Configure Renovate #1

Merged

cswimr merged 1 commit from renovate/configure into main 2025-12-26 22:39:10 -05:00

Conversation 0 Commits 1 Files changed 1 +6

Renovate bot commented 2025-12-26 22:00:56 -05:00

Owner

Copy link

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

---

Detected Package Files

• .forgejo/workflows/lint.yaml (github-actions)
• .forgejo/workflows/run.yaml (github-actions)
• pyproject.toml (pep621)
• renovate.json (renovate-config-presets)

Configuration Summary

Based on the default config's presets, Renovate will:

• Start dependency updates only once this onboarding PR is merged
• Enable Renovate Dependency Dashboard creation.
• Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
• Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
• Group known monorepo packages together.
• Use curated list of recommended non-monorepo package groupings.
• Show only the Age and Confidence Merge Confidence badges for pull requests.
• Apply crowd-sourced package replacement rules.
• Apply crowd-sourced workarounds for known problems with packages.
• Pin Docker digests.
• Pin github-action digests.
• Enable Renovate configuration migration PRs when needed.
• Pin dependency versions for development dependencies.
• Recommended configuration for abandoned packages, treating packages without a release for 1 year as abandoned, while taking into account community-sourced overrides.
• Wait until the npm package is three days old before raising the update. This a) introduces a short delay to allow for malware researchers and scanners to (possibly) detect any malicious behaviour in packages, and b) prevents the maintainer and/or NPM from unpublishing a package you already upgraded to, breaking builds.

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

---

What to Expect

With your current configuration, Renovate will create 3 Pull Requests:

Pin actions/ssh-signing action to fdd4b06

• Schedule: ["at any time"]
• Branch name: renovate/pin-dependencies
• Merge into: main
• Upgrade actions/ssh-signing to fdd4b062a9ba41473f013258cc9c7eea1640f826

Update actions/setup-uv digest to d0cc045

• Schedule: ["at any time"]
• Branch name: renovate/actions-setup-uv-digest
• Merge into: main
• Upgrade actions/setup-uv to d0cc045d04ccac9d8b7881df0226f9e82c39688e

Lock file maintenance

• Schedule: ["before 4am on monday"]
• Branch name: renovate/lock-file-maintenance
• Merge into: main
• Regenerate lock files to use latest dependency versions

🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for prhourlylimit for details.

---

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

---

This PR has been generated by Renovate Bot.

Welcome to [Renovate](https://github.com/renovatebot/renovate)! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin. 🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged. --- ### Detected Package Files * `.forgejo/workflows/lint.yaml` (github-actions) * `.forgejo/workflows/run.yaml` (github-actions) * `pyproject.toml` (pep621) * `renovate.json` (renovate-config-presets) ### Configuration Summary Based on the default config's presets, Renovate will: - Start dependency updates only once this onboarding PR is merged - Enable Renovate Dependency Dashboard creation. - Use semantic commit type `fix` for dependencies and `chore` for all others if semantic commits are in use. - Ignore `node_modules`, `bower_components`, `vendor` and various test/tests (except for nuget) directories. - Group known monorepo packages together. - Use curated list of recommended non-monorepo package groupings. - Show only the Age and Confidence Merge Confidence badges for pull requests. - Apply crowd-sourced package replacement rules. - Apply crowd-sourced workarounds for known problems with packages. - Pin Docker digests. - Pin `github-action` digests. - Enable Renovate configuration migration PRs when needed. - Pin dependency versions for development dependencies. - Recommended configuration for abandoned packages, treating packages without a release for 1 year as abandoned, while taking into account community-sourced overrides. - Wait until the npm package is three days old before raising the update. This a) introduces a short delay to allow for malware researchers and scanners to (possibly) detect any malicious behaviour in packages, and b) prevents the maintainer and/or NPM from unpublishing a package you already upgraded to, breaking builds. 🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to `renovate.json` in this branch. Renovate will update the Pull Request description the next time it runs. --- ### What to Expect With your current configuration, Renovate will create 3 Pull Requests: <details> <summary>Pin actions/ssh-signing action to fdd4b06</summary> - Schedule: ["at any time"] - Branch name: `renovate/pin-dependencies` - Merge into: `main` - Upgrade [actions/ssh-signing](https://c.csw.im/actions/ssh-signing) to `fdd4b062a9ba41473f013258cc9c7eea1640f826` </details> <details> <summary>Update actions/setup-uv digest to d0cc045</summary> - Schedule: ["at any time"] - Branch name: `renovate/actions-setup-uv-digest` - Merge into: `main` - Upgrade [actions/setup-uv](https://c.csw.im/actions/setup-uv) to `d0cc045d04ccac9d8b7881df0226f9e82c39688e` </details> <details> <summary>Lock file maintenance</summary> - Schedule: ["before 4am on monday"] - Branch name: `renovate/lock-file-maintenance` - Merge into: `main` - Regenerate lock files to use latest dependency versions </details> 🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for `prhourlylimit` for details. --- ❓ Got questions? Check out Renovate's [Docs](https://docs.renovatebot.com/), particularly the Getting Started section. If you need any further assistance then you can also [request help here](https://github.com/renovatebot/renovate/discussions). --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-config-hash:da08744ed78376d9b26e0d0e71adc5e9c16901860bce15a6fad8bd3ed9f2038e-->

Renovate bot added 1 commit 2025-12-26 22:00:56 -05:00

Add renovate.json add8466dd7

cswimr force-pushed renovate/configure from add8466dd7 to e6d0a5899f 2025-12-26 22:38:16 -05:00 Compare

cswimr merged commit a11af4780f into main 2025-12-26 22:39:10 -05:00

cswimr deleted branch renovate/configure 2025-12-26 22:39:10 -05:00

cswimr referenced this pull request from a commit 2025-12-26 22:39:11 -05:00

Configure Renovate (#1)

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

cog-mirrors/.actions!1

No description provided.