Skip to content

Commit 7f1432a

Browse files
authored
Automatic dependencies updates: Separate major from minor and patch dependencies updates. Gate major upgrades (#4278)
With Renovate infrastructure working, we want to make dependencies updates more frequent and almost automatic for patch and minor releases. This PR moves into that direction by: - Separating major upgrades proposals from minor-patch ones. - Gating major upgrades through the dependency dashboard: #2225
1 parent a8d9aff commit 7f1432a

1 file changed

Lines changed: 23 additions & 1 deletion

File tree

renovate.json renamed to renovate.json5

Lines changed: 23 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,29 +8,39 @@
88
{
99
"groupName": "{{manager}} dependencies",
1010
"groupSlug": "{{manager}}",
11-
"separateMajorMinor": false,
11+
"separateMajorMinor": true,
12+
// This is the default but is later disabled by a higher priority package rule
13+
// for major updates.
1214
"automerge": true,
1315
"matchPackageNames": [
1416
"*"
1517
]
1618
},
19+
// Enable `go mod tidy` post step in gomod updates. Note that this step is always skipped for
20+
// majors per Renovate design.
1721
{
1822
"matchManagers": ["gomod"],
1923
"postUpdateOptions": ["gomodTidy"]
2024
},
25+
// React updates.
2126
{
2227
"matchPackageNames": ["next", "react", "react-*", "@types/react", "@types/react-*", "eslint", "eslint-config-next"],
2328
"matchManagers": ["npm"],
2429
"matchUpdateTypes": ["major"],
2530
"enabled": false
2631
},
32+
// Docker compose updates
2733
{
2834
"matchPackageNames": ["ghcr.io/peerdb-io/**"],
2935
"matchManagers": ["docker-compose"],
3036
"matchUpdateTypes": ["pinDigest"],
3137
"matchFileNames": ["docker-compose.yml"],
3238
"enabled": false
3339
},
40+
// Disable updates on generated and dependencies without explicit versions in their life cycles.
41+
// Disabled updates means that Renovate will not proactively propose changes for these dependencies
42+
// but its reliance on go MVS might generate update PRs with updates on these if transitively required.
43+
// For pinned versions, this requires `exclude` rules in `go.mod` files.
3444
{
3545
"matchManagers": ["gomod"],
3646
"matchPackageNames": [
@@ -41,6 +51,8 @@
4151
],
4252
"enabled": false
4353
},
54+
// Explicit versions exclusions for pinned go dependencies, as in the previous rule, this doesn't
55+
// prevent updates if transitively required but it prevents proactive updates.
4456
{
4557
"matchManagers": ["gomod"],
4658
"matchPackageNames": ["cloud.google.com/go/bigquery"],
@@ -65,6 +77,16 @@
6577
"matchManagers": ["gomod"],
6678
"matchPackageNames": ["github.com/tikv/pd/client"],
6779
"allowedVersions": "v0.0.0-20251229071808-6173d50c004c"
80+
},
81+
// This package rule instruct renovate to require approval from
82+
// the dependency dashboard before proposing major upgrades.
83+
// This sets a default is approval mindset for automatic proposals.
84+
{
85+
"matchUpdateTypes": [
86+
"major"
87+
],
88+
"dependencyDashboardApproval": true,
89+
"automerge": false
6890
}
6991
],
7092
"vulnerabilityAlerts": {

0 commit comments

Comments
 (0)