Update renovate config

[dbasunag]

Description

How Has This Been Tested?

Merge criteria:

• The commits are squashed in a cohesive manner and have meaningful messages.
• Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
• The developer has manually tested the changes and verified that the changes work

Summary by CodeRabbit

• Chores
  • Dependency updates now require approval via the dependency dashboard.
  • Python updates split into major vs. minor/patch with distinct schedules and PR priorities.
  • Added a dedicated group and schedule for GitHub Actions updates.
  • Disabled automatic recreation of update PRs.
  • Set repository timezone to America/New_York for scheduled updates.
  • Result: clearer, less noisy update PRs aligned with maintenance windows.

[github-actions]

The following are automatically added/executed:

• PR size label.
• Run pre-commit
• Run tox
• Add PR author as the PR assignee
• Build image based on the PR

Available user actions:

• To mark a PR as WIP, add /wip in a comment. To remove it from the PR comment /wip cancel to the PR.
• To block merging of a PR, add /hold in a comment. To un-block merging of PR comment /hold cancel.
• To mark a PR as approved, add /lgtm in a comment. To remove, add /lgtm cancel.
  lgtm label removed on each new commit push.
• To mark PR as verified comment /verified to the PR, to un-verify comment /verified cancel to the PR.
  verified label removed on each new commit push.
• To Cherry-pick a merged PR /cherry-pick <target_branch_name> to the PR. If <target_branch_name> is valid,
  and the current PR is merged, a cherry-picked PR would be created and linked to the current PR.
• To build and push image to quay, add /build-push-pr-image in a comment. This would create an image with tag
  pr-<pr_number> to quay repository. This image tag, however would be deleted on PR merge or close action.

Supported labels

{'/build-push-pr-image', '/hold', '/verified', '/lgtm', '/cherry-pick', '/wip'}

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated Renovate configuration in renovate.json: adjusted extends entries, added root-level recreateWhen and timezone, and replaced one generic package rule with three targeted packageRules for Python (minor/patch and major) and GitHub Actions with specific schedules and priorities.

Changes

Cohort / File(s)

Summary of Changes

Renovate config renovate.json

Replaced extends list to include "config:recommended", ":dependencyDashboardApproval", ":maintainLockFilesWeekly", and ":prHourlyLimitNone". Added root-level recreateWhen: "never" and timezone: "America/New_York". Replaced a single catch-all packageRules entry with three rules: "Python dependencies (minor and patch)" (matchUpdateTypes ["minor","patch"], matchFileNames ["pyproject.toml"], schedule ["before 7am on monday"], prPriority: 7), "Python dependencies (major)" (matchUpdateTypes ["major"], matchFileNames ["pyproject.toml"], schedule ["after 7pm on thursday"], prPriority: 10), and "GitHub Actions" (matchManagers ["github-actions"], matchFileNames [".github/workflows/**"], schedule ["before 6pm on wednesday"], prPriority: 5).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (5)

renovate.json (5)

3-3: Remove redundant dependencyDashboardApproval configuration

You enabled dependencyDashboardApproval both via root key and via preset. Keep one for clarity and to avoid future drift.

Option A — keep the preset, remove the root key:

-  "dependencyDashboardApproval": true,

Option B — keep the root key, drop the preset:

   "extends": [
-    "config:recommended",
-    ":dependencyDashboardApproval",
+    "config:recommended",
     ":maintainLockFilesWeekly",
     ":prHourlyLimitNone"
   ],

Also applies to: 5-6

---

18-23: Broaden file match and enrich rule for minor/patch Python updates

If you have Python projects in subdirectories, the current matchFileNames will miss them. Also, consider adding labels and (optionally) automerge for low-risk updates.

Suggested update:

-      "matchFileNames": ["pyproject.toml"],
+      "matchFileNames": ["**/pyproject.toml"],
       "schedule": ["before 7am on monday"],
-      "prPriority": 7
+      "prPriority": 7,
+      "labels": ["dependencies", "python", "minor-or-patch"]
+      // Optionally, if your CI is reliable for these updates:
+      // "automerge": true,
+      // "automergeType": "pr"

If the repo only has a single pyproject.toml at root, keeping the current pattern is fine. Otherwise, prefer the glob.

---

24-30: Disambiguate major vs minor/patch grouping and add labels

Both rules use the same groupName, which can be confusing in the dashboard. Make the major group explicit and label it for triage.

-      "groupName": "Python dependencies",
+      "groupName": "Python dependencies (major)",
       "matchUpdateTypes": ["major"],
-      "matchFileNames": ["pyproject.toml"],
+      "matchFileNames": ["**/pyproject.toml"],
       "schedule": ["after 7pm on wednesday"],
-      "prPriority": 10
+      "prPriority": 10,
+      "labels": ["dependencies", "python", "major"]

---

31-37: Simplify Actions rule; file match is redundant and add labels

The github-actions manager inherently targets .github/workflows; specifying file globs is usually unnecessary. Add labels for easier filtering.

-        "groupName": "GitHub Actions",
-        "matchManagers": ["github-actions"],
-        "matchFileNames": [".github/workflows/**"],
-        "schedule": ["before 6am on tuesday"],
-        "prPriority": 5
+        "groupName": "GitHub Actions",
+        "matchManagers": ["github-actions"],
+        "schedule": ["before 6am on tuesday"],
+        "prPriority": 5,
+        "labels": ["dependencies", "github-actions"]

---

18-23: Set timezone to make schedules predictable

Your schedules (“before 7am on monday”, etc.) default to UTC unless you set a timezone. If you intend local time, add a root-level timezone.

Add at the root of renovate.json (outside the shown ranges):

{
  ...
  "timezone": "Etc/UTC"
  // or e.g. "America/New_York" / "Europe/Berlin"
}

Also applies to: 24-30, 31-37

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9f27359 and d73f677.

📒 Files selected for processing (1)

• renovate.json (2 hunks)

🔇 Additional comments (1)

renovate.json (1)

15-15: Keep “recreateWhen” as-is (supported in current Renovate versions)

• “recreateWhen” is a valid and documented option in Renovate ≥ 39.82.1, with two values:
  • always – recreate PRs even if an identical one was closed previously
  • never – do not recreate once closed (your current setting)
• Older Renovate versions (≤ 37.235.5) will error on this field; if you see “Invalid configuration option: recreateWhen,” simply upgrade Renovate.
• No change needed in renovate.json (line 15) unless you deliberately want to switch to "rebaseWhen": "behind-base-branch" for a different update strategy.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

renovate.json (2)

4-5: Preset swap to dependencyDashboardApproval changes workflow; and lockfile maintenance may now be defined twice

• Using ":dependencyDashboardApproval" requires manual approval in the Dependency Dashboard before any PRs are created. Confirm this is intended, otherwise Renovate may appear “silent” until approvals are given.
• With ":maintainLockFilesWeekly" in extends and an explicit "lockFileMaintenance": { "enabled": true } block elsewhere, you may be configuring the same feature twice. Prefer a single source of truth (either keep the preset or the explicit block) to avoid confusion.

Do you want me to collapse the duplicated lockfile maintenance config into one place?

---

14-15: Reassess recreateWhen=never; timezone LGTM

• "recreateWhen": "never" can leave PR branches stale if Renovate determines recreation would be beneficial (e.g., config changes, certain errors). The common default is "auto", which recreates only when necessary. Consider reverting to default or setting "auto" to reduce stuck PRs.
• "timezone": "America/New_York" looks valid for schedule evaluation.

Apply this diff if you want the safer default behavior:

-  "recreateWhen": "never",
+  "recreateWhen": "auto",

Please confirm if there’s a specific reason for forbidding recreation so we can document it in the config comments.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d73f677 and 78f6b85.

📒 Files selected for processing (1)

• renovate.json (2 hunks)

🔇 Additional comments (2)

renovate.json (2)

18-23: No additional Python dependency files detected; rule is sufficient
I verified that the repo only contains pyproject.toml (no poetry.lock, requirements*.txt, or Pipfile files), so the existing matchFileNames entry already covers all Python manifests. The schedule remains valid if you intend to restrict updates to before 7 AM on Mondays.

• File: renovate.json (lines 18–23) – no changes required.

---

24-30: Expand Python major rule coverage & confirm PR priority

The current “Python dependencies (major)” rule only matches pyproject.toml and uses a higher prPriority (10) than your minor/patch group (7). To ensure majors from lockfiles or requirements are grouped and to clarify priority intent:

• Broaden the file-match to include any lockfiles or requirement files you use (e.g. poetry.lock, requirements*.txt, Pipfile, Pipfile.lock).
• Decide if major upgrades truly deserve a higher PR priority than minor/patch—if so, note this policy; otherwise, lower prPriority below 7.

Suggested diff:

  {
    "groupName": "Python dependencies (major)",
    "matchUpdateTypes": ["major"],
-   "matchFileNames": ["pyproject.toml"],
+   "matchFileNames": [
+     "pyproject.toml",
+     "poetry.lock",
+     "requirements*.txt",
+     "Pipfile",
+     "Pipfile.lock"
+   ],
    "schedule": ["after 7pm on thursday"],
-   "prPriority": 10
+   "prPriority": 4
  },

Please confirm if you’d like to widen the file patterns and/or keep majors at priority 10 so we can update the config or add a comment explaining your policy.

[github-actions]

Status of building tag latest: failure.
Status of pushing tag latest to image registry: skipped.