|
1 | 1 | { |
2 | 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", |
3 | 3 | "extends": [ |
4 | | - "config:recommended" |
5 | | - ], |
6 | | - "labels": [ |
7 | | - "Dependencies" |
8 | | - ], |
9 | | - "ignoreDeps": [ |
10 | | - "pnpm" |
| 4 | + "config:recommended", |
| 5 | + "helpers:pinGitHubActionDigests", |
| 6 | + ":configMigration", |
| 7 | + "security:minimumReleaseAgeNpm" |
11 | 8 | ], |
| 9 | + "labels": ["Dependencies"], |
| 10 | + "ignoreDeps": ["pnpm"], |
12 | 11 | "dependencyDashboard": true, |
| 12 | + "rebaseWhen": "conflicted", |
| 13 | + "rangeStrategy": "bump", |
| 14 | + "commitMessageTopic": "{{depName}}", |
| 15 | + "commitMessageAction": "Update", |
| 16 | + "commitMessageExtra": "to {{#if isMajor}}v{{newMajor}}{{else}}v{{newVersion}}{{/if}}", |
| 17 | + "commitMessageSuffix": "", |
13 | 18 | "lockFileMaintenance": { |
14 | 19 | "enabled": true, |
15 | | - "schedule": [ |
16 | | - "before 5am on monday" |
17 | | - ] |
| 20 | + "schedule": ["before 5am on monday"] |
18 | 21 | }, |
19 | 22 | "packageRules": [ |
20 | 23 | { |
| 24 | + "description": "Tag safe (non-major) updates so they can be auto-merged by CI automation", |
| 25 | + "matchUpdateTypes": [ |
| 26 | + "minor", |
| 27 | + "patch", |
| 28 | + "pin", |
| 29 | + "digest" |
| 30 | + ], |
| 31 | + "addLabels": [ |
| 32 | + "automerge" |
| 33 | + ] |
| 34 | + }, |
| 35 | + { |
| 36 | + "description": "Never raise PRs for npm peerDependencies", |
21 | 37 | "matchManagers": [ |
22 | | - "github-actions" |
| 38 | + "npm" |
| 39 | + ], |
| 40 | + "matchDepTypes": [ |
| 41 | + "peerDependencies" |
| 42 | + ], |
| 43 | + "enabled": false |
| 44 | + }, |
| 45 | + { |
| 46 | + "description": "Catch-all npm minor/patch updates - grouped, weekly, with a supply-chain cool-off", |
| 47 | + "matchManagers": [ |
| 48 | + "npm" |
| 49 | + ], |
| 50 | + "matchUpdateTypes": [ |
| 51 | + "minor", |
| 52 | + "patch" |
23 | 53 | ], |
24 | | - "groupName": "CI Dependencies", |
| 54 | + "groupName": "npm-dependencies", |
25 | 55 | "addLabels": [ |
26 | | - "CI" |
| 56 | + "JavaScript" |
27 | 57 | ], |
28 | 58 | "schedule": [ |
29 | | - "before 9am on monday" |
30 | | - ] |
| 59 | + "before 6am on monday" |
| 60 | + ], |
| 61 | + "minimumReleaseAge": "5 days" |
31 | 62 | }, |
32 | 63 | { |
| 64 | + "description": "ESLint & Prettier tooling", |
33 | 65 | "matchManagers": [ |
34 | | - "dockerfile" |
| 66 | + "npm" |
| 67 | + ], |
| 68 | + "groupName": "Linting", |
| 69 | + "matchPackageNames": [ |
| 70 | + "/eslint/", |
| 71 | + "/prettier/" |
35 | 72 | ], |
36 | 73 | "addLabels": [ |
37 | | - "Docker" |
| 74 | + "JavaScript" |
38 | 75 | ], |
39 | 76 | "schedule": [ |
40 | | - "before 9am on monday" |
41 | | - ] |
| 77 | + "before 6am on monday" |
| 78 | + ], |
| 79 | + "minimumReleaseAge": "5 days" |
42 | 80 | }, |
43 | 81 | { |
| 82 | + "description": "Cypress end-to-end tooling", |
44 | 83 | "matchManagers": [ |
45 | | - "maven" |
| 84 | + "npm" |
| 85 | + ], |
| 86 | + "groupName": "Cypress", |
| 87 | + "matchPackageNames": [ |
| 88 | + "cypress", |
| 89 | + "/^cypress-/", |
| 90 | + "mocha", |
| 91 | + "/^mochawesome/" |
46 | 92 | ], |
47 | 93 | "addLabels": [ |
48 | | - "Java" |
| 94 | + "JavaScript" |
49 | 95 | ], |
50 | 96 | "schedule": [ |
51 | | - "before 9am on monday" |
52 | | - ] |
| 97 | + "before 6am on monday" |
| 98 | + ], |
| 99 | + "minimumReleaseAge": "5 days" |
53 | 100 | }, |
54 | 101 | { |
| 102 | + "description": "React core - keep react / react-dom / router / type defs in lock-step", |
55 | 103 | "matchManagers": [ |
56 | 104 | "npm" |
57 | 105 | ], |
58 | | - "matchDepTypes": [ |
59 | | - "peerDependencies" |
| 106 | + "groupName": "React", |
| 107 | + "matchPackageNames": [ |
| 108 | + "react", |
| 109 | + "react-dom", |
| 110 | + "/^react-router/", |
| 111 | + "/^@types\\/react/" |
60 | 112 | ], |
61 | | - "enabled": false |
| 113 | + "addLabels": [ |
| 114 | + "JavaScript" |
| 115 | + ], |
| 116 | + "schedule": [ |
| 117 | + "before 6am on monday" |
| 118 | + ], |
| 119 | + "minimumReleaseAge": "5 days" |
62 | 120 | }, |
63 | 121 | { |
| 122 | + "description": "Frontend Frank!Framework packages", |
64 | 123 | "matchManagers": [ |
65 | 124 | "npm" |
66 | 125 | ], |
67 | | - "rangeStrategy": "bump", |
| 126 | + "groupName": "Frank!Framework Frontend", |
| 127 | + "matchPackageNames": [ |
| 128 | + "/^@frankframework\\//" |
| 129 | + ], |
68 | 130 | "addLabels": [ |
69 | 131 | "JavaScript" |
70 | 132 | ], |
71 | 133 | "schedule": [ |
72 | | - "before 9am on monday" |
| 134 | + "before 6am on monday" |
73 | 135 | ] |
74 | 136 | }, |
75 | 137 | { |
| 138 | + "description": "Backend Frank!Framework packages (Maven)", |
76 | 139 | "matchManagers": [ |
77 | | - "npm" |
| 140 | + "maven" |
78 | 141 | ], |
79 | | - "matchPackagePatterns": [ |
80 | | - "^@angular", |
81 | | - "^typescript$" |
| 142 | + "groupName": "Frank!Framework Backend", |
| 143 | + "matchPackageNames": [ |
| 144 | + "/^org\\.frankframework:/", |
| 145 | + "frankframework.version" |
82 | 146 | ], |
83 | | - "groupName": "Angular", |
84 | 147 | "addLabels": [ |
85 | | - "Angular" |
| 148 | + "Java" |
| 149 | + ], |
| 150 | + "schedule": [ |
| 151 | + "before 6am on monday" |
86 | 152 | ] |
87 | 153 | } |
88 | | - ] |
| 154 | + { |
| 155 | + "description": "Maven (incl. wrapper) - daily early morning, Java label, supply-chain cool-off", |
| 156 | + "matchManagers": [ |
| 157 | + "maven", |
| 158 | + "maven-wrapper" |
| 159 | + ], |
| 160 | + "schedule": [ |
| 161 | + "0 0-6 * * *" |
| 162 | + ], |
| 163 | + "addLabels": [ |
| 164 | + "Java" |
| 165 | + ], |
| 166 | + "minimumReleaseAge": "5 days" |
| 167 | + }, |
| 168 | + { |
| 169 | + "description": "Group Maven patch updates into a single PR", |
| 170 | + "matchManagers": [ |
| 171 | + "maven" |
| 172 | + ], |
| 173 | + "matchUpdateTypes": [ |
| 174 | + "patch" |
| 175 | + ], |
| 176 | + "groupName": "maven-dependencies" |
| 177 | + }, |
| 178 | + { |
| 179 | + "description": "Spring Boot / Framework - update together, split minor vs patch", |
| 180 | + "matchManagers": [ |
| 181 | + "maven" |
| 182 | + ], |
| 183 | + "groupName": "Spring", |
| 184 | + "matchPackageNames": [ |
| 185 | + "/^org\\.springframework/" |
| 186 | + ], |
| 187 | + "separateMinorPatch": true |
| 188 | + }, |
| 189 | + { |
| 190 | + "description": "Container base images - daily early morning, grouped", |
| 191 | + "matchManagers": [ |
| 192 | + "dockerfile", |
| 193 | + "docker-compose" |
| 194 | + ], |
| 195 | + "schedule": [ |
| 196 | + "0 0-6 * * *" |
| 197 | + ], |
| 198 | + "addLabels": [ |
| 199 | + "Docker" |
| 200 | + ], |
| 201 | + "groupName": "Docker" |
| 202 | + }, |
| 203 | + { |
| 204 | + "description": "GitHub Actions - weekly, single grouped PR, pinned to commit digests", |
| 205 | + "matchManagers": [ |
| 206 | + "github-actions" |
| 207 | + ], |
| 208 | + "schedule": [ |
| 209 | + "before 6am on monday" |
| 210 | + ], |
| 211 | + "addLabels": [ |
| 212 | + "CI/CD" |
| 213 | + ], |
| 214 | + "groupName": "github-actions", |
| 215 | + "separateMajorMinor": false, |
| 216 | + "minimumReleaseAge": "7 days" |
| 217 | + } |
| 218 | + ], |
| 219 | + "vulnerabilityAlerts": { |
| 220 | + "enabled": true, |
| 221 | + "labels": [ |
| 222 | + "Security", |
| 223 | + "Dependencies" |
| 224 | + ], |
| 225 | + "addLabels": [ |
| 226 | + "CVE" |
| 227 | + ] |
| 228 | + }, |
| 229 | + "osvVulnerabilityAlerts": true |
89 | 230 | } |
0 commit comments