You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
170 lines
6.5 KiB
170 lines
6.5 KiB
{ |
|
$schema: 'https://docs.renovatebot.com/renovate-schema.json', |
|
extends: [ |
|
'config:recommended', |
|
'customManagers:dockerfileVersions', |
|
':labels(dependencies)', |
|
':prConcurrentLimitNone', // Remove limit for open PRs at any time. |
|
':prHourlyLimit2', // Rate limit PR creation to a maximum of two per hour. |
|
':enableVulnerabilityAlertsWithLabel(security)', |
|
], |
|
rebaseWhen: 'conflicted', |
|
minimumReleaseAge: '3', // Wait 3 days after the package has been published before upgrading it |
|
// packageRules order is important, they are applied from top to bottom and are merged, |
|
// meaning the most important ones must be at the bottom, for example grouping rules |
|
// If we do not want a package to be grouped with others, we need to set its groupName |
|
// to `null` after any other rule set it to something. |
|
dependencyDashboardHeader: 'This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more. Before approving any upgrade: read the description and comments in the [`renovate.json5` file](https://github.com/mastodon/mastodon/blob/main/.github/renovate.json5).', |
|
postUpdateOptions: ['yarnDedupeHighest'], |
|
// The types are now included in recent versions,we ignore them here until we upgrade and remove the dependency |
|
ignoreDeps: ['@types/emoji-mart'], |
|
packageRules: [ |
|
{ |
|
// Require Dependency Dashboard Approval for major version bumps of these node packages |
|
matchManagers: ['npm'], |
|
matchPackageNames: [ |
|
'tesseract.js', // Requires code changes |
|
|
|
// react-router: Requires manual upgrade |
|
'history', |
|
'react-router-dom', |
|
|
|
// react-spring: Requires manual upgrade when upgrading react |
|
'@react-spring/web', |
|
], |
|
matchUpdateTypes: ['major'], |
|
dependencyDashboardApproval: true, |
|
}, |
|
{ |
|
// Require Dependency Dashboard Approval for major version bumps of these Ruby packages |
|
matchManagers: ['bundler'], |
|
matchPackageNames: [ |
|
'strong_migrations', // Requires manual upgrade |
|
'sidekiq', // Requires manual upgrade |
|
'sidekiq-unique-jobs', // Requires manual upgrades and sync with Sidekiq version |
|
'redis', // Requires manual upgrade and sync with Sidekiq version |
|
], |
|
matchUpdateTypes: ['major'], |
|
dependencyDashboardApproval: true, |
|
}, |
|
{ |
|
// Update GitHub Actions and Docker images weekly |
|
matchManagers: ['github-actions', 'dockerfile', 'docker-compose'], |
|
extends: ['schedule:weekly'], |
|
}, |
|
{ |
|
// Require Dependency Dashboard Approval for major & minor bumps for the ruby image, this needs to be synced with .ruby-version |
|
matchManagers: ['dockerfile'], |
|
matchPackageNames: ['moritzheiber/ruby-jemalloc'], |
|
matchUpdateTypes: ['minor', 'major'], |
|
dependencyDashboardApproval: true, |
|
}, |
|
{ |
|
// Require Dependency Dashboard Approval for major bumps for the node image, this needs to be synced with .nvmrc |
|
matchManagers: ['dockerfile'], |
|
matchPackageNames: ['node'], |
|
matchUpdateTypes: ['major'], |
|
dependencyDashboardApproval: true, |
|
}, |
|
{ |
|
// Require Dependency Dashboard Approval for major postgres bumps in the docker-compose file, as those break dev environments |
|
matchManagers: ['docker-compose'], |
|
matchPackageNames: ['postgres'], |
|
matchUpdateTypes: ['major'], |
|
dependencyDashboardApproval: true, |
|
}, |
|
{ |
|
// Update devDependencies every week, with one grouped PR |
|
matchManagers: ['npm'], |
|
matchDepTypes: 'devDependencies', |
|
matchUpdateTypes: ['patch', 'minor'], |
|
groupName: 'devDependencies (non-major)', |
|
extends: ['schedule:weekly'], |
|
}, |
|
{ |
|
// Group all eslint-related packages with `eslint` in the same PR |
|
matchManagers: ['npm'], |
|
matchPackageNames: [ |
|
'eslint', |
|
'eslint-*', |
|
'typescript-eslint', |
|
'@eslint/*', |
|
'globals', |
|
], |
|
matchUpdateTypes: ['patch', 'minor'], |
|
groupName: 'eslint (non-major)', |
|
}, |
|
{ |
|
// Group all Storybook-related packages in the same PR |
|
matchManagers: ['npm'], |
|
matchPackageNames: [ |
|
'chromatic', |
|
'storybook', |
|
'@storybook/*', |
|
'msw', |
|
'msw-storybook-addon', |
|
], |
|
matchUpdateTypes: ['patch', 'minor'], |
|
groupName: 'storybook (non-major)', |
|
}, |
|
{ |
|
// Group actions/*-artifact in the same PR |
|
matchManagers: ['github-actions'], |
|
matchPackageNames: [ |
|
'actions/download-artifact', |
|
'actions/upload-artifact', |
|
], |
|
matchUpdateTypes: ['major'], |
|
groupName: 'artifact actions (major)', |
|
}, |
|
{ |
|
// Update @types/* packages every week, with one grouped PR |
|
matchManagers: ['npm'], |
|
matchPackageNames: '@types/*', |
|
matchUpdateTypes: ['patch', 'minor'], |
|
groupName: 'DefinitelyTyped types (non-major)', |
|
extends: ['schedule:weekly'], |
|
addLabels: ['typescript'], |
|
}, |
|
{ |
|
// We want those packages to always have their own PR |
|
matchManagers: ['npm'], |
|
matchPackageNames: [ |
|
'typescript', // Typescript has code-impacting changes in minor versions |
|
], |
|
groupName: null, // We dont want them to belong to any group |
|
}, |
|
{ |
|
// Group all RuboCop packages with `rubocop` in the same PR |
|
matchManagers: ['bundler'], |
|
matchPackageNames: ['rubocop', 'rubocop-*'], |
|
matchUpdateTypes: ['patch', 'minor'], |
|
groupName: 'RuboCop (non-major)', |
|
}, |
|
{ |
|
// Group all RSpec packages with `rspec` in the same PR |
|
matchManagers: ['bundler'], |
|
matchPackageNames: ['rspec', 'rspec-*'], |
|
matchUpdateTypes: ['patch', 'minor'], |
|
groupName: 'RSpec (non-major)', |
|
}, |
|
{ |
|
// Group all opentelemetry-ruby packages in the same PR |
|
matchManagers: ['bundler'], |
|
matchPackageNames: ['opentelemetry-*'], |
|
matchUpdateTypes: ['patch', 'minor'], |
|
groupName: 'opentelemetry-ruby (non-major)', |
|
}, |
|
{ |
|
// Group Playwright Ruby & JS deps in the same PR, as they need to be in sync |
|
matchManagers: ['bundler', 'npm'], |
|
matchPackageNames: ['playwright-ruby-client', 'playwright'], |
|
groupName: 'Playwright', |
|
}, |
|
// Add labels depending on package manager |
|
{ matchManagers: ['npm', 'nvm'], addLabels: ['javascript'] }, |
|
{ matchManagers: ['bundler', 'ruby-version'], addLabels: ['ruby'] }, |
|
{ matchManagers: ['docker-compose', 'dockerfile'], addLabels: ['docker'] }, |
|
{ matchManagers: ['github-actions'], addLabels: ['github_actions'] }, |
|
], |
|
}
|
|
|