From 9038bc66db57ccde2c91ec386e96bdef501787fe Mon Sep 17 00:00:00 2001
From: Philippe Scorsolini
Date: Mon, 16 Jan 2023 13:53:48 +0100
Subject: [PATCH] ci: configure renovate
Slightly modified version of the one used in crossplane/crossplane.
Signed-off-by: Philippe Scorsolini
---
.github/renovate.json5 | 139 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 139 insertions(+)
create mode 100644 .github/renovate.json5
diff --git a/.github/renovate.json5 b/.github/renovate.json5
new file mode 100644
index 0000000000..96b609d6aa
--- /dev/null
+++ b/.github/renovate.json5
@@ -0,0 +1,139 @@
+{
+ "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+ "extends": [
+ "config:base"
+ ],
+// The maximum number of PRs to be created in parallel
+ "prConcurrentLimit": 5,
+// The branches renovate should target
+ "baseBranches": ["main"],
+ "ignorePaths": ["design/**"],
+ "postUpdateOptions": ["gomodTidy"],
+// By default renovate will auto detect whether semantic commits have been used
+// in the recent history and comply with that, we explicitly disable it
+ "semanticCommits": "disabled",
+// All PRs should have a label
+ "labels": ["automated"],
+ "regexManagers": [
+ {
+// We want a PR to bump Go versions used through env variables in any Github
+// Actions, taking it from the official Github repository.
+ "fileMatch": ["^\\.github\\/workflows\\/[^/]+\\.ya?ml$"],
+ "matchStrings": [
+ "GO_VERSION: '(?.*?)'\\n"
+ ],
+ "datasourceTemplate": "golang-version",
+ "depNameTemplate": "golang"
+ }, {
+// We want a PR to bump golangci-lint versions used through env variables in
+// any Github Actions, taking it from the official Github repository tags.
+ "fileMatch": ["^\\.github\\/workflows\\/[^/]+\\.ya?ml$"],
+ "matchStrings": [
+ "GOLANGCI_VERSION: '(?.*?)'\\n"
+ ],
+ "datasourceTemplate": "github-tags",
+ "depNameTemplate": "golangci/golangci-lint"
+ }
+ ],
+// PackageRules disabled below should be enabled in case of vulnerabilities
+ "vulnerabilityAlerts": {
+ "enabled": true
+ },
+ "packageRules": [
+ {
+// We need to ignore k8s.io/client-go older versions as they switched to
+// semantic version and old tags are still available in the repo.
+ "matchDatasources": [
+ "go"
+ ],
+ "matchDepNames": [
+ "k8s.io/client-go"
+ ],
+ "allowedVersions": "<1.0"
+ }, {
+// We want a single PR for all the patches bumps of kubernetes related
+// dependencies, as most of the times these are all strictly related.
+ "matchDatasources": [
+ "go"
+ ],
+ "groupName": "kubernetes patches",
+ "matchUpdateTypes": [
+ "patch",
+ "digest"
+ ],
+ "matchPackagePrefixes": [
+ "k8s.io",
+ "sigs.k8s.io"
+ ]
+ }, {
+// We want dedicated PRs for each minor and major bumps to kubernetes related
+// dependencies.
+ "matchDatasources": [
+ "go"
+ ],
+ "matchUpdateTypes": [
+ "major",
+ "minor"
+ ],
+ "matchPackagePrefixes": [
+ "k8s.io",
+ "sigs.k8s.io"
+ ]
+ }, {
+// We want dedicated PRs for each bump to non-kubernetes Go dependencies, but
+// only if there are known vulnerabilities in the current version.
+ "matchDatasources": [
+ "go"
+ ],
+ "matchPackagePatterns": [
+ "*"
+ ],
+ "enabled": false,
+ "excludePackagePrefixes": [
+ "k8s.io",
+ "sigs.k8s.io"
+ ],
+ "matchUpdateTypes": [
+ "major",
+ ],
+ }, {
+// We want a single PR for all minor and patch bumps to non-kubernetes Go
+// dependencies, but only if there are known vulnerabilities in the current
+// version.
+ "matchDatasources": [
+ "go"
+ ],
+ "matchPackagePatterns": [
+ "*"
+ ],
+ "enabled": false,
+ "excludePackagePrefixes": [
+ "k8s.io",
+ "sigs.k8s.io"
+ ],
+ "matchUpdateTypes": [
+ "minor",
+ "patch",
+ "digest"
+ ],
+ "groupName": "all non-major go dependencies"
+ }, {
+// We want a single PR for all minor and patch bumps of Github Actions
+ "matchDepTypes": [
+ "action"
+ ],
+ "matchUpdateTypes": [
+ "minor",
+ "patch"
+ ],
+ "groupName": "all non-major github action",
+ "pinDigests": true
+ },{
+// We want dedicated PRs for each major bump to Github Actions
+ "matchDepTypes": [
+ "action"
+ ],
+ "pinDigests": true
+ }
+ ]
+}