-
Notifications
You must be signed in to change notification settings - Fork 0
/
default.json5
147 lines (147 loc) · 5.2 KB
/
default.json5
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
{
$schema: "https://docs.renovatebot.com/renovate-schema.json",
extends: [
"config:recommended",
":automergeDisabled",
":dependencyDashboard",
":docker",
":enablePreCommit",
":semanticCommits",
],
schedule: ["every weekend"],
ignorePaths: [], // overwrites default to track also test paths
platformAutomerge: false, // Automerge cannot be applied due to branch security settings. Explicit approval from a maintainer is required, so we do not use or configure automerge in our repositories.
prHourlyLimit: 6,
prConcurrentLimit: 20,
commitBodyTable: true,
separateMajorMinor: false,
prBodyNotes: [
"{{#if isMajor}}:warning: THIS IS A MAJOR VERSION UPDATE :warning:{{/if}}",
"Before merging, *always* check with the release notes if any other changes need to be done.",
],
major: {
enabled: true,
addLabels: ["upgrade:major"], // Each major component should have a dedicated PR.
},
minor: {
enabled: true,
addLabels: ["upgrade:minor"],
groupName: "minor-grouped", // Group all minor updates in a single branch to save CI computing.
},
patch: {
enabled: true,
addLabels: ["upgrade:patch"],
groupName: "patch-grouped", // Group all patch updates in a single branch to save CI computing.
},
vulnerabilityAlerts: {
addLabels: ["security"], // Security alerts should be handled manually to assess the consequences.
enabled: true,
},
packageRules: [
{
"groupName": "minor-grouped",
"matchUpdateTypes": [
"minor"
],
"matchPackageNames": [
"*"
]
},
{
"groupName": "patch-grouped", // Group all pin and digests updates in a single branch with patch to save CI computing.
"enabled": true,
"matchUpdateTypes": [
"pin",
"digest",
"patch"
],
"matchPackageNames": [
"*"
],
},
{
matchPackageNames: ["camunda-platform"],
addLabels: ["group:camunda-platform"],
},
{
matchDatasources: ["go"],
addLabels: ["group:go"],
},
// limit the PR creation for the Renovate pre-commit hook (it's released very frequently)
{
matchPackageNames: ["renovatebot/pre-commit-hooks"],
matchUpdateTypes: ["patch"],
enabled: false,
},
{
matchPackageNames: ["renovatebot/pre-commit-hooks"],
schedule: ["on Saturday"],
},
// GitHub Actions
{
matchManagers: ["github-actions"],
addLabels: ["group:github-actions", "component:ci"],
},
// Terraform AWS modules
{
matchDatasources: ["terraform-module"],
matchPackageNames: ["terraform-aws-modules.*"],
addLabels: ["group:terraform"],
schedule: [
"every 2 weeks on Saturday and Sunday",
],
},
// Terraform major provider updates
{
matchDatasources: ["terraform-provider"],
addLabels: ["group:terraform"],
schedule: [
"every 2 weeks on Saturday and Sunday",
]
},
// For known GitHub repositories that use GitHub tags/releases of format
// "v1.2.3" and where the asdf plugin ignores the "v" prefix, we also tell
// Renovate to ignore it via extractVersion when updating .tool-version file
{
matchFileNames: ["**/.tool-versions", "**/*.tf"],
matchPackageNames: [
"eksctl-io/eksctl",
"hashicorp/terraform",
"helm/helm",
"koalaman/shellcheck",
"pre-commit/pre-commit",
"rhysd/actionlint",
],
extractVersion: "^v(?<version>.*)$",
},
],
"customDatasources": {
"rosa-camunda": {
"defaultRegistryUrlTemplate": "https://camunda.github.io/camunda-tf-rosa/rosa_versions.txt",
"format": "plain",
},
},
customManagers: [
{
customType: "regex",
fileMatch: [
"\.yml",
"\.sh",
"\.go",
"\.tf",
"\.tool-versions$",
"^justfile$"
],
matchStrings: [
"datasource=(?<datasource>.*?) depName=(?<depName>.*?)( registryUrl=(?<registryUrl>.*?))?( versioning=(?<versioning>.*?))?\\s.*?=(?<currentValue>.*)",
"datasource=(?<datasource>.*?) depName=(?<depName>.*?)( registryUrl=(?<registryUrl>.*?))?( versioning=(?<versioning>.*?))?\\s.*?- (?<currentValue>.*)",
"datasource=(?<datasource>.*?) depName=(?<depName>.*?)( registryUrl=(?<registryUrl>.*?))?( versioning=(?<versioning>.*?))?\\s.*?: (?<currentValue>.*)",
"datasource=(?<datasource>.*?) depName=(?<depName>.*?)( registryUrl=(?<registryUrl>.*?))?( versioning=(?<versioning>.*?))?\\s.*?=\"(?<currentValue>.*)\"",
"datasource=(?<datasource>.*?) depName=(?<depName>.*?)( registryUrl=(?<registryUrl>.*?))?( versioning=(?<versioning>.*?))?\\s.*? \"(?<currentValue>.*)\"",
"datasource=(?<datasource>.*?) depName=(?<depName>.*?)( registryUrl=(?<registryUrl>.*?))?( versioning=(?<versioning>.*?))?( extractVersion=(?<extractVersion>.*?))?\\s.*? (?<currentValue>.*)\\s",
"datasource=(?<datasource>.*?) depName=(?<depName>.*?)( registryUrl=(?<registryUrl>.*?))?( versioning=(?<versioning>.*?))?( extractVersion=(?<extractVersion>.*?))?\\s(?<originalPackageName>.*) := \"(?<currentValue>.*?)\"\\s"
],
versioningTemplate: "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}"
},
]
}