-
Notifications
You must be signed in to change notification settings - Fork 8
Expand file tree
/
Copy pathrenovate.json
More file actions
168 lines (168 loc) · 7.41 KB
/
Copy pathrenovate.json
File metadata and controls
168 lines (168 loc) · 7.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"automerge": true,
"automergeStrategy": "rebase",
"extends": ["config:recommended"],
"homeassistant-manifest": {
"enabled": false
},
"customManagers": [
{
"customType": "regex",
"description": "Update versions.ts",
"managerFilePatterns": ["**/versions.ts", "**/lib-versions.ts"],
"matchStrings": [
"\\/\\/ renovate: datasource=(?<datasource>[0-9a-z-\\.]+?)?(?: registryUrl=(?<registryUrl>.*?)?)?(?: versioning=(?<versioning>[a-z-]+?)?)?(?: packageName=(?<packageName>[^\\s]+?))?\\s*\"(?<depName>.+?)\":\\s*\"(?<currentValue>.+?)?(?:@(?<currentDigest>.+?))?\"",
"\\/\\/ renovate: datasource=(?<datasource>[0-9a-z-\\.]+?)?(?: registryUrl=(?<registryUrl>.*?)?)?(?: versioning=(?<versioning>[a-z-]+?)?)?(?: packageName=(?<packageName>[^\\s]+?))?\\s*(?<depName>[a-zA-Z0-9_-]+):\\s*\"(?<currentValue>.+?)?(?:@(?<currentDigest>.+?))?\""
]
},
{
"customType": "regex",
"description": "CI tool versions in Buildkite scripts and standalone Dockerfiles",
"managerFilePatterns": [
".buildkite/**",
"packages/tasks-for-obsidian/ios/ci_scripts/**"
],
"matchStrings": [
"#\\s*renovate:\\s*datasource=(?<datasource>[a-z-]+)\\s+depName=(?<depName>[^\\s]+?)(?:\\s+versioning=(?<versioning>[a-z-]+))?\\n[ \\t]*(?:ARG )?\\w+=(?:\")?(?<currentValue>[a-zA-Z0-9._-]+)(?:\")?"
]
},
{
"customType": "regex",
"description": "Dagger TypeScript constants — `export const NAME = \"value\"` style image/version pins",
"managerFilePatterns": [".dagger/src/constants.ts"],
"matchStrings": [
"\\/\\/\\s*renovate:\\s*datasource=(?<datasource>[a-z-]+)(?:\\s+registryUrl=(?<registryUrl>[^\\s]+?))?\\s+depName=(?<depName>[^\\s]+?)(?:\\s+versioning=(?<versioning>[a-z-]+))?\\s*\\nexport const \\w+\\s*=\\s*\"(?:[^:\"]+:)?(?<currentValue>[^@\"]+?)(?:@(?<currentDigest>sha256:[a-f0-9]+))?\""
]
},
{
"customType": "regex",
"description": "redlib source pin — track redlib `main` HEAD so the self-built glibc image (REDLIB_SOURCE_REF in .dagger/src/constants.ts) follows upstream OAuth-fingerprint fixes; the published musl image is blocked by Reddit (redlib-org/redlib#551)",
"managerFilePatterns": [".dagger/src/constants.ts"],
"matchStrings": [
"\\/\\/\\s*renovate:\\s*datasource=git-refs\\s+depName=redlib-source\\s+branch=(?<currentValue>\\S+)\\s*\\nexport const REDLIB_SOURCE_REF = \"(?<currentDigest>[a-f0-9]{40})\";"
],
"datasourceTemplate": "git-refs",
"depNameTemplate": "redlib",
"packageNameTemplate": "https://github.com/redlib-org/redlib"
},
{
"customType": "regex",
"description": "Talos factory installer image — track the trailing :vX.Y.Z (schematic hash regenerated by update-image-id.ts)",
"managerFilePatterns": ["packages/homelab/src/talos/patches/image.yaml"],
"matchStrings": [
"image:\\s+factory\\.talos\\.dev/[^:\\s]+:(?<currentValue>v[0-9.]+)"
],
"datasourceTemplate": "docker",
"depNameTemplate": "ghcr.io/siderolabs/installer"
}
],
"customDatasources": {
"papermc": {
"defaultRegistryUrlTemplate": "https://fill.papermc.io/v3/projects/paper",
"format": "json",
"transformTemplates": [
"{\"releases\": $map($reduce($each(versions, function($v) { $v }), $append, []), function($v) { {\"version\": $v} }), \"sourceUrl\": \"https://github.com/PaperMC/Paper\", \"homepage\": \"https://papermc.io\"}"
]
}
},
"packageRules": [
{
"matchDatasources": ["docker"],
"pinDigests": true
},
{
"matchPackageNames": ["dagger-helm"],
"pinDigests": false
},
{
"groupName": "cdk8s",
"matchPackageNames": ["/^cdk8s/"]
},
{
"description": "Critical infrastructure - no delay, no automerge",
"matchPackageNames": [
"paper",
"siderolabs/talos",
"ghcr.io/siderolabs/installer",
"kubernetes/kubernetes"
],
"automerge": false,
"minimumReleaseAge": "0 days",
"schedule": ["at any time"]
},
{
"description": "Talos factory images are not digest-compatible with the base ghcr.io/siderolabs/installer image digest.",
"matchPackageNames": ["ghcr.io/siderolabs/installer"],
"pinDigests": false
},
{
"description": "Prod images - no delay, no automerge",
"matchPackageNames": [
"shepherdjerred/scout-for-lol/prod",
"shepherdjerred/starlight-karma-bot/prod"
],
"automerge": false,
"minimumReleaseAge": "0 days",
"schedule": ["at any time"]
},
{
"description": "Minecraft - no delay, no automerge",
"matchPackageNames": ["itzg/minecraft-server", "minecraft", "mc-router"],
"automerge": false,
"minimumReleaseAge": "0 days",
"schedule": ["at any time"]
},
{
"matchPackageNames": ["ghcr.io/shepherdjerred/dotfiles"],
"minimumReleaseAge": "0 days"
},
{
"description": "Disable updates for archived and practice projects",
"matchFileNames": ["sandbox/archive/**", "sandbox/practice/**"],
"enabled": false
},
{
"description": "Group @types/node with Node.js major updates",
"groupName": "Node.js",
"matchPackageNames": ["@types/node", "node"],
"matchUpdateTypes": ["major"]
},
{
"description": "Keep react, react-dom and their @types in lockstep. React 19 throws 'Incompatible React versions' at runtime when react and react-dom differ, so they must always bump together in one PR to the same resolved version. Enforced by scripts/check-react-version-sync.ts.",
"groupName": "React",
"matchPackageNames": [
"react",
"react-dom",
"@types/react",
"@types/react-dom"
]
},
{
"description": "Keep TOFU_IMAGE (docker datasource) and TOFU_VERSION (github-releases) in `.dagger/src/constants.ts` bumping together — they pin the same upstream and drift between them means the worker image and any container running TOFU_IMAGE are on different OpenTofu versions, which corrupts state files written by the other binary.",
"groupName": "OpenTofu",
"matchPackageNames": ["opentofu/opentofu"]
},
{
"description": "Ignore architecture-specific Plex tags (armhf, arm64)",
"matchPackageNames": ["plexinc/pms-docker"],
"allowedVersions": "!/-(armhf|arm64)$/"
},
{
"description": "Ignore bogus LinuxServer qBittorrent OS tags such as 20.04.1; those are old Ubuntu-based image tags, not qBittorrent app versions",
"matchPackageNames": ["linuxserver/qbittorrent"],
"allowedVersions": "/^[0-9]+\\.[0-9]+\\.[0-9]+$/"
},
{
"description": "Pin protobufjs to v7 until @temporalio/proto widens its pin off 7.5.x. The override in packages/temporal/package.json is load-bearing for Temporal payload (de)serialization — see packages/docs/todos/protobufjs-v8-watch.md and the revert in commit acc7320dc. allowedVersions:<8 keeps v8 off the auto-PR list (it surfaces on the Dependency Dashboard as ignored) without gating v7 patches.",
"matchPackageNames": ["protobufjs"],
"allowedVersions": "<8"
}
],
"minimumReleaseAge": "30 days",
"internalChecksFilter": "strict",
"schedule": ["after 3am on Sunday"],
"prHourlyLimit": 5,
"reviewers": ["shepherdjerred"],
"ignorePaths": ["sandbox/practice/**", "sandbox/archive/**"]
}