Add Renovate configuration for automated dependency updates#49
Add Renovate configuration for automated dependency updates#49senolcolak wants to merge 3 commits into
Conversation
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. 📝 WalkthroughWalkthroughAdded a Renovate configuration file that sets presets and schema, pins Go updates to 1.26, enables OSV vulnerability alerts with full summaries, runs ChangesRenovate Dependency Management Setup
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Tip 💬 Introducing Slack Agent: The best way for teams to turn conversations into code.Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.
Built for teams:
One agent for your entire SDLC. Right inside Slack. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 7
🧹 Nitpick comments (5)
.github/renovate.json (2)
66-66:prHourlyLimit: 0may flood the repo on the first Friday run.Disabling the hourly PR limit means Renovate can open an unbounded number of PRs in a single scheduled run. If there is a large backlog on the first execution (or after a long gap), this can swamp the review queue and saturate CI concurrency. Consider setting a modest limit (e.g.,
10–20) and widening the schedule window or usingprConcurrentLimitas a complementary cap.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/renovate.json at line 66, The Renovate config sets "prHourlyLimit": 0 which allows unlimited PRs in one run; change "prHourlyLimit" from 0 to a modest positive integer (e.g., 10 or 20) to cap hourly PR openings, and optionally add or adjust "prConcurrentLimit" and widen the Renovate schedule window to spread PRs across time; update the JSON key "prHourlyLimit" in the file and add "prConcurrentLimit" if not present to provide a complementary cap.
10-12: ⚡ Quick winManually-pinned
constraints.gowon't be kept current by Renovate.Renovate will not create "update" PRs to update any of these constraint versions once they become outdated, so they must be updated by hand. For this reason, setting constraints manually in the Renovate config is undesirable. Once Go 1.27 (or later) ships, this value becomes stale and may cause Renovate to select an older-than-necessary toolchain for running
go mod tidywithout any automated reminder to update it.Consider removing this field and letting Renovate detect the Go version from
go.modautomatically (its default behavior), or pair the constraint with apackageRulethat also updates it via Renovate.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/renovate.json around lines 10 - 12, The Renovate config currently hardcodes the Go toolchain under the "constraints" block as "go": "1.26", which Renovate will not auto-update; remove the manual constraint or replace it with a rule that keeps it in sync (e.g., delete the "constraints" object containing "go": "1.26" so Renovate will detect the Go version from go.mod automatically, or instead add a corresponding packageRule that targets the renovate config and updates this constraint whenever go.mod changes).docs/DEPLOYMENT.md (1)
308-314: 💤 Low valueAdd language identifier to architecture diagram.
The ASCII architecture diagram would benefit from a language identifier for consistent rendering.
📝 Suggested fix
-``` +```text Node A (Producer) ──┐ │ Node B (Producer) ──┼──► NATS Server ──► Consumer(s)🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/DEPLOYMENT.md` around lines 308 - 314, The fenced ASCII diagram block uses ``` without a language tag; update the code fence to include a language identifier (use "text") so the block becomes ```text and the diagram lines (e.g., "Node A (Producer) ──┐", "NATS Server", "Consumer(s)") render consistently; simply change the opening fence to ```text and keep the diagram content unchanged.docs/INDEX.md (1)
280-291: ⚡ Quick winAdd blank lines around tables for proper Markdown formatting.
The maturity status tables need blank lines before and after them for consistent rendering across Markdown parsers.
📝 Formatting fix
#### Option 1: Prysm-NG-Small (Recommended ⭐) + | Aspect | Target Status | Target Score | |--------|---------------|--------------| | **Overall Maturity** | Production-Grade | 9.0/10 | ... | **Timeline** | 6-9 months | - | + #### Option 2: Prysm-NG (Enterprise) + | Aspect | Target Status | Target Score | |--------|---------------|--------------| ...🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/INDEX.md` around lines 280 - 291, Add a blank line before and after each Markdown table to ensure proper rendering: locate the table starting with the header row "| Aspect | Target Status | Target Score |" and insert an empty line above its first "|", and also add an empty line after the last table row (before "#### Option 2: Prysm-NG (Enterprise)"); repeat the same for any subsequent tables so every table is separated by a blank line from surrounding headings and paragraphs.docs/README.md (1)
252-296: 💤 Low valueConsider adding language identifiers to ASCII diagrams.
The architecture diagrams would benefit from a language identifier like
textorasciifor better rendering and accessibility in various Markdown viewers.📝 Suggested improvement
-``` +```text ┌─────────────────────────────────────────────────────────────┐ │ Consumers │Apply the same change to the Kubernetes deployment diagram at line 273.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/README.md` around lines 252 - 296, The two ASCII diagrams (the Consumers/NATS diagram under the "Consumers" block and the Kubernetes Deployment diagram under the "Kubernetes Deployment" heading) currently use fenced code blocks without a language tag; update each opening triple-backtick to include a language identifier (e.g., ```text or ```ascii) so Markdown renderers treat them as plain text and preserve formatting — look for the code blocks that start with "┌─────────────────────────────────────────────────────────────┐" (Consumers) and the block that begins the Kubernetes cluster diagram (the one containing "rook-ceph namespace" and "RGW Pod") and change their opening fences to ```text.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/renovate.json:
- Around line 30-43: The renovate rules for the two package groups are missing a
matchUpdateTypes guard so they currently automerge majors; update the two rule
objects that contain "groupName": "github.com/sapcc" and "groupName":
"github.com/cobaltcore-dev" to include "matchUpdateTypes": ["minor","patch"]
(i.e., restrict automerge to minor and patch updates) so major version bumps are
not automatically merged.
In `@docs/ARCHITECTURE.md`:
- Line 11: Several fenced code blocks containing ASCII diagrams are missing
language labels which triggers markdownlint MD040; locate each triple-backtick
fenced block used for diagrams (the opening ``` markers for the ASCII diagrams)
and add an explicit language token (e.g., ```text) after each opening backtick
so the blocks are labeled; update every unlabeled fence corresponding to the
reported diagram blocks so all code fences include a language label.
In `@docs/CODE_EXPLAINED.md`:
- Line 21: Several fenced code blocks in CODE_EXPLAINED.md are missing language
identifiers (they currently start with plain ```), causing markdownlint MD040
failures; update each triple-backtick fence that contains diagrams or plain
flows to start with ```text and add explicit tags like ```go, ```yaml, or
```bash for code examples where appropriate (identify the fences that currently
lack a language tag and replace the opening ``` with the correct language token
so markdownlint no longer flags MD040).
In `@docs/DESIGN_COMPARISON.md`:
- Line 220: The file contains unlabeled fenced code blocks (``` ) causing
markdownlint MD040; update each unlabeled fence by adding a language identifier
(use `text`) immediately after the opening backticks so the blocks read ```text,
ensuring both previously unlabeled fenced blocks are labeled.
In `@docs/HONEST_ANALYSIS.md`:
- Line 76: Several fenced code blocks in HONEST_ANALYSIS.md that contain
diagrams/tables are missing explicit fence languages (triggering MD040); for
each opening triple-backtick of those non-code blocks (the analysis
diagrams/tables previously noted) add an explicit language label such as text
(e.g., change ``` to ```text) so the markdown linter recognizes them; update
every occurrence mentioned in the review so all fenced blocks have an explicit
language.
In `@docs/PRYSM_NG_DESIGN.md`:
- Line 55: Several fenced code blocks containing architecture/cutover diagrams
in PRYSM_NG_DESIGN.md are missing a fence language (MD040); update each
diagram/code fence to include a language specifier. Locate the diagram/code
fences for the architecture and cutover diagrams (the triple-backtick blocks
shown in the file) and change them from ``` to ```text so they have an explicit
fence language; ensure you update every diagram block mentioned in the review to
use ```text.
In `@docs/PRYSM_NG_SMALL_DESIGN.md`:
- Line 74: Several fenced code blocks use plain ``` which triggers MD040; update
each offending block by changing the opening fence from ``` to ```text (i.e.,
replace the bare triple-backtick fences with language-tagged fences) so
prose/ASCII blocks explicitly declare the text language and satisfy the linter.
---
Nitpick comments:
In @.github/renovate.json:
- Line 66: The Renovate config sets "prHourlyLimit": 0 which allows unlimited
PRs in one run; change "prHourlyLimit" from 0 to a modest positive integer
(e.g., 10 or 20) to cap hourly PR openings, and optionally add or adjust
"prConcurrentLimit" and widen the Renovate schedule window to spread PRs across
time; update the JSON key "prHourlyLimit" in the file and add
"prConcurrentLimit" if not present to provide a complementary cap.
- Around line 10-12: The Renovate config currently hardcodes the Go toolchain
under the "constraints" block as "go": "1.26", which Renovate will not
auto-update; remove the manual constraint or replace it with a rule that keeps
it in sync (e.g., delete the "constraints" object containing "go": "1.26" so
Renovate will detect the Go version from go.mod automatically, or instead add a
corresponding packageRule that targets the renovate config and updates this
constraint whenever go.mod changes).
In `@docs/DEPLOYMENT.md`:
- Around line 308-314: The fenced ASCII diagram block uses ``` without a
language tag; update the code fence to include a language identifier (use
"text") so the block becomes ```text and the diagram lines (e.g., "Node A
(Producer) ──┐", "NATS Server", "Consumer(s)") render consistently; simply
change the opening fence to ```text and keep the diagram content unchanged.
In `@docs/INDEX.md`:
- Around line 280-291: Add a blank line before and after each Markdown table to
ensure proper rendering: locate the table starting with the header row "| Aspect
| Target Status | Target Score |" and insert an empty line above its first "|",
and also add an empty line after the last table row (before "#### Option 2:
Prysm-NG (Enterprise)"); repeat the same for any subsequent tables so every
table is separated by a blank line from surrounding headings and paragraphs.
In `@docs/README.md`:
- Around line 252-296: The two ASCII diagrams (the Consumers/NATS diagram under
the "Consumers" block and the Kubernetes Deployment diagram under the
"Kubernetes Deployment" heading) currently use fenced code blocks without a
language tag; update each opening triple-backtick to include a language
identifier (e.g., ```text or ```ascii) so Markdown renderers treat them as plain
text and preserve formatting — look for the code blocks that start with
"┌─────────────────────────────────────────────────────────────┐" (Consumers)
and the block that begins the Kubernetes cluster diagram (the one containing
"rook-ceph namespace" and "RGW Pod") and change their opening fences to ```text.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: e0626877-899b-4736-a3fe-567f70ee93db
📒 Files selected for processing (13)
.github/renovate.jsonREADME.mddocs/ARCHITECTURE.mddocs/CODE_EXPLAINED.mddocs/DEPLOYMENT.mddocs/DESIGN_COMPARISON.mddocs/HONEST_ANALYSIS.mddocs/INDEX.mddocs/NEXT_STEPS.mddocs/PRYSM_NG_DESIGN.mddocs/PRYSM_NG_SMALL_DESIGN.mddocs/QUICK_REFERENCE.mddocs/README.md
|
|
||
| Prysm implements a four-layered architecture that separates concerns and enables horizontal scalability: | ||
|
|
||
| ``` |
There was a problem hiding this comment.
Fix markdownlint MD040 by labeling these fenced blocks.
At Line 11, Line 39, Line 62, Line 185, Line 217, Line 261, and Line 275, add explicit fence languages (text is fine for ASCII diagrams).
Also applies to: 39-39, 62-62, 185-185, 217-217, 261-261, 275-275
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 11-11: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/ARCHITECTURE.md` at line 11, Several fenced code blocks containing ASCII
diagrams are missing language labels which triggers markdownlint MD040; locate
each triple-backtick fenced block used for diagrams (the opening ``` markers for
the ASCII diagrams) and add an explicit language token (e.g., ```text) after
each opening backtick so the blocks are labeled; update every unlabeled fence
corresponding to the reported diagram blocks so all code fences include a
language label.
|
|
||
| ### Directory Layout | ||
|
|
||
| ``` |
There was a problem hiding this comment.
Add language identifiers to fenced code blocks.
At Line 21, Line 137, Line 696, and Line 746, code fences are missing a language tag, which will keep markdownlint failing (MD040). Use text for diagrams/plain flows and keep explicit tags like go, yaml, bash where applicable.
Also applies to: 137-137, 696-696, 746-746
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 21-21: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/CODE_EXPLAINED.md` at line 21, Several fenced code blocks in
CODE_EXPLAINED.md are missing language identifiers (they currently start with
plain ```), causing markdownlint MD040 failures; update each triple-backtick
fence that contains diagrams or plain flows to start with ```text and add
explicit tags like ```go, ```yaml, or ```bash for code examples where
appropriate (identify the fences that currently lack a language tag and replace
the opening ``` with the correct language token so markdownlint no longer flags
MD040).
|
|
||
| ### NG (Full) - Enterprise Architecture | ||
|
|
||
| ``` |
There was a problem hiding this comment.
Label ASCII diagram fences with a language.
Line 220 and Line 246 are unlabeled fenced blocks. Add text language identifiers to clear markdownlint MD040.
Also applies to: 246-246
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 220-220: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/DESIGN_COMPARISON.md` at line 220, The file contains unlabeled fenced
code blocks (``` ) causing markdownlint MD040; update each unlabeled fence by
adding a language identifier (use `text`) immediately after the opening
backticks so the blocks read ```text, ensuring both previously unlabeled fenced
blocks are labeled.
| - No load/performance tests | ||
|
|
||
| **Test File Breakdown:** | ||
| ``` |
There was a problem hiding this comment.
Fix MD040 by adding fence languages across analysis diagrams/tables.
At Line 76, Line 345, Line 386, Line 424, Line 472, Line 512, Line 553, Line 591, Line 633, Line 675, and Line 1032, add explicit fence languages (text is sufficient for non-code blocks).
Also applies to: 345-345, 386-386, 424-424, 472-472, 512-512, 553-553, 591-591, 633-633, 675-675, 1032-1032
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 76-76: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/HONEST_ANALYSIS.md` at line 76, Several fenced code blocks in
HONEST_ANALYSIS.md that contain diagrams/tables are missing explicit fence
languages (triggering MD040); for each opening triple-backtick of those non-code
blocks (the analysis diagrams/tables previously noted) add an explicit language
label such as text (e.g., change ``` to ```text) so the markdown linter
recognizes them; update every occurrence mentioned in the review so all fenced
blocks have an explicit language.
|
|
||
| ### 1.1 High-Level Architecture | ||
|
|
||
| ``` |
There was a problem hiding this comment.
Add missing fenced code block languages (MD040).
Line 55, Line 1119, Line 1159, Line 2622, Line 2642, and Line 2660 should include a fence language (use text for architecture/cutover diagrams).
Also applies to: 1119-1119, 1159-1159, 2622-2622, 2642-2642, 2660-2660
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 55-55: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/PRYSM_NG_DESIGN.md` at line 55, Several fenced code blocks containing
architecture/cutover diagrams in PRYSM_NG_DESIGN.md are missing a fence language
(MD040); update each diagram/code fence to include a language specifier. Locate
the diagram/code fences for the architecture and cutover diagrams (the
triple-backtick blocks shown in the file) and change them from ``` to ```text so
they have an explicit fence language; ensure you update every diagram block
mentioned in the review to use ```text.
| ### 1.2 Core Principles | ||
|
|
||
| #### Principle 1: Minimal by Default | ||
| ``` |
There was a problem hiding this comment.
Add missing fenced code languages to satisfy MD040.
At Line 74, Line 85, Line 92, Line 100, Line 107, Line 120, and Line 851, please add explicit language tags (use text for prose/ASCII blocks).
Also applies to: 85-85, 92-92, 100-100, 107-107, 120-120, 851-851
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 74-74: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/PRYSM_NG_SMALL_DESIGN.md` at line 74, Several fenced code blocks use
plain ``` which triggers MD040; update each offending block by changing the
opening fence from ``` to ```text (i.e., replace the bare triple-backtick fences
with language-tagged fences) so prose/ASCII blocks explicitly declare the text
language and satisfy the linter.
Configures Renovate with the same patterns used in liquid-ceph: - Groups minor/patch external deps into a single PR - Automerges github.com/sapcc and github.com/cobaltcore-dev deps - Gates Go minor/major version bumps behind dashboard approval - Runs go mod tidy after updates - Schedules PRs for Friday mornings - Enables OSV vulnerability alerts
senolcolak
force-pushed
the
feature/add-renovate-config
branch
from
e79290d to
c6b5df0
Compare
Without matchUpdateTypes, major version bumps would be automerged without human review. Gate major bumps by limiting automerge to minor and patch updates only.
Internal sapcc/cobaltcore-dev packages are trusted to follow semver, so automerge all update types (including major) matching the pattern used in liquid-ceph.
1 participant
Summary
liquid-cephgithub.com/sapccandgithub.com/cobaltcore-devdependenciesgo mod tidyand updates import paths after dependency bumpsTest Plan
Summary by CodeRabbit