Improve Renovate configuration (#26306)

This commit is contained in:
HonkingGoose 2023-08-14 12:08:43 +02:00 committed by GitHub
parent a664e15702
commit c48506d8d4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 14 deletions

View File

@ -1,20 +1,21 @@
{ {
$schema: 'https://docs.renovatebot.com/renovate-schema.json', $schema: 'https://docs.renovatebot.com/renovate-schema.json',
extends: [ extends: [
'config:base', 'config:recommended',
':dependencyDashboard',
':labels(dependencies)', ':labels(dependencies)',
':maintainLockFilesMonthly', // update non-direct dependencies monthly ':maintainLockFilesMonthly', // update non-direct dependencies monthly
':prConcurrentLimit10', // only 10 open PRs at the same time ':prConcurrentLimitNone', // Remove limit for open PRs at any time.
':prHourlyLimit2' // Rate limit PR creation to a maximum of two per hour.
], ],
stabilityDays: 3, // Wait 3 days after the package has been published before upgrading it minimumReleaseAge: "3", // Wait 3 days after the package has been published before upgrading it
// packageRules order is important, they are applied from top to bottom and are merged, // packageRules order is important, they are applied from top to bottom and are merged,
// meaning the most important ones must be at the bottom, for example grouping rules // meaning the most important ones must be at the bottom, for example grouping rules
// If we do not want a package to be grouped with others, we need to set its groupName // If we do not want a package to be grouped with others, we need to set its groupName
// to `null` after any other rule set it to something. // to `null` after any other rule set it to something.
dependencyDashboardHeader: 'This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more. Before approving any upgrade: read the description and comments in the [`renovate.json5` file](https://github.com/mastodon/mastodon/blob/main/.github/renovate.json5).',
packageRules: [ packageRules: [
{ {
// Ignore major version bumps for these node packages // Require Dependency Dashboard Approval for major version bumps of these node packages
matchManagers: ['npm'], matchManagers: ['npm'],
matchPackageNames: [ matchPackageNames: [
'tesseract.js', // Requires code changes 'tesseract.js', // Requires code changes
@ -41,10 +42,10 @@
'react-router-dom', 'react-router-dom',
], ],
matchUpdateTypes: ['major'], matchUpdateTypes: ['major'],
enabled: false, "dependencyDashboardApproval": true
}, },
{ {
// Ignore major version bumps for these Ruby packages // Require Dependency Dashboard Approval for major version bumps of these Ruby packages
matchManagers: ['bundler'], matchManagers: ['bundler'],
matchPackageNames: [ matchPackageNames: [
'rack', // Needs to be synced with Rails version 'rack', // Needs to be synced with Rails version
@ -55,7 +56,7 @@
'redis', // Requires manual upgrade and sync with Sidekiq version 'redis', // Requires manual upgrade and sync with Sidekiq version
], ],
matchUpdateTypes: ['major'], matchUpdateTypes: ['major'],
enabled: false, "dependencyDashboardApproval": true
}, },
{ {
// Update Github Actions and Docker images weekly // Update Github Actions and Docker images weekly
@ -63,25 +64,25 @@
extends: ['schedule:weekly'], extends: ['schedule:weekly'],
}, },
{ {
// Ignore major & minor bumps for the ruby image, this needs to be synced with .ruby-version // Require Dependency Dashboard Approval for major & minor bumps for the ruby image, this needs to be synced with .ruby-version
matchManagers: ['dockerfile'], matchManagers: ['dockerfile'],
matchPackageNames: ['moritzheiber/ruby-jemalloc'], matchPackageNames: ['moritzheiber/ruby-jemalloc'],
matchUpdateTypes: ['minor', 'major'], matchUpdateTypes: ['minor', 'major'],
enabled: false, "dependencyDashboardApproval": true
}, },
{ {
// Ignore major bump for the node image, this needs to be synced with .nvmrc // Require Dependency Dashboard Approval for major bumps for the node image, this needs to be synced with .nvmrc
matchManagers: ['dockerfile'], matchManagers: ['dockerfile'],
matchPackageNames: ['node'], matchPackageNames: ['node'],
matchUpdateTypes: ['major'], matchUpdateTypes: ['major'],
enabled: false, "dependencyDashboardApproval": true
}, },
{ {
// Ignore major postgres bumps in the docker-compose file, as those break dev environments // Require Dependency Dashboard Approval for major postgres bumps in the docker-compose file, as those break dev environments
matchManagers: ['docker-compose'], matchManagers: ['docker-compose'],
matchPackageNames: ['postgres'], matchPackageNames: ['postgres'],
matchUpdateTypes: ['major'], matchUpdateTypes: ['major'],
enabled: false, "dependencyDashboardApproval": true
}, },
{ {
// Update devDependencies every week, with one grouped PR // Update devDependencies every week, with one grouped PR