From 02f2ef70e45fcd50a8c4e5584035bf3878a422a1 Mon Sep 17 00:00:00 2001 From: Carlo Goetz Date: Thu, 15 Jan 2026 14:53:39 +0100 Subject: [PATCH 1/3] feat(deps) add 7d dependency cooldown for external deps, 0 for internal --- .github/dependabot.yml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..2dce47c33 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,25 @@ +version: 2 +updates: + - package-ecosystem: "gomod" + directory: "/" + schedule: + interval: "daily" + groups: + internal-deps: + patterns: + - "^github.com/stackitcloud/" + external-deps: + patterns: + - ".*" + exclude-patterns: + # should be covered by listing internal-deps first (https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference#groups--) + # but listing it here to be explicit + - "^github.com/stackitcloud/" + cooldown: + default-days: 7 + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + cooldown: + default-days: 7 From 4473ec39127d824d8be66aa8ace4200ed261ed8d Mon Sep 17 00:00:00 2001 From: Carlo Goetz Date: Thu, 15 Jan 2026 14:54:16 +0100 Subject: [PATCH 2/3] feat(deps) rm renovate config and workflow --- .github/renovate.json | 15 --------------- .github/workflows/renovate.yaml | 19 ------------------- 2 files changed, 34 deletions(-) delete mode 100644 .github/renovate.json delete mode 100644 .github/workflows/renovate.yaml diff --git a/.github/renovate.json b/.github/renovate.json deleted file mode 100644 index d3c9f430e..000000000 --- a/.github/renovate.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": ["config:recommended"], - "prHourlyLimit": 10, - "labels": ["renovate"], - "repositories": ["stackitcloud/terraform-provider-stackit"], - "enabledManagers": ["gomod", "github-actions"], - "packageRules": [ - { - "matchSourceUrls": ["https://github.com/stackitcloud/stackit-sdk-go"], - "groupName": "STACKIT SDK modules" - } - ], - "postUpdateOptions": ["gomodTidy", "gomodUpdateImportPaths"] -} diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml deleted file mode 100644 index 12454b9fd..000000000 --- a/.github/workflows/renovate.yaml +++ /dev/null @@ -1,19 +0,0 @@ -name: Renovate - -on: - schedule: - - cron: "0 0 * * *" - workflow_dispatch: - -jobs: - renovate: - name: Renovate - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Self-hosted Renovate - uses: renovatebot/github-action@v41.0.0 - with: - configurationFile: .github/renovate.json - token: ${{ secrets.RENOVATE_TOKEN }} From ad7b0ebbbc06a88d298e935c57339b30b368ed3b Mon Sep 17 00:00:00 2001 From: Carlo Goetz Date: Thu, 15 Jan 2026 17:56:06 +0100 Subject: [PATCH 3/3] fix(deps) manage internal vs external dependencies via cooldown.exclude --- .github/dependabot.yml | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 2dce47c33..806472a7e 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,19 +4,9 @@ updates: directory: "/" schedule: interval: "daily" - groups: - internal-deps: - patterns: - - "^github.com/stackitcloud/" - external-deps: - patterns: - - ".*" - exclude-patterns: - # should be covered by listing internal-deps first (https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference#groups--) - # but listing it here to be explicit - - "^github.com/stackitcloud/" - cooldown: - default-days: 7 + cooldown: + default-days: 7 + exclude: ["github.com/stackitcloud*"] - package-ecosystem: "github-actions" directory: "/" schedule: