-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathrenovate.json
More file actions
134 lines (128 loc) · 4.48 KB
/
renovate.json
File metadata and controls
134 lines (128 loc) · 4.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:recommended",
":dependencyDashboard",
":semanticCommitsDisabled",
":maintainLockFilesWeekly",
"schedule:weekdays"
],
"baseBranches": ["main", "develop"],
"timezone": "Europe/Copenhagen",
"labels": ["dependencies", "renovate"],
"prConcurrentLimit": 5,
"prHourlyLimit": 2,
"rangeStrategy": "bump",
"rebaseWhen": "behind-base-branch",
"platformAutomerge": true,
"ignoreUnstable": true,
"respectLatest": true,
"vulnerabilityAlerts": {
"enabled": true,
"labels": ["security", "dependencies"],
"automerge": true,
"automergeType": "pr",
"minimumReleaseAge": "0 days",
"prPriority": 10,
"commitMessagePrefix": "security:",
"matchBaseBranches": ["main"]
},
"osvVulnerabilityAlerts": true,
"lockFileMaintenance": {
"enabled": true,
"schedule": ["before 6am on Monday"],
"automerge": true,
"automergeType": "pr",
"commitMessageAction": "Refresh",
"matchBaseBranches": ["main"]
},
"composer": { "enabled": true, "ignorePlatformReqs": [] },
"npm": { "enabled": true },
"github-actions": { "enabled": true, "pinDigests": true },
"docker-compose": { "enabled": true, "pinDigests": true },
"dockerfile": { "enabled": true, "pinDigests": true },
"packageRules": [
{
"description": "Hotfix: auto-merge patches/digests/lockfile on main after 7-day soak",
"matchBaseBranches": ["main"],
"matchUpdateTypes": [
"patch",
"pin",
"digest",
"lockFileMaintenance"
],
"automerge": true,
"automergeType": "pr",
"automergeStrategy": "squash",
"minimumReleaseAge": "7 days"
},
{
"description": "Normal flow: minor/major on develop, dashboard approval, never auto-merge",
"matchBaseBranches": ["develop"],
"matchUpdateTypes": ["minor", "major"],
"dependencyDashboardApproval": true,
"automerge": false
},
{
"description": "Suppress minor/major against main (those belong on develop)",
"matchBaseBranches": ["main"],
"matchUpdateTypes": ["minor", "major"],
"enabled": false
},
{
"description": "Suppress patches against develop (they reach develop via back-merge after release)",
"matchBaseBranches": ["develop"],
"matchUpdateTypes": [
"patch",
"pin",
"digest",
"lockFileMaintenance"
],
"enabled": false
},
{
"description": "Group Symfony patches into one PR on main",
"matchBaseBranches": ["main"],
"matchPackagePatterns": ["^symfony/"],
"matchUpdateTypes": ["patch"],
"groupName": "symfony (patch)"
},
{
"description": "Group Doctrine patches on main",
"matchBaseBranches": ["main"],
"matchPackagePatterns": ["^doctrine/"],
"matchUpdateTypes": ["patch"],
"groupName": "doctrine (patch)"
},
{
"description": "Group api-platform patches on main",
"matchBaseBranches": ["main"],
"matchPackagePatterns": ["^api-platform/"],
"matchUpdateTypes": ["patch"],
"groupName": "api-platform (patch)"
},
{
"description": "Never auto-bump the PHP platform requirement",
"matchBaseBranches": ["develop"],
"matchPackageNames": ["php"],
"rangeStrategy": "in-range-only",
"automerge": false,
"dependencyDashboardApproval": true
},
{
"description": "GitHub Actions: pin digests, auto-merge digest/patch on main",
"matchBaseBranches": ["main"],
"matchManagers": ["github-actions"],
"matchUpdateTypes": ["digest", "patch"],
"automerge": true
}
],
"postUpdateOptions": ["composerUpdateAllDependencies"],
"postUpgradeTasks": {
"commands": [
"bash .github/scripts/renovate-changelog.sh \"{{{branchName}}}\" \"{{{prTitle}}}\""
],
"fileFilters": ["CHANGELOG.md"],
"executionMode": "branch"
}
}