Conversation
Signed-off-by: Michael Beemer <beeme1mr@users.noreply.github.com>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds the postUpdateOptions configuration to default.json to automate go mod tidy. However, feedback indicates that this setting is restricted in Renovate presets and will likely be ignored for security reasons, suggesting it should be moved to a local or organization-level configuration instead.
| "semanticCommitScope": "security", | ||
| "commitMessageSuffix": "[SECURITY]" | ||
| }, | ||
| "postUpdateOptions": ["gomodTidy"], |
There was a problem hiding this comment.
The postUpdateOptions setting is a restricted configuration option in Renovate. According to the Renovate documentation, this option cannot be defined in presets (which default.json typically is) and will be ignored for security reasons unless the preset is explicitly marked as 'trusted' by the Renovate runner. If the intention is for this to apply to all repositories extending this configuration, it should instead be defined in each repository's local configuration or in a global/organization-level configuration that has the necessary permissions.
There was a problem hiding this comment.
This is incorrect. I have personally used this option in a preset as recently as today.
There was a problem hiding this comment.
Does the rest look good? It seems safe to try out.
2 participants
https://docs.renovatebot.com/configuration-options/#postupdateoptions