-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathrenovate.json5
More file actions
102 lines (99 loc) · 4.55 KB
/
renovate.json5
File metadata and controls
102 lines (99 loc) · 4.55 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
// Config options: https://docs.renovatebot.com/configuration-options/#dependencydashboard
// Template fields: https://docs.renovatebot.com/templates/#other-available-fields
// NOTE: This is a JSON5 file, which allows comments and trailing commas but JSON requires
// double escaped backslashes in regex strings to preserve the escaping
// If using vscode, install JSON5 extension to get syntax highlighting
// https://marketplace.visualstudio.com/items?itemName=mrmlnc.vscode-json5
// To test changes, run:
// export LOG_LEVEL=debug && nvm install 20 && nvm exec 22 npx --yes --package renovate -- renovate --dry-run --token $(gh auth token) --platform=local | tee renovate-log.txt
// renovate config reference: https://docs.renovatebot.com/configuration-options/
{
$schema: "https://docs.renovatebot.com/renovate-schema.json",
extends: [
"config:recommended",
"default:automergeDigest",
":semanticCommits",
// Use recommended monorepo groupings
// This preset groups dependencies from the same monorepo together
// For example, all Angular packages, all Babel packages, etc.
// See https://docs.renovatebot.com/presets-group/#groupmonorepos
"group:monorepos",
],
// set the timezone to US eastern
timezone: "America/New_York",
configMigration: true,
// Auto-merge configuration
// Enable auto-merging of PRs - renovate will wait for all checks to succeed, including PR reviews if required (which they are)
// https://docs.renovatebot.com/configuration-options/#automerge
automerge: true,
automergeType: "pr",
// https://docs.renovatebot.com/configuration-options/#schedule
automergeSchedule: "after 10am and before 4pm every weekday",
// Use squash merging strategy
automergeStrategy: "squash",
// npm can unpublish within 3 days
minimumReleaseAge: "5 days",
// make sure internal checks are counted towards checks prior to PR creation
internalChecksAsSuccess: true,
// Wait for checks (including stability checks) to not be pending before PR creation.
// PR creation creates other checks too
prCreation: "not-pending",
prNotPendingHours: 3,
prHourlyLimit: 3,
prConcurrentLimit: 8,
osvVulnerabilityAlerts: true,
dependencyDashboardOSVVulnerabilitySummary: "all",
packageRules: [
// Dockerfile pinning rules (original)
{
matchManagers: ["dockerfile"],
pinDigests: true,
rangeStrategy: "pin",
},
// Docker Compose pinning rules - pin full semver + digest
{
matchManagers: ["docker-compose"],
description: "Pin docker-compose images to full semver versions with digests",
pinDigests: true,
rangeStrategy: "pin",
},
// Disable auto-merge for major version updates (docker-compose and dockerfile)
{
matchManagers: ["docker-compose", "dockerfile"],
matchUpdateTypes: ["major"],
description: "Disable auto-merge for major version updates - manual review required",
automerge: false,
},
// Enable auto-merge for digest pins and semver pins (minor/patch)
{
matchManagers: ["docker-compose", "dockerfile"],
matchUpdateTypes: ["digest", "pin", "minor", "patch"],
description: "Auto-merge digest updates and semver pins (minor/patch)",
automerge: true,
},
],
customManagers: [
// regex manager docs: https://docs.renovatebot.com/modules/manager/regex/
// To create regex for json:
// * create a regular expression like /my(?<match>.+)/ (note that they're always multiline!)
// * drop it into https://regex101.com/
// * in sidebar open code generator and copy the "alternative syntax". JSON5 supports ' and "
// so feel free to use whichever it generates
{
customType: "regex",
description: "Update node engine in package.json if it exists",
managerFilePatterns: ["/(^|/)package.json$/"],
datasourceTemplate: "node-version",
versioningTemplate: "node",
// because we don't have a capture group for it, this limits it to just node for this
// manager (yarn is also present in the engines block)
depNameTemplate: "node",
matchStrings: [
// multiline match, look for "engines" key and and treat that as a kv store
// (will not get any deeper than 1 level, so match until next closing brace + comma)
// ( ){1,2}"engines":\s*\{[^\n]*\n(( ){1,2}[^\n]*\n)*( ){1,2}"node":\s*"(?<currentValue>[^"]+)",?\n(( ){1,2}[^\n]*\n)*( ){1,2}\},\n
'( ){1,2}"engines":\\s*\\{[^\\n]*\\n(( ){1,2}[^\\n]*\\n)*( ){1,2}"node":\\s*"(?<currentValue>[^"]+)",?\\n(( ){1,2}[^\\n]*\\n)*( ){1,2}\\},\\n',
],
},
],
}