-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdefault.json
More file actions
58 lines (58 loc) · 2.65 KB
/
Copy pathdefault.json
File metadata and controls
58 lines (58 loc) · 2.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:recommended",
"helpers:pinGitHubActionDigests"
],
"schedule": ["before 6am every weekday"],
"timezone": "Europe/Berlin",
"automerge": false,
"dependencyDashboard": true,
"dependencyDashboardTitle": "Renovate Dependency Dashboard",
"labels": ["chore"],
"prConcurrentLimit": 5,
"prHourlyLimit": 2,
"packageRules": [
{
"description": "GitHub Actions minor and patch SHA bumps (grouped). See plugwerk/plugwerk ADR-0026.",
"matchManagers": ["github-actions"],
"matchUpdateTypes": ["minor", "patch", "digest", "pin", "pinDigest"],
"pinDigests": true,
"groupName": "GitHub Actions",
"groupSlug": "github-actions"
},
{
"description": "GitHub Actions major updates — separate PRs for deliberate review.",
"matchManagers": ["github-actions"],
"matchUpdateTypes": ["major"],
"pinDigests": true,
"groupName": "GitHub Actions major updates",
"groupSlug": "github-actions-major"
},
{
"description": "Dockerfile base-image digest updates (grouped). See plugwerk/plugwerk ADR-0026.",
"matchManagers": ["dockerfile"],
"pinDigests": true,
"groupName": "Docker base images",
"groupSlug": "docker-base-images"
},
{
"description": "npm minor and patch updates (grouped).",
"matchManagers": ["npm"],
"matchUpdateTypes": ["minor", "patch"],
"groupName": "npm dependencies",
"groupSlug": "npm-deps"
},
{
"description": "npm major updates — one PR per package (no grouping). Bundling unrelated majors caused plugwerk/plugwerk PR #394 to ship a broken lockfile because typescript-eslint v8 still pinned eslint <10 while the group already advanced eslint to 10. Per-package PRs let each major be reviewed and merged independently of incompatible peers.",
"matchManagers": ["npm"],
"matchUpdateTypes": ["major"]
},
{
"description": "Pin npm dependency versions exactly (no ^/~ ranges). Plugwerk repos ship application code, not libraries — every CI build, every Docker image, and every dev clone should resolve to identical bytes. Pinning keeps `package.json` and `package-lock.json` honest about what's actually in production, makes 'works for me' debugging easier, and turns every patch into an explicit Renovate PR with a real changelog instead of a silent lockfile drift. Pin applies to `dependencies` and `devDependencies` only — peer-deps and bundled-deps keep their ranges.",
"matchManagers": ["npm"],
"matchDepTypes": ["dependencies", "devDependencies"],
"rangeStrategy": "pin"
}
]
}