Skip to content

chore: Configure Renovate#17

Closed
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/configure
Closed

chore: Configure Renovate#17
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/configure

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented May 17, 2026

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

📚 See our Reading List for relevant documentation you may be interested in reading.

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

Detected Package Files

  • .github/workflows/ci.yml (github-actions)
  • .github/workflows/codeql.yml (github-actions)
  • .github/workflows/dependency-review.yml (github-actions)
  • .github/workflows/fuzz.yml (github-actions)
  • .github/workflows/release.yml (github-actions)
  • .github/workflows/scorecard.yml (github-actions)
  • pyproject.toml (poetry)

Configuration Summary

Based on the default config's presets, Renovate will:

  • Start dependency updates only once this onboarding PR is merged
  • Hopefully safe environment variables to allow users to configure.
  • Show all Merge Confidence badges for pull requests.
  • Enable Renovate Dependency Dashboard creation.
  • Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
  • Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
  • Group known monorepo packages together.
  • Use curated list of recommended non-monorepo package groupings.
  • Show only the Age and Confidence Merge Confidence badges for pull requests.
  • Apply crowd-sourced package replacement rules.
  • Apply crowd-sourced workarounds for known problems with packages.
  • Ensure that every dependency pinned by digest and sourced from Forgejo contains a link to the commit-to-commit diff
  • Ensure that every dependency pinned by digest and sourced from Gitea contains a link to the commit-to-commit diff
  • Ensure that every dependency pinned by digest and sourced from GitHub.com and Github enterprise contains a link to the commit-to-commit diff
  • Ensure that every dependency pinned by digest and sourced from GitLab.com contains a link to the commit-to-commit diff
  • Correctly link to the source code for golang.org/x packages
  • Link to pkg.go.dev/... for golang.org/x packages' title

What to Expect

With your current configuration, Renovate will create 3 Pull Requests:

chore(deps): update github/codeql-action digest to 9e0d7b8
  • Schedule: ["at any time"]
  • Branch name: renovate/github-codeql-action-digest
  • Merge into: main
  • Upgrade github/codeql-action to 9e0d7b8d25671d64c341c19c0152d693099fb5ba
chore(deps): update dependency python to 3.14
  • Schedule: ["at any time"]
  • Branch name: renovate/python-3.x
  • Merge into: main
  • Upgrade python to 3.14
chore(deps): update luckypipewrench/pipelock action to v2.4.0
  • Schedule: ["at any time"]
  • Branch name: renovate/luckypipewrench-pipelock-2.x
  • Merge into: main
  • Upgrade luckyPipewrench/pipelock to cef4f47eb99ffe00e20fa7d1423bff1a44742dbe

🚸 PR creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for prHourlyLimit for details.

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from luckyPipewrench as a code owner May 17, 2026 18:32
@luckyPipewrench luckyPipewrench mentioned this pull request May 17, 2026
Merged
luckyPipewrench added a commit that referenced this pull request May 17, 2026
@luckyPipewrench
chore(deps): migrate from dependabot to renovate with cooldown (#18)
c1a2d0c 
* chore(deps): migrate from dependabot to renovate with cooldown

Replaces .github/dependabot.yml with renovate.json. Adds a 10-day
minimum release age before any routine update PR opens, with a
vulnerability-alert bypass so CVE fixes fast-track. Enables SHA digest
pinning for GitHub Actions.

Groups preserved from dependabot: pip-deps (pip_requirements + pep621
for pyproject.toml), ci-actions (github-actions).

Requires the Mend Renovate GitHub App, already enabled on the org.
Supersedes the default-config onboarding PR (#17).

* chore(deps): bypass cooldown for own-org packages

Adds a packageRule to skip the 10-day minimumReleaseAge for any
package matching luckyPipewrench/ or ghcr.io/luckypipewrench/. Same
pattern as the other repos that reference our own org packages.

Fast-tracks pipelock action and image bumps for dogfood loops.
@renovate renovate Bot deleted the renovate/configure branch May 17, 2026 20:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@luckyPipewrench luckyPipewrench Awaiting requested review from luckyPipewrench luckyPipewrench is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants