fix(renovate): use pep621 manager instead of invalid "uv"

[williaby]

Summary

Replaces invalid "uv" manager with "pep621" in both renovate.json (the template repo's own config) and {{cookiecutter.project_slug}}/renovate.json (the template body rendered into every generated project).

Problem

Renovate 42.92.x has no standalone uv manager. When enabledManagers (or a packageRule's matchManagers) contains "uv", the schema validator rejects the whole config and Renovate silently disables itself for the repository. No dependency PRs, no vulnerability alerts forwarded as updates.

The correct manager for uv-managed Python projects is pep621: it reads [project.dependencies] / [project.optional-dependencies] from pyproject.toml. The uv.lock itself is regenerated by Renovate as an artifact, plumbed via RENOVATE_BINARY_SOURCE=install in the global Renovate environment, no enabledManager entry required.

Why this matters for the cookiecutter

Every project generated from this template since the uv migration has been producing a broken Renovate config. The audit found 350 open Dependabot alerts across the fleet, 166 directly blocked by this class of config error in repos using uv (BWCPA + williaby). Fixing the template stops the bleeding so new generated projects do not inherit the bug.

Changes

• renovate.json: enabledManagers: ["uv", "github-actions"] -> ["pep621", "github-actions"]
• {{cookiecutter.project_slug}}/renovate.json:
  • enabledManagers: ["uv", "github-actions"] -> ["pep621", "github-actions"]
  • Two packageRules with matchManagers: ["uv"] -> ["pep621"] (Python dependency grouping rules)

Validation

• jq . renovate.json OK on both files
• renovate-config-validator --no-global renovate.json on the top-level config: Config validated successfully
• Template body validated by substituting {{cookiecutter.github_username}} to placeholder-user and running the validator. The substituted config exits non-zero, but bisection shows the cause is an unrelated pre-existing issue: the customManagers[].fileMatch key was renamed to managerFilePatterns in newer Renovate. That issue is independent of this PR and predates it on main. It will be addressed in a follow-up.

Reference

• feedback_renovate_uv_manager_trap.md
• homelab-infra PR #309 / #314 (May 2026)

Test plan

• Render a fresh project from this template and confirm the generated renovate.json no longer contains "uv" in enabledManagers or matchManagers
• After merge, watch the Renovate dashboard on a project that bootstraps from the template to confirm dependency PRs start flowing

Generated with Claude Code

[coderabbitai]

Warning

Review limit reached

@williaby, we couldn't start this review because you've used your available PR reviews for now.

Your plan includes 1 review of capacity. Refill in 59 minutes and 51 seconds.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more review capacity refills, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than trial, open-source, and free plans. In all cases, review capacity refills continuously over time.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: a1d379c7-ae2e-4ddb-afc3-c9f3c32eface

📥 Commits

Reviewing files that changed from the base of the PR and between 8c19a0c and 26a9812.

📒 Files selected for processing (2)

• renovate.json
• {{cookiecutter.project_slug}}/renovate.json

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/renovate-fix-pep621-manager

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR fixes Renovate configuration for the template repository and generated projects by replacing the invalid uv manager with Renovate’s pep621 manager for Python dependency discovery.

Changes:

• Updates top-level Renovate enabledManagers to use pep621.
• Updates generated-project Renovate enabledManagers and Python package rules to match pep621.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
renovate.json	Enables Renovate’s pep621 manager for the template repository.
{{cookiecutter.project_slug}}/renovate.json	Ensures generated projects use pep621 for Python dependency grouping and manager enablement.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud