://issues.redhat.com/browse/ROX-30592 Note that I switched syntax from "Later" to "Cron" because that's what Renovate docs suggest. See https://docs.renovatebot.com/configuration-options/#schedule > Renovate supports the standard Cron syntax, as well as deprecated > support for a subset of Later syntax. We recommend you always use > Cron syntax, due to its superior testing and robustness. I checked the new expressions with https://crontab.guru --- .github/renovate.json5 | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 615d4bc0d..4a3bf9159 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -20,17 +20,22 @@ "timezone": "Etc/UTC", "schedule": [ // Allowed syntax: https://docs.renovatebot.com/configuration-options/#schedule + // This is a "general" schedule for managers that don't declare their own. Practically, each of our used managers + // overrides it either here or in the global config. // The time was selected (with the help of https://time.fyi/timezones) so that Renovate isn't active during business - // hours from Germany to US West Coast. This way, after we merge a PR, a new one does not pop up immediately after - // that. - "after 3am and before 7am", + // hours from Central Europe to US West Coast. This way, after we merge a PR, a new one does not pop up immediately + // after that. + // Between 3a.m. and 7a.m. every day. + "* 3-7 * * *", ], - // Tell Renovate not to update PRs when outside of schedule. - "updateNotScheduled": false, + // Allow Renovate updating PRs when outside schedule. + "updateNotScheduled": true, "tekton": { "schedule": [ - // Override Konflux custom schedule for this manager to our intended one. - "after 3am and before 7am", + // Between 3a.m. and 7a.m. on weekends. + // Doing more frequently just creates more PR, commit and email traffic. We can afford to be slower here as + // Conforma allows 30 days to update tasks. + "* 3-7 * * 0,6", ], "packageRules": [ // Note: the packageRules from the Konflux config (find URL in comments above) get merged with these. @@ -49,8 +54,9 @@ "**/*konflux*.Dockerfile", ], "schedule": [ - // Override Konflux custom schedule for this manager to our intended one. - "after 3am and before 7am", + // Between 3a.m. and 7a.m. every day. + // It's important to keep dockerfiles fresh to avoid releasing with CVEs. + "* 3-7 * * *", ], "postUpgradeTasks": { "commands": [ @@ -61,9 +67,9 @@ }, "rpm-lockfile": { "schedule": [ - // Override Konflux custom schedule for this manager to our intended one. - // Note that MintMaker will create security updates outside of schedule. - "after 3am and before 7am", + // Between 3a.m. and 7a.m. every day. + // Note that MintMaker will create security updates ignoring schedules. + "* 3-7 * * *", ], }, "enabledManagers": [ From c74302686b66f2b37da4a6ce27be01272038b813 Mon Sep 17 00:00:00 2001 From: Misha Sugakov Date: Tue, 16 Sep 2025 11:12:29 +0200 Subject: [PATCH 2/6] Bump prHourlyLimit and run task updates on Monday morning too Our Cron expression for Konflux task updates plus the default limit of 2 may not allow creating all necessary PRs over the weekend. Therefore, I bump the value. Value `4` was unscientifically chosen. Found out about this setting from docs https://konflux-ci.dev/docs/mintmaker/user/#how-to-limit-the-number-of-prsmrs https://docs.renovatebot.com/configuration-options/#prhourlylimit --- .github/renovate.json5 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 4a3bf9159..954b27cef 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -30,12 +30,14 @@ ], // Allow Renovate updating PRs when outside schedule. "updateNotScheduled": true, + // Bump the default limit on the number of PRs that can be created per hour. + "prHourlyLimit": 4, "tekton": { "schedule": [ - // Between 3a.m. and 7a.m. on weekends. + // Between 3a.m. and 7a.m. on weekends and Mondays. // Doing more frequently just creates more PR, commit and email traffic. We can afford to be slower here as // Conforma allows 30 days to update tasks. - "* 3-7 * * 0,6", + "* 3-7 * * 0,1,6", ], "packageRules": [ // Note: the packageRules from the Konflux config (find URL in comments above) get merged with these. From 79072eb61140876287a9de1240e85f294c76fa8b Mon Sep 17 00:00:00 2001 From: Misha Sugakov Date: Tue, 16 Sep 2025 11:18:12 +0200 Subject: [PATCH 3/6] Auto-format and add trailing commas where missing --- .github/renovate.json5 | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 954b27cef..b1053ff28 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -80,18 +80,24 @@ "dockerfile", "rpm-lockfile", ], - "packageRules": [{ - "matchPackageNames": ["*"], - "groupName": "All updates", - "automerge": true, - // A known issue is that some non-Konflux CI jobs currently fail, which may prevent successful auto-merging with a "branch" auto-merge setting. - // Therefore, we use PR merge type and have automation approve PRs. - "automergeType": "pr", - "automergeStrategy": "squash", - // Tell Renovate that it can automerge branches at any time of the day. - "automergeSchedule": [ - "at any time" - ], - }], - "labels": ["auto-approve"], + "packageRules": [ + { + "matchPackageNames": [ + "*", + ], + "groupName": "All updates", + "automerge": true, + // A known issue is that some non-Konflux CI jobs currently fail, which may prevent successful auto-merging with a "branch" auto-merge setting. + // Therefore, we use PR merge type and have automation approve PRs. + "automergeType": "pr", + "automergeStrategy": "squash", + // Tell Renovate that it can automerge branches at any time of the day. + "automergeSchedule": [ + "at any time", + ], + } + ], + "labels": [ + "auto-approve", + ], } From 05c1befff65f8bbe158a7fbc398026cb28e24f72 Mon Sep 17 00:00:00 2001 From: Misha Sugakov Date: Wed, 24 Sep 2025 20:00:25 +0200 Subject: [PATCH 4/6] Remove schedule overrides for managers that do the same as default following the announcement https://groups.google.com/a/redhat.com/g/konflux-announce/c/atbFtt5ad7Y/m/wzl0u96OAAAJ --- .github/renovate.json5 | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index b1053ff28..c921777e5 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -20,8 +20,7 @@ "timezone": "Etc/UTC", "schedule": [ // Allowed syntax: https://docs.renovatebot.com/configuration-options/#schedule - // This is a "general" schedule for managers that don't declare their own. Practically, each of our used managers - // overrides it either here or in the global config. + // This is a "general" schedule for managers that don't declare their own. // The time was selected (with the help of https://time.fyi/timezones) so that Renovate isn't active during business // hours from Central Europe to US West Coast. This way, after we merge a PR, a new one does not pop up immediately // after that. @@ -55,11 +54,6 @@ // to have less PR noise. "**/*konflux*.Dockerfile", ], - "schedule": [ - // Between 3a.m. and 7a.m. every day. - // It's important to keep dockerfiles fresh to avoid releasing with CVEs. - "* 3-7 * * *", - ], "postUpgradeTasks": { "commands": [ // Refresh the rpm lockfile after updating image references in the dockerfile. @@ -67,13 +61,6 @@ ], }, }, - "rpm-lockfile": { - "schedule": [ - // Between 3a.m. and 7a.m. every day. - // Note that MintMaker will create security updates ignoring schedules. - "* 3-7 * * *", - ], - }, "enabledManagers": [ // Restrict Renovate focus on Konflux things since we rely on GitHub's dependabot for everything else. "tekton", From 3adf889189d0a64cf2aba98b0148d8ba797e046d Mon Sep 17 00:00:00 2001 From: Misha Sugakov Date: Wed, 24 Sep 2025 20:05:04 +0200 Subject: [PATCH 5/6] Bump PR limits following StackRox See https://github.com/stackrox/stackrox/pull/16877 --- .github/renovate.json5 | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index c921777e5..a2991ea0f 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -17,6 +17,12 @@ // This tells Renovate to combine all updates in one PR so that we have fewer PRs to deal with. "group:all", ], + // The number of PRs that can be open against the repo. + "prConcurrentLimit": 20, + // `null` means the branch limit should be the same as PR limit. + "branchConcurrentLimit": null, + // The number of PRs MintMaker can open in one hour, effectively in one run. + "prHourlyLimit": 4, "timezone": "Etc/UTC", "schedule": [ // Allowed syntax: https://docs.renovatebot.com/configuration-options/#schedule @@ -29,8 +35,6 @@ ], // Allow Renovate updating PRs when outside schedule. "updateNotScheduled": true, - // Bump the default limit on the number of PRs that can be created per hour. - "prHourlyLimit": 4, "tekton": { "schedule": [ // Between 3a.m. and 7a.m. on weekends and Mondays. From 500ec1dc005485829570effa21f45a0b50010ece Mon Sep 17 00:00:00 2001 From: Misha Sugakov Date: Wed, 24 Sep 2025 20:12:23 +0200 Subject: [PATCH 6/6] Flip `updateNotScheduled` back to `false` I changed my mind 360 degrees. The reason it was set to `false` is to prevent messing up the CI status due to MintMaker updates to PR. Let's keep it `false` and see how it goes. --- .github/renovate.json5 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index a2991ea0f..60415b58b 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -33,8 +33,8 @@ // Between 3a.m. and 7a.m. every day. "* 3-7 * * *", ], - // Allow Renovate updating PRs when outside schedule. - "updateNotScheduled": true, + // Tell Renovate not to update PRs when outside schedule. + "updateNotScheduled": false, "tekton": { "schedule": [ // Between 3a.m. and 7a.m. on weekends and Mondays.