diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 83a7df7..0000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,28 +0,0 @@ -version: 2 -updates: - - package-ecosystem: pip - directory: / - schedule: - interval: weekly - commit-message: - prefix: "deps" - labels: - - dependencies - open-pull-requests-limit: 5 - groups: - pip-deps: - patterns: - - "*" - - - package-ecosystem: github-actions - directory: / - schedule: - interval: weekly - commit-message: - prefix: "ci" - labels: - - ci - groups: - ci-actions: - patterns: - - "*" diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..25d1f45 --- /dev/null +++ b/renovate.json @@ -0,0 +1,66 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:recommended", + ":semanticCommits", + ":maintainLockFilesWeekly" + ], + "minimumReleaseAge": "10 days", + "internalChecksFilter": "strict", + "labels": [ + "dependencies" + ], + "prConcurrentLimit": 10, + "vulnerabilityAlerts": { + "labels": [ + "security", + "fast-track" + ], + "minimumReleaseAge": "0 days", + "schedule": [ + "at any time" + ] + }, + "packageRules": [ + { + "matchPackagePatterns": [ + "^luckyPipewrench/", + "^ghcr\\.io/luckypipewrench/" + ], + "minimumReleaseAge": "0 days", + "description": "Own-org packages bypass cooldown (we control the supply chain)" + }, + { + "matchManagers": [ + "github-actions" + ], + "pinDigests": true, + "commitMessagePrefix": "ci:", + "addLabels": [ + "ci" + ], + "groupName": "ci-actions" + }, + { + "matchManagers": [ + "pip_requirements", + "pep621" + ], + "commitMessagePrefix": "deps:", + "addLabels": [ + "python" + ], + "groupName": "pip-deps" + }, + { + "matchUpdateTypes": [ + "major" + ], + "addLabels": [ + "major-update", + "needs-review" + ], + "automerge": false + } + ] +}