Skip to content

chore: maintenance mode — restrict Renovate to security updates only#883

Merged
andypitcher merged 2 commits into
mainfrom
copilot/chore-maintenance-mode-restrict-renovate
Mar 25, 2026
Merged

chore: maintenance mode — restrict Renovate to security updates only#883
andypitcher merged 2 commits into
mainfrom
copilot/chore-maintenance-mode-restrict-renovate

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Mar 24, 2026
edited by andypitcher
Loading

This repo is in security maintenance phase, superseded by rancher/compliance-operator. Two files updated to reflect that reality.

README.md

  • Fix OpenSSF Scorecard badge URL → api.securityscorecards.dev
  • Apply parent PR: readme: mark as maintenance only and link to compliance-operator #878
    • Add [!IMPORTANT] maintenance-phase callout after intro
    • Add Migration section (links to Rancher Compliance App + migration guide)
    • Add Support Status table (v1.4/v1.3 = Security Only, v1.2 = EOL) and Maintenance Policy
    • Remove ## Building and ## Running sections
    • Remove ### How future release branches should be generated
    • Fix Support Compatibility Matrix link (trailing / removed, inlined)
    • Convert [rancher/security-scan] reference link to inline

.github/renovate.json

rancher-main#release opens all routine bumps — not appropriate for a maintenance-only repo. This PR adds an explicit disable rule for main so only CVE-driven alerts generate PRs. Release branches already enforce security-only via their upstream presets (rancher-2.10#release, rancher-2.11#release), no extra rule needed there.

Branch Renovate behaviour
main All routine bumps disabled — CVE alerts only (explicit rule added)
release/v1.4 Security-only via rancher-2.11#release (enforced upstream)
release/v1.3 Security-only via rancher-2.10#release (enforced upstream)
release/v1.2 EOL — rancher-2.9#release kept, no active targeting

After merging, the following open Renovate PRs can be closed as out of scope:

PR #844 (x/crypto digest) should be reviewed individually — may carry a security fix.

Copilot AI changed the title [WIP] Update README for security maintenance mode chore: maintenance mode — restrict Renovate to security updates only Mar 24, 2026
Copilot AI requested a review from andypitcher March 24, 2026 15:36
@andypitcher andypitcher marked this pull request as ready for review March 24, 2026 16:49
@andypitcher andypitcher requested a review from a team as a code owner March 24, 2026 16:49
@andypitcher andypitcher merged commit 5767595 into main Mar 25, 2026
13 checks passed
@andypitcher andypitcher deleted the copilot/chore-maintenance-mode-restrict-renovate branch March 25, 2026 08:39
This was referenced Mar 25, 2026
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mitulshah-suse mitulshah-suse mitulshah-suse approved these changes

+1 more reviewer

@andypitcher andypitcher andypitcher approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@andypitcher andypitcher

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@andypitcher @mitulshah-suse