diff --git a/.github/renovate.json5 b/.github/renovate.json5 new file mode 100644 index 0000000..0b995fe --- /dev/null +++ b/.github/renovate.json5 @@ -0,0 +1,158 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:base" + ], +// The maximum number of PRs to be created in parallel + "prConcurrentLimit": 5, +// The branches renovate should target + "baseBranches": ["main"], + "ignorePaths": ["design/**"], + "postUpdateOptions": ["gomodTidy"], +// By default renovate will auto detect whether semantic commits have been used +// in the recent history and comply with that, we explicitly disable it + "semanticCommits": "disabled", +// All PRs should have a label + "labels": ["automated"], +// PackageRules disabled below should be enabled in case of vulnerabilities + "vulnerabilityAlerts": { + "enabled": true + }, + "packageRules": [ + { +// We need to ignore k8s.io/client-go older versions as they switched to +// semantic version and old tags are still available in the repo. + "matchDatasources": [ + "go" + ], + "matchDepNames": [ + "k8s.io/client-go" + ], + "allowedVersions": "<1.0" + }, { +// We want a single PR for all the patches bumps of kubernetes related +// dependencies, as most of the times these are all strictly related. + "matchDatasources": [ + "go" + ], + "groupName": "kubernetes patches", + "matchUpdateTypes": [ + "patch", + "digest" + ], + "matchPackagePrefixes": [ + "k8s.io", + "sigs.k8s.io" + ] + }, { +// We want dedicated PRs for each minor and major bumps to kubernetes related +// dependencies. + "matchDatasources": [ + "go" + ], + "matchUpdateTypes": [ + "major", + "minor" + ], + "matchPackagePrefixes": [ + "k8s.io", + "sigs.k8s.io" + ] + }, { +// We want dedicated PRs for each bump to non-kubernetes Go dependencies, but +// only if there are known vulnerabilities in the current version. + "matchDatasources": [ + "go" + ], + "matchPackagePatterns": [ + "*" + ], + "enabled": false, + "excludePackagePrefixes": [ + "k8s.io", + "sigs.k8s.io" + ], + "matchUpdateTypes": [ + "major", + ], + }, { +// We want a single PR for all minor and patch bumps to non-kubernetes Go +// dependencies, but only if there are known vulnerabilities in the current +// version. + "matchDatasources": [ + "go" + ], + "matchPackagePatterns": [ + "*" + ], + "enabled": false, + "excludePackagePrefixes": [ + "k8s.io", + "sigs.k8s.io" + ], + "matchUpdateTypes": [ + "minor", + "patch", + "digest" + ], + "groupName": "all non-major go dependencies" + }, { +// We want a single PR for all minor and patch bumps of Github Actions + "matchDepTypes": [ + "action" + ], + "matchUpdateTypes": [ + "minor", + "patch" + ], + "groupName": "all non-major github action", + "pinDigests": true + },{ +// We want dedicated PRs for each major bump to Github Actions + "matchDepTypes": [ + "action" + ], + "pinDigests": true + } + ], + "customManagers": [ + { + "customType": "regex", + "description": "Bump up version in the Makefile", + "fileMatch": ["^Makefile$"], + "matchStrings": [ + "UP_VERSION = (?.*?)\\n" + ], + "datasourceTemplate": "github-releases", + "depNameTemplate": "upbound/up", + }, { + "customType": "regex", + "description": "Bump uptest version in the Makefile", + "fileMatch": ["^Makefile$"], + "matchStrings": [ + "UPTEST_VERSION = (?.*?)\\n" + ], + "datasourceTemplate": "github-releases", + "depNameTemplate": "upbound/uptest", + }, { + "customType": "regex", + "description": "Bump kind version in the Makefile", + "fileMatch": ["^Makefile$"], + "matchStrings": [ + "KIND_VERSION = (?.*?)\\n" + ], + "datasourceTemplate": "github-tags", + "depNameTemplate": "kubernetes-sigs/kind", + }, { + "customType": "regex", + "description": "Bump golangci-lint version in workflows and the Makefile", + "fileMatch": ["^\\.github\\/workflows\\/[^/]+\\.ya?ml$","^Makefile$"], + "matchStrings": [ + "GOLANGCILINT_VERSION = (?.*?)\\n" + ], + "datasourceTemplate": "github-tags", + "depNameTemplate": "golangci/golangci-lint", + "extractVersionTemplate": "^v(?.*)$" + } + ] +}