chore: adopt shared conf-renovate preset (v1.2.1)#15
Closed
gofreight-jackyeh wants to merge 1 commit into
Closed
Conversation
Switches this repo onto the org-shared Renovate preset `hardcoretech/conf-renovate` pinned at v1.2.1. Mirrors the gf-admin-console pilot (#182, merged) and the svc-thor adoption (#160). What changed vs. the prior `renovate.json`: - File renamed `renovate.json` → `renovate.json5` so override rationale can live as inline comments. The old file is deleted in this commit (renovate.json has higher precedence than .json5 in Renovate's lookup). - Dropped `extends: ["config:recommended"]` — preset already extends `config:best-practices` (a stricter superset). - Dropped the FIS-17871 GHA-hardening packageRule — same SHA-pin + 3-day soak policy is now provided by the preset's `security` atomic preset (locked). The previous local form lacked a `matchUpdateTypes` filter and would silently override the locked major-isolation policy. Validation gate: adds the `renovate-config-validator` pre-commit hook to `.pre-commit-config.yaml` (existing CI runs `pre-commit run`).
Contributor
Author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Switches this repo onto the org-shared Renovate preset
hardcoretech/conf-renovatepinned at v1.2.1. Part of the fleet rollout following the pilots gf-admin-console#182 (merged) and svc-thor#160.The local config simplifies to the baseline:
What was dropped from the previous
renovate.json(merge mode)extends: ["config:recommended"]default.json5extendsconfig:best-practices(stricter superset).pinDigests+minimumReleaseAge: "3 days")security.json5(locked). The previous local rule lacked amatchUpdateTypesfilter and would silently override the locked major-isolation policy — same blocker the reviewer caught on gf-admin-console#182 round 1.groupName: "GitHub Actions"grouping-gha.json5providesgha-non-major+ isolatedgha-major.renovate.json→renovate.json5rename (old file deleted in same commit;renovate.jsonhas higher Renovate lookup precedence).What the preset provides (inherited baseline)
config:best-practices+ dependency dashboard.#v1.2.1here without any local config.Validation gate
Adds the
renovate-config-validatorpre-commit hook (pinned torenovatebot/pre-commit-hooks@43.150.0) to.pre-commit-config.yaml. The existing CI pipeline already runspre-commit run, so the same gate executes on PR + push without a new workflow file.Verification
renovate-config-validator --strict --no-global renovate.json5passes locally (Node 24 + renovate@43, LOG_LEVEL=warn, exit 0).gha-non-major, plus ecosystem groups as applicable).conf-renovaterelease auto-PRs a bump of#v1.2.1→#v<next>.Rollback
Revert this branch — restores
renovate.jsonexactly as it was before.