From c6b5df0936c52e57a2fc1e012ac81d701eac504e Mon Sep 17 00:00:00 2001 From: "senol.colak" Date: Fri, 8 May 2026 14:11:54 +0200 Subject: [PATCH 1/3] Add Renovate configuration for automated dependency updates Configures Renovate with the same patterns used in liquid-ceph: - Groups minor/patch external deps into a single PR - Automerges github.com/sapcc and github.com/cobaltcore-dev deps - Gates Go minor/major version bumps behind dashboard approval - Runs go mod tidy after updates - Schedules PRs for Friday mornings - Enables OSV vulnerability alerts --- .github/renovate.json | 71 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 .github/renovate.json diff --git a/.github/renovate.json b/.github/renovate.json new file mode 100644 index 0000000..4f0c62e --- /dev/null +++ b/.github/renovate.json @@ -0,0 +1,71 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:recommended", + "default:pinDigestsDisabled", + "mergeConfidence:all-badges", + "docker:disable" + ], + "commitMessageAction": "Renovate: Update", + "constraints": { + "go": "1.26" + }, + "dependencyDashboardOSVVulnerabilitySummary": "all", + "osvVulnerabilityAlerts": true, + "postUpdateOptions": [ + "gomodTidy", + "gomodUpdateImportPaths" + ], + "packageRules": [ + { + "matchPackageNames": [ + "/.*/" + ], + "matchUpdateTypes": [ + "minor", + "patch" + ], + "groupName": "External dependencies" + }, + { + "matchPackageNames": [ + "/^github\\.com\\/sapcc\\/.*/" + ], + "automerge": true, + "groupName": "github.com/sapcc" + }, + { + "matchPackageNames": [ + "/^github\\.com\\/cobaltcore-dev\\/.*/" + ], + "automerge": true, + "groupName": "github.com/cobaltcore-dev" + }, + { + "matchPackageNames": [ + "go", + "golang", + "actions/go-versions" + ], + "groupName": "golang", + "separateMinorPatch": true + }, + { + "matchPackageNames": [ + "go", + "golang", + "actions/go-versions" + ], + "matchUpdateTypes": [ + "minor", + "major" + ], + "dependencyDashboardApproval": true + } + ], + "prHourlyLimit": 0, + "schedule": [ + "before 8am on Friday" + ], + "semanticCommits": "disabled" +} From 0d3f1a453f9f0ad93cbd0b3f120297e80dcb94e8 Mon Sep 17 00:00:00 2001 From: "senol.colak" Date: Wed, 13 May 2026 10:37:53 +0200 Subject: [PATCH 2/3] Restrict automerge to minor/patch for sapcc and cobaltcore-dev deps Without matchUpdateTypes, major version bumps would be automerged without human review. Gate major bumps by limiting automerge to minor and patch updates only. --- .github/renovate.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/renovate.json b/.github/renovate.json index 4f0c62e..b74fece 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -31,6 +31,7 @@ "matchPackageNames": [ "/^github\\.com\\/sapcc\\/.*/" ], + "matchUpdateTypes": ["minor", "patch"], "automerge": true, "groupName": "github.com/sapcc" }, @@ -38,6 +39,7 @@ "matchPackageNames": [ "/^github\\.com\\/cobaltcore-dev\\/.*/" ], + "matchUpdateTypes": ["minor", "patch"], "automerge": true, "groupName": "github.com/cobaltcore-dev" }, From cbaa928f28473f68cc7b8fc352d875aba356a9d1 Mon Sep 17 00:00:00 2001 From: "senol.colak" Date: Wed, 13 May 2026 10:40:57 +0200 Subject: [PATCH 3/3] Align automerge rules with liquid-ceph convention Internal sapcc/cobaltcore-dev packages are trusted to follow semver, so automerge all update types (including major) matching the pattern used in liquid-ceph. --- .github/renovate.json | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/renovate.json b/.github/renovate.json index b74fece..4f0c62e 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -31,7 +31,6 @@ "matchPackageNames": [ "/^github\\.com\\/sapcc\\/.*/" ], - "matchUpdateTypes": ["minor", "patch"], "automerge": true, "groupName": "github.com/sapcc" }, @@ -39,7 +38,6 @@ "matchPackageNames": [ "/^github\\.com\\/cobaltcore-dev\\/.*/" ], - "matchUpdateTypes": ["minor", "patch"], "automerge": true, "groupName": "github.com/cobaltcore-dev" },