Configure Renovate for project requirements

adilhusain-s · adilhusain-s · commit 18d52a312d5f · 2025-11-18T16:45:48.000+05:30
- Add dependency dashboard for better visibility
    - Group GitHub Actions, Docker images, and Python deps separately
    - Require approval for major updates to critical dependencies
    - Enable vulnerability alerts with security labels
    - Schedule updates for Monday mornings to avoid disrupting work
    - Limit concurrent PRs to avoid CI overload
    - Enable lock file maintenance monthly
    - Assign to adilhusain-s for review
    - CRITICAL: Ignore paths to protect build artifacts and manifests
      - versions-manifests/** (ppc64le/s390x Python release manifests)
      - versions-manifest.json and versions-manifest-ppc64le.json
      - PowerShell/patch/** (binary patches and tarballs)
diff --git a/renovate.json b/renovate.json
@@ -0,0 +1,68 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended",
+    ":dependencyDashboard",
+    ":semanticCommits",
+    ":separateMajorReleases"
+  ],
+  "schedule": ["before 3am on Monday"],
+  "prConcurrentLimit": 2,
+  "prHourlyLimit": 2,
+  "labels": ["dependencies"],
+  "ignorePaths": [
+    "**/versions-manifests/**",
+    "versions-manifest.json",
+    "versions-manifest-ppc64le.json",
+    "**/PowerShell/patch/**/*.tar.gz",
+    "**/PowerShell/patch/**/*.patch"
+  ],
+  "packageRules": [
+    {
+      "description": "Group all GitHub Actions updates together",
+      "matchManagers": ["github-actions"],
+      "groupName": "GitHub Actions",
+      "automerge": false,
+      "schedule": ["before 3am on Monday"]
+    },
+    {
+      "description": "Group all Docker base image updates",
+      "matchDatasources": ["docker"],
+      "groupName": "Docker base images",
+      "automerge": false,
+      "schedule": ["before 3am on Monday"]
+    },
+    {
+      "description": "Python dependencies in pyproject.toml",
+      "matchManagers": ["poetry"],
+      "groupName": "Python dependencies",
+      "automerge": false,
+      "schedule": ["before 3am on Monday"]
+    },
+    {
+      "description": "Require approval for major updates to critical dependencies",
+      "matchUpdateTypes": ["major"],
+      "matchPackagePatterns": ["python", "ubuntu", "dotnet", "powershell"],
+      "dependencyDashboardApproval": true,
+      "automerge": false
+    },
+    {
+      "description": "Auto-approve minor and patch updates for non-critical deps",
+      "matchUpdateTypes": ["minor", "patch"],
+      "matchPackagePatterns": ["^actions/"],
+      "automerge": false
+    }
+  ],
+  "vulnerabilityAlerts": {
+    "enabled": true,
+    "labels": ["security"],
+    "assignees": ["@adilhusain-s"]
+  },
+  "lockFileMaintenance": {
+    "enabled": true,
+    "schedule": ["before 3am on the first day of the month"]
+  },
+  "ignoreDeps": [],
+  "assignees": ["adilhusain-s"],
+  "reviewers": ["adilhusain-s"]
+}
