Skip to content

Commit f71131c

Browse files
authored
ci: switch dependency updates from Dependabot to Renovate
2 parents 5a61668 + 2346ecf commit f71131c

4 files changed

Lines changed: 36 additions & 51 deletions

File tree

.github/dependabot.yml

Lines changed: 0 additions & 49 deletions
This file was deleted.

.github/renovate.json

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
{
2+
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
3+
"extends": [
4+
"config:recommended",
5+
":semanticCommitTypeAll(chore)"
6+
],
7+
"semanticCommits": "enabled",
8+
"baseBranchPatterns": ["main", "stable/8.8"],
9+
"rebaseWhen": "behind-base-branch",
10+
"packageRules": [
11+
{
12+
"description": "Group all npm updates into a single PR (mirrors Dependabot's npm-dependencies group).",
13+
"matchManagers": ["npm"],
14+
"groupName": "npm dependencies"
15+
},
16+
{
17+
"description": "Group GitHub Actions updates into a single PR.",
18+
"matchManagers": ["github-actions"],
19+
"groupName": "github actions"
20+
},
21+
{
22+
"description": "Never auto-bump the orchestration API client across majors.",
23+
"matchPackageNames": ["@camunda8/orchestration-cluster-api"],
24+
"matchUpdateTypes": ["major"],
25+
"enabled": false
26+
},
27+
{
28+
"description": "Auto-merge minor updates once CI is green.",
29+
"matchUpdateTypes": ["minor"],
30+
"automerge": true
31+
}
32+
],
33+
"vulnerabilityAlerts": { "enabled": false }
34+
}

AGENT.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,7 @@ Note the **mutated semver**: `feat`/`fix` produce **patch** bumps, not minor/maj
6161

6262
### Common pitfalls
6363

64-
- **`deps:` is not valid.** Use `chore(deps): ...` for dependency pinning / bumps. (Dependabot itself uses `chore(deps):`.)
64+
- **`deps:` is not valid.** Use `chore(deps): ...` for dependency pinning / bumps. (Renovate is configured to use `chore(deps):` as well.)
6565
- The pre-commit Husky hook runs `npm run test`, which can fail on local-only files (e.g. nested worktrees). The release workflow bypasses this with `HUSKY=0`. For agent commits that are otherwise validated, prefix with `HUSKY=0` rather than `--no-verify`.
6666

6767
---

MAINTAINER.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ When a new Camunda minor (e.g. `8.9`) is ready to be promoted to `latest`:
3333
2. Update the GitHub **repository variable** (Settings → Secrets and variables → Actions → Variables) `CAMUNDA_SDK_CURRENT_STABLE_MINOR` from `8.8` to `8.9`.
3434
3. The next merge to `stable/8.9` will publish to npm dist-tag `latest`. The previous current line (`stable/8.8`) automatically falls back to maintenance dist-tag `8.8-stable` on its next release.
3535
4. Update [.github/workflows/integration-test-matrix-trigger.yaml](.github/workflows/integration-test-matrix-trigger.yaml) to add a daily compatibility-test trigger for the new branch (uncomment / duplicate the `trigger-stable-8-9` block).
36-
5. Update [.github/dependabot.yml](.github/dependabot.yml) `target-branch` entries if the previous stable line should be replaced as a dependabot target.
36+
5. Update [.github/renovate.json](.github/renovate.json) `baseBranchPatterns` if the previous stable line should be replaced as a Renovate target.
3737

3838
No git tag manipulation is required — semantic-release reads existing tags and computes the next version per branch independently.
3939

0 commit comments

Comments
 (0)