-
Notifications
You must be signed in to change notification settings - Fork 2
/
renovate.json5
84 lines (84 loc) · 3.86 KB
/
renovate.json5
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
// Tells Renovate to maintain one GitHub issue as the "dependency dashboard". See https://docs.renovatebot.com/key-concepts/dashboard
":dependencyDashboard",
// Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use. See https://docs.renovatebot.com/presets-default/#semanticprefixfixdepschoreothers
":semanticPrefixFixDepsChoreOthers",
// Group all updates together. See https://docs.renovatebot.com/presets-group/#groupall
// Other less drastic groupings that may be of interest include: group:allNonMajor, group:recommended, group:monorepos
"group:all",
// Apply crowd-sourced package replacement rules. See https://docs.renovatebot.com/presets-replacements/#replacementsall
"replacements:all",
// Apply crowd-sourced workarounds for known problems with packages. See https://docs.renovatebot.com/presets-workarounds/#workaroundsall
"workarounds:all"
],
"automerge": true,
// If we don't specify a timezone then Renovate will use UTC
"timezone": "America/New_York",
// fires between 4 am and 5 am EST on mondays
"schedule": [
"after 4am and before 10am on Monday"
],
// Using a value of "conflicted" means that Renovate will only rebase PRs if they are in a conflicted state. See https://docs.renovatebot.com/configuration-options/#rebasewhen
"rebaseWhen": "auto",
// Labels to set in Pull Request. See https://docs.renovatebot.com/configuration-options/#labels
"labels": [
"renovate"
],
// Rate limit PRs to maximum x created per hour. 0 means no limit. See https://docs.renovatebot.com/configuration-options/#prhourlylimit
"prHourlyLimit": 1,
// Limit to a maximum of x concurrent branches/PRs. 0 means no limit. See https://docs.renovatebot.com/configuration-options/#prconcurrentlimit
"prConcurrentLimit": 1,
// Enable updates to the pre-commit-config.yaml file. See https://docs.renovatebot.com/modules/manager/pre-commit/
"pre-commit": {
"enabled": true
},
"regexManagers": [
// Custom regex manager for the .env file that follows the pattern documented here: https://docs.renovatebot.com/modules/manager/regex/#advanced-capture
{
"fileMatch": ["^.env"],
"matchStrings": [
"datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\s.*?_VERSION=(?<currentValue>.*)\\s"
],
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver-coerced{{/if}}",
"extractVersionTemplate": "^v?(?<version>.*)$"
},
// Custom regex manager for the .tool-versions file that follows the pattern documented here: https://docs.renovatebot.com/modules/manager/regex/#advanced-capture
{
"fileMatch": ["^.tool-versions$"],
"matchStrings": [
"datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\s.*? (?<currentValue>.*)\\s"
],
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver-coerced{{/if}}",
"extractVersionTemplate": "^v?(?<version>.*)$"
}
],
"packageRules": [
{
"matchPackageNames": ["k8s.io/client-go"],
"allowedVersions": "<1.0.0"
},
{
"matchManagers": ["terraform"],
"matchDepTypes": ["module"],
"matchDatasources": ["github-tags", "git-tags"],
"versioning": "loose"
}
],
"vulnerabilityAlerts": {
"enabled": true,
"groupName": "Security Updates",
"schedule": [],
"dependencyDashboardApproval": false,
"minimumReleaseAge": null,
"rangeStrategy": "update-lockfile",
"commitMessageSuffix": "[SECURITY]",
"branchTopic": "{{{datasource}}}-{{{depName}}}-vulnerability",
"prCreation": "immediate",
"labels": ["security"],
"automerge": true,
"assignees": ["@defenseunicorns/delivery-aws-iac"]
},
"osvVulnerabilityAlerts": true
}