-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathrenovate-shared-config.json
More file actions
233 lines (233 loc) · 8.88 KB
/
renovate-shared-config.json
File metadata and controls
233 lines (233 loc) · 8.88 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
// Base configuration
"config:recommended",
// Add "Signed-off-by" footer to commit messages
":gitSignOff",
// Catch-all for grouping dependencies not caught by other groups
"group:all",
":preserveSemverRanges"
],
// Clone git submodules when analyzing repositories
//
// Some repositories use git submodules for vendored dependencies that are
// referenced in Cargo.toml files. Without initializing submodules, Renovate
// will fail to analyze these dependencies.
"cloneSubmodules": true,
// Custom datasource for tracking Rust nightly toolchain releases via the
// official release manifest. This is the same data source the upcoming
// native rust-version datasource (renovatebot/renovate#39529) will use;
// once that merges this can be replaced with zero-config native support.
"customDatasources": {
"rust-nightly": {
"defaultRegistryUrlTemplate": "https://static.rust-lang.org/manifests.txt",
"format": "plain",
"transformTemplates": [
"{ \"releases\": $filter(releases, function($r) { $contains($r.version, \"channel-rust-nightly.toml\") }).$merge([{ \"version\": \"nightly-\" & $match(version, /(\\d{4}-\\d{2}-\\d{2})/).groups[0] }]) }"
]
}
},
// Custom managers for detecting dependencies in non-standard files
//
// - Containerfile/Dockerfile: Match "# renovate:" comments with ARG statements
// - .txt files: Match "# renovate:" comments followed by package@version on next line
"customManagers": [
{
"customType": "regex",
"managerFilePatterns": ["/(^|/)Containerfile(\\.[^/]*)?$/", "/(^|/)Dockerfile(\\.[^/]*)?$/"],
"matchStrings": [
"# renovate: datasource=(?<datasource>[a-z.-]+) depName=(?<depName>[^\\s]+)\\s+ARG \\w+version=(?<currentValue>.+)",
"# renovate: datasource=(?<datasource>[a-z.-]+) depName=(?<depName>[^\\s]+) versioning=(?<versioning>[^\\s]+)\\s+ARG \\w+=(?<currentValue>.+)"
]
},
{
"customType": "regex",
"managerFilePatterns": ["**/*.txt"],
"matchStrings": [
"# renovate: datasource=(?<datasource>[a-z-]+) depName=(?<depName>[^\\s]+)\\n.*@(?<currentValue>\\S+)"
]
},
// Shell scripts in GHA workflows/actions: Match "# renovate:" followed by
// VERSION= or "export FOO_VERSION=" patterns
{
"customType": "regex",
"managerFilePatterns": ["**/*.yml", "**/*.yaml"],
"matchStrings": [
"# renovate: datasource=(?<datasource>[a-z-]+) depName=(?<depName>[^\\s]+)\\n\\s*(?:export )?\\w*VERSION=(?<currentValue>v?\\S+)"
]
},
// Container image digest pinning in JSON config files
// Matches patterns like:
// "_renovate": "datasource=docker depName=quay.io/fedora/fedora-bootc",
// ...
// "source": "quay.io/fedora/fedora-bootc:43@sha256:abc123..."
{
"customType": "regex",
"managerFilePatterns": ["**/sources.json"],
"matchStrings": [
"\"_renovate\":\\s*\"datasource=(?<datasource>docker) depName=(?<depName>[^\"]+)\"[^}]*\"source\":\\s*\"\\S+:(?<currentValue>[^@\\s\"]+)@(?<currentDigest>sha256:[a-f0-9]+)\""
]
},
// Git refs (commit SHA) tracking in Justfiles and YAML workflows
// Justfile example:
// # renovate: datasource=git-refs depName=https://github.com/org/repo branch=main
// export VAR := env("VAR", "0000000000000000000000000000000000000000")
// YAML example:
// # renovate: datasource=git-refs depName=https://github.com/org/repo branch=main
// VAR: '0000000000000000000000000000000000000000'
{
"customType": "regex",
"managerFilePatterns": ["**/Justfile", "**/*.just", "**/*.yml", "**/*.yaml"],
"matchStrings": [
"# renovate: datasource=(?<datasource>git-refs) depName=(?<depName>[^\\s]+) branch=(?<currentValue>[^\\s]+)\\n[^\\n]*\"(?<currentDigest>[a-f0-9]{40})\"",
"# renovate: datasource=(?<datasource>git-refs) depName=(?<depName>[^\\s]+) branch=(?<currentValue>[^\\s]+)\\n[^\\n]*'(?<currentDigest>[a-f0-9]{40})'"
]
}
],
"packageRules": [
// Limit dependency updates to once per week to reduce PR churn
//
// Rapidly-updating dependencies (e.g., opencode-ai) can create excessive PRs.
// By scheduling updates to Sundays only, we get one PR per week with the
// latest version, skipping all intermediate releases.
//
// Exception: bcvk updates immediately (excluded via negated regex).
{
"description": ["Limit dependency updates to weekly (Sundays UTC) to reduce PR churn. bcvk is excluded and updates immediately."],
"matchPackageNames": ["!bootc-dev/bcvk"],
"schedule": ["on sunday"],
"timezone": "UTC"
},
{
// These files in these repos are synced from the bootc-dev/infra repository, which
// sends PRs to update them. Ignoring them here to avoid conflicting Renovate updates.
"matchRepositories": [
"bootc-dev/bootc",
"bootc-dev/bcvk",
"bootc-dev/ci-sandbox",
"bootc-dev/containers-image-proxy-rs",
"bootc-dev/bootc-dev.github.io",
"composefs/composefs",
"composefs/composefs-rs"
],
"ignorePaths": [
".github/workflows/rebase.yml",
".github/workflows/openssf-scorecard.yml",
".github/actions/bootc-ubuntu-setup/action.yml",
".github/actions/setup-rust/action.yml"
]
},
// Group GitHub Actions dependencies
{
"description": ["GitHub Actions dependencies"],
"matchManagers": [
"github-actions"
],
"groupName": "GitHub Actions",
"enabled": true
},
// Group Rust dependencies
{
"description": ["Rust dependencies"],
"matchManagers": [
"cargo"
],
"groupName": "Rust",
"enabled": true
},
// Group Docker dependencies
{
"description": ["Docker dependencies"],
"matchManagers": [
"dockerfile",
"custom.regex"
],
"groupName": "Docker",
"enabled": true
},
// Group staged bootc base image digest updates separately
//
// These are the upstream source images for chunkah-staged builds.
// Digest updates trigger a rebuild of the staged images, so they
// get their own PR. Must come after the Docker group rule so it
// takes precedence (Renovate applies all matching rules in order,
// later rules win).
{
"description": ["Staged bootc base image digest updates"],
"matchManagers": ["custom.regex"],
"matchDepNames": [
"quay.io/fedora/fedora-bootc",
"quay.io/centos-bootc/centos-bootc"
],
"groupName": "staged-images"
},
// bcvk gets its own group so it isn't blocked by the weekly schedule
// applied to other Docker group members. Without this, the Docker group
// PR can only be created on Sundays (when all deps are in-schedule),
// even though bcvk itself is excluded from the weekly schedule above.
{
"description": ["bcvk updates independently of the Docker group"],
"matchPackageNames": ["bootc-dev/bcvk"],
"groupName": "bcvk"
},
// Group npm dependencies
{
"description": ["npm dependencies"],
"matchDatasources": ["npm"],
"groupName": "npm",
"enabled": true
},
// Disable Containerfile digest pinning
{
"description": ["Containerfile digest pinning"],
"matchManagers": [
"dockerfile"
],
"pinDigests": false
},
// Disable Fedora OCI tag updates
//
// Renovate can't distinguish stable vs unreleased Fedora versions,
// so we disable tag bumps. Digest-only updates are still allowed
// via the separate rule below.
{
"description": ["Disable Fedora OCI tag updates (can't distinguish stable vs unreleased)"],
"matchManagers": [
"dockerfile",
"github-actions",
"custom.regex"
],
"matchDepNames": [
"quay.io/fedora/fedora",
"quay.io/fedora/fedora-bootc"
],
"matchUpdateTypes": ["major", "minor", "patch"],
"enabled": false
},
// Ignore bootc cargo dependencies to fix failing Renovate task
// See: https://github.com/bootc-dev/infra/actions/runs/19914695687
{
"matchManagers": ["cargo"],
"matchPackageNames": [
"composefs",
"cfsctl",
"composefs-boot",
"composefs-oci"
],
"enabled": false
},
// nextest-rs/nextest is a monorepo with multiple crates released under
// different tag prefixes (cargo-nextest-*, nextest-runner-*, etc.).
// Extract only the cargo-nextest version from matching tags.
{
"matchPackageNames": ["nextest-rs/nextest"],
"extractVersion": "^cargo-nextest-(?<version>.*)$"
},
// Rust nightly toolchain: use rust-release-channel versioning for nightly-YYYY-MM-DD format
{
"matchDatasources": ["custom.rust-nightly"],
"versioning": "rust-release-channel"
}
]
}