Skip to content

feat: add Renovate + Claude AI triage pipeline#19

Merged
cjbischoff merged 1 commit into
mainfrom
feat/renovate-ai-triage
May 27, 2026
Merged

feat: add Renovate + Claude AI triage pipeline#19
cjbischoff merged 1 commit into
mainfrom
feat/renovate-ai-triage

Conversation

@cjbischoff

Copy link
Copy Markdown
Owner

Summary

  • Adds Renovate dependency automation running monthly via GitHub Actions
  • Adds Claude renovate-review skill that triages each Renovate PR for breaking changes, dead deps, and deprecated configs
  • Adds labeler config for component-level project detection used by the skill
  • Updates .gitignore to allow the skill file into version control

Files

File Purpose
.github/renovate.json5 Renovate config scoping workspace root + all apps/ with 14-day supply-chain protection
.github/workflows/renovate.yml Monthly cron runner (2nd of month, 05:00 UTC) — requires RENOVATE_TOKEN secret
.github/labeler.yml Maps file paths to component labels for skill project detection
.claude/skills/renovate-review/SKILL.md Read-only triage skill: risk matrix, dead dep detection, deprecated config scan
.gitignore Carves out .claude/skills/renovate-review/SKILL.md from the existing .claude/* ignore rule

Setup required before this workflow runs

  • Add RENOVATE_TOKEN secret in GitHub → Settings → Secrets → Actions (GitHub PAT with repo + workflow scopes)

Test plan

  • Add RENOVATE_TOKEN secret to the repo
  • Trigger workflow manually via Actions → [ADMIN] Renovate → Run workflow
  • Verify Renovate opens PRs with [RENOVATE] prefixed titles
  • Invoke /renovate-review <PR number> in Claude Code against one of the opened PRs

🤖 Generated with Claude Code

- .github/renovate.json5 — monthly dependency updates across workspace root
  and all apps/ with 14-day minimumReleaseAge supply-chain protection
- .github/workflows/renovate.yml — GitHub Actions runner (2nd of month, 05:00 UTC)
- .github/labeler.yml — component path mapping for renovate-review skill
- .claude/skills/renovate-review/SKILL.md — Claude skill that triages each Renovate
  PR for breaking changes, dead deps, and deprecated configs before merge
- .gitignore — allow .claude/skills/renovate-review/SKILL.md into version control

Requires RENOVATE_TOKEN secret (GitHub PAT with repo + workflow scopes).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@cjbischoff cjbischoff merged commit dbe4c38 into main May 27, 2026
4 checks passed
@cjbischoff cjbischoff deleted the feat/renovate-ai-triage branch May 27, 2026 22:13
@coderabbitai

coderabbitai Bot commented May 27, 2026

Copy link
Copy Markdown

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (5)
  • .claude/skills/renovate-review/SKILL.md is excluded by none and included by none
  • .github/labeler.yml is excluded by none and included by none
  • .github/renovate.json5 is excluded by none and included by none
  • .github/workflows/renovate.yml is excluded by none and included by none
  • .gitignore is excluded by none and included by none

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 63d47911-abe0-4dae-ae77-9d05e63eef25

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/renovate-ai-triage

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions

Copy link
Copy Markdown

Snyk Security Scan

Commit: 0852efff605ca1c616f3c9b5b57e0598f9498350 | PR: #19

Open Source Dependencies

Status: PASS — no vulnerabilities at or above threshold.

Snyk Code (SAST)

Status: FAIL — 23 issues found.

Severity Rule File Line
warning python/Jinja2AutoEscapeFalse apps/api/src/api/agents/utils/prompt_management.py 47
warning python/Jinja2AutoEscapeFalse apps/api/src/api/agents/utils/prompt_management.py 56
note python/NoHardcodedCredentials apps/api/src/api/agents/tools.py 271
note python/NoHardcodedCredentials apps/api/src/api/agents/tools.py 388
note python/NoHardcodedCredentials apps/api/src/api/agents/tools.py 431
note python/NoHardcodedCredentials apps/api/src/api/agents/tools.py 472
note python/NoHardcodedCredentials apps/api/src/api/agents/tools.py 624
note python/NoHardcodedCredentials notebooks/week5/utils/tools.py 246
note python/NoHardcodedCredentials notebooks/week5/utils/tools.py 366
note python/NoHardcodedCredentials notebooks/week5/utils/tools.py 405
note python/NoHardcodedCredentials notebooks/week5/utils/tools.py 444
note python/NoHardcodedCredentials notebooks/week5/utils/tools.py 587
warning python/NoHardcodedPasswords apps/api/src/api/agents/tools.py 272
warning python/NoHardcodedPasswords apps/api/src/api/agents/tools.py 389
warning python/NoHardcodedPasswords apps/api/src/api/agents/tools.py 432
warning python/NoHardcodedPasswords apps/api/src/api/agents/tools.py 473
warning python/NoHardcodedPasswords apps/api/src/api/agents/tools.py 625
warning python/NoHardcodedPasswords notebooks/week5/utils/tools.py 247
warning python/NoHardcodedPasswords notebooks/week5/utils/tools.py 367
warning python/NoHardcodedPasswords notebooks/week5/utils/tools.py 406

3 additional findings omitted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant