-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrenovate.json5
64 lines (64 loc) · 2.75 KB
/
renovate.json5
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"baseBranches": ["main"],
"extends": [
// Tells Renovate to maintain one GitHub issue as the "dependency dashboard". See https://docs.renovatebot.com/key-concepts/dashboard
":dependencyDashboard",
// Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use. See https://docs.renovatebot.com/presets-default/#semanticprefixfixdepschoreothers
":semanticPrefixFixDepsChoreOthers",
// Group all updates together. See https://docs.renovatebot.com/presets-group/#groupall
// Other less drastic groupings that may be of interest include: group:allNonMajor, group:recommended, group:monorepos
"group:all",
// Apply crowd-sourced package replacement rules. See https://docs.renovatebot.com/presets-replacements/#replacementsall
"replacements:all",
// Apply crowd-sourced workarounds for known problems with packages. See https://docs.renovatebot.com/presets-workarounds/#workaroundsall
"workarounds:all",
// generic versioning updates for yaml files
"github>defenseunicorns/narwhal-delivery-renovate-config:zarfPackageGenericMatching.json5"
],
// If we don't specify a timezone then Renovate will use UTC
"timezone": "America/New_York",
"schedule": [
"at any time"
],
// Labels to set in Pull Request. See https://docs.renovatebot.com/configuration-options/#labels
"labels": [
"renovate"
],
// Rate limit PRs to maximum x created per hour. 0 means no limit. See https://docs.renovatebot.com/configuration-options/#prhourlylimit
"prHourlyLimit": 0,
// Limit to a maximum of x concurrent branches/PRs. 0 means no limit. See https://docs.renovatebot.com/configuration-options/#prconcurrentlimit
"prConcurrentLimit": 0,
// Enable updates to the pre-commit-config.yaml file. See https://docs.renovatebot.com/modules/manager/pre-commit/
"pre-commit": {
"enabled": true
},
"packageRules": [
{
"matchManagers": ["terraform"],
"matchDepTypes": ["module"],
"matchDatasources": ["github-tags", "git-tags"],
"versioning": "loose"
},
{
"matchFileNames": ["bundles/swf/uds-bundle.yaml"],
"groupName": "swf-uds-bundle",
"commitMessageTopic": "swf-uds-bundle"
}
],
"vulnerabilityAlerts": {
"enabled": true,
"groupName": "Security Updates",
"schedule": [],
"dependencyDashboardApproval": false,
"minimumReleaseAge": null,
"rangeStrategy": "update-lockfile",
"commitMessageSuffix": "[SECURITY]",
"branchTopic": "{{{datasource}}}-{{{depName}}}-vulnerability",
"prCreation": "immediate",
"labels": ["security"],
"automerge": true,
"assignees": ["@defenseunicorns/delivery-aws-iac"]
},
"osvVulnerabilityAlerts": true
}