From a80efb449e09177f9f06ec0a5c0b9c904f1a3d44 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 6 Jun 2023 10:42:23 +0200 Subject: [PATCH] Configure Renovate (#25255) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Renaud Chaput --- .github/dependabot.yml | 99 ---------------- .github/renovate.json5 | 109 ++++++++++++++++++ .github/workflows/lint-css.yml | 1 + .github/workflows/lint-haml.yml | 1 + .github/workflows/lint-js.yml | 1 + .github/workflows/lint-json.yml | 1 + .github/workflows/lint-md.yml | 1 + .github/workflows/lint-ruby.yml | 1 + .github/workflows/lint-yml.yml | 1 + .github/workflows/rebase-needed.yml | 2 + .github/workflows/test-js.yml | 1 + .../workflows/test-migrations-one-step.yml | 1 + .../workflows/test-migrations-two-step.yml | 1 + .github/workflows/test-ruby.yml | 1 + 14 files changed, 122 insertions(+), 99 deletions(-) delete mode 100644 .github/dependabot.yml create mode 100644 .github/renovate.json5 diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 5e6556cb53..0000000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,99 +0,0 @@ -# To get started with Dependabot version updates, you'll need to specify which -# package ecosystems to update and where the package manifests are located. -# Please see the documentation for all configuration options: -# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates - -version: 2 -updates: - - package-ecosystem: npm - directory: '/' - schedule: - interval: weekly - open-pull-requests-limit: 99 - allow: - - dependency-type: direct - ignore: - # This version needs to match Rails major version, so stick to 6.x only - - dependency-name: '@rails/ujs' - versions: - - '>= 7' - # TODO: This requires code changes for migration - - dependency-name: 'tesseract.js' - versions: - - '>= 3' - # TODO: This version needs manual updates for breaking changes - - dependency-name: 'react-hotkeys' - versions: - - '>= 2' - # TODO: This version requires code changes - - dependency-name: 'webpack-dev-server' - versions: - - '>= 4' - # TODO: This version was ignored in https://github.com/mastodon/mastodon/pull/15238 - - dependency-name: 'webpack-cli' - versions: - - '>= 4' - - - package-ecosystem: bundler - directory: '/' - schedule: - interval: weekly - open-pull-requests-limit: 99 - allow: - - dependency-type: direct - ignore: - # This version needs to match Rails major version, so stick to 6.x only - - dependency-name: 'rails-i18n' - versions: - - '>= 7.0.0' - # This version needs manual updates https://github.com/rails/sprockets/blob/master/UPGRADING.md#guide-to-upgrading-from-sprockets-3x-to-4x - - dependency-name: 'sprockets' - versions: - - '>= 4.0.0' - # This version needs manual updates https://github.com/rails/sprockets/blob/master/UPGRADING.md#guide-to-upgrading-from-sprockets-3x-to-4x - - dependency-name: 'strong_migrations' - versions: - - '>= 1.0.0' - # This version needs updates and to sync with sidekiq-unique-jobs - - dependency-name: 'sidekiq' - versions: - - '>= 7.0.0' - # This version needs updates and to sync with sidekiq - - dependency-name: 'sidekiq-unique-jobs' - versions: - - '>= 8.0.0' - # This version needs updates and to sync with sidekiq and sidekiq-unique-jobs - - dependency-name: 'redis' - versions: - - '>= 5.0.0' - # TODO: was ignored in https://github.com/mastodon/mastodon/pull/13964 - - dependency-name: 'fog-openstack' - versions: - - '>= 1.0.0' - # sassc dependency issue tracked in https://github.com/BetterErrors/better_errors/issues/516 - - dependency-name: 'better_errors' - versions: - - '2.10.0' - - - package-ecosystem: github-actions - directory: '/' - schedule: - interval: weekly - open-pull-requests-limit: 99 - allow: - - dependency-type: direct - - - package-ecosystem: docker - directory: '/' - schedule: - interval: weekly - open-pull-requests-limit: 99 - ignore: - - dependency-name: 'moritzheiber/ruby-jemalloc' - update-types: - # only suggest patch releases for ruby and needs to sync with .ruby-version - - 'version-update:semver-minor' - - dependency-name: 'node' - update-types: - # only node minor releases allowed unless .nvmrc major is changed - - 'version-update:semver-major' diff --git a/.github/renovate.json5 b/.github/renovate.json5 new file mode 100644 index 0000000000..22878636f9 --- /dev/null +++ b/.github/renovate.json5 @@ -0,0 +1,109 @@ +{ + $schema: 'https://docs.renovatebot.com/renovate-schema.json', + extends: [ + 'config:base', + ':dependencyDashboard', + ':labels(dependencies)', + ':maintainLockFilesMonthly', // update non-direct dependencies monthly + ':prConcurrentLimit10', // only 10 open PRs at the same time + ], + stabilityDays: 3, // Wait 3 days after the package has been published before upgrading it + // packageRules order is important, they are applied from top to bottom and are merged, + // so for example grouping rules needs to be at the bottom + packageRules: [ + { + // Ignore major version bumps for these node packages + matchManagers: ['npm'], + matchPackageNames: [ + '@rails/ujs', // Needs to match the major Rails version + 'tesseract.js', // Requires code changes + 'react-hotkeys', // Requires code changes + + // Requires Webpacker upgrade or replacement + '@types/webpack', + 'babel-loader', + 'compression-webpack-plugin', + 'css-loader', + 'imports-loader', + 'mini-css-extract-plugin', + 'postcss-loader', + 'sass-loader', + 'terser-webpack-plugin', + 'webpack', + 'webpack-assets-manifest', + 'webpack-bundle-analyzer', + 'webpack-dev-server', + 'webpack-cli', + + // react-router: Requires manual upgrade + 'history', + 'react-router-dom', + ], + matchUpdateTypes: ['major'], + enabled: false, + }, + { + // Ignore major version bumps for these Ruby packages + matchManagers: ['bundler'], + matchPackageNames: [ + 'sprockets', // Requires manual upgrade https://github.com/rails/sprockets/blob/master/UPGRADING.md#guide-to-upgrading-from-sprockets-3x-to-4x + 'strong_migrations', // Requires manual upgrade + 'sidekiq', // Requires manual upgrade + 'sidekiq-unique-jobs', // Requires manual upgrades and sync with Sidekiq version + 'redis', // Requires manual upgrade and sync with Sidekiq version + 'fog-openstack', // TODO: was ignored in https://github.com/mastodon/mastodon/pull/13964 + + // Needs major Rails version bump + 'rack', + 'rails', + 'rails-i18n', + ], + matchUpdateTypes: ['major'], + enabled: false, + }, + { + // Update Github Actions and Docker images weekly + matchManagers: ['github-actions', 'dockerfile', 'docker-compose'], + extends: ['schedule:weekly'], + }, + { + // Ignore major & minor bumps for the ruby image, this needs to be synced with .ruby-version + matchManagers: ['dockerfile'], + matchPackageNames: ['moritzheiber/ruby-jemalloc'], + matchUpdateTypes: ['minor', 'major'], + enabled: false, + }, + { + // Ignore major bump for the node image, this needs to be synced with .nvmrc + matchManagers: ['dockerfile'], + matchPackageNames: ['node'], + matchUpdateTypes: ['major'], + enabled: false, + }, + { + // Ignore major postgres bumps in the docker-compose file, as those break dev environments + matchManagers: ['docker-compose'], + matchPackageNames: ['postgres'], + matchUpdateTypes: ['major'], + enabled: false, + }, + { + // Update devDependencies every week, with one grouped PR + matchDepTypes: 'devDependencies', + matchUpdateTypes: ['patch', 'minor'], + excludePackageNames: [ + 'typescript', // Typescript has many changes in minor versions, needs to be checked every time + ], + groupName: 'devDependencies (non-major)', + extends: ['schedule:weekly'], + }, + { + // Update @types/* packages every week, with one grouped PR + matchPackagePrefixes: '@types/', + matchUpdateTypes: ['patch', 'minor'], + groupName: 'DefinitelyTyped types (non-major)', + extends: ['schedule:weekly'], + addLabels: ['typescript'], + }, + ], +} diff --git a/.github/workflows/lint-css.yml b/.github/workflows/lint-css.yml index 51bde39bc1..4d3c2ce5af 100644 --- a/.github/workflows/lint-css.yml +++ b/.github/workflows/lint-css.yml @@ -3,6 +3,7 @@ on: push: branches-ignore: - 'dependabot/**' + - 'renovate/**' paths: - 'package.json' - 'yarn.lock' diff --git a/.github/workflows/lint-haml.yml b/.github/workflows/lint-haml.yml index 2ddbca7818..56d817123a 100644 --- a/.github/workflows/lint-haml.yml +++ b/.github/workflows/lint-haml.yml @@ -3,6 +3,7 @@ on: push: branches-ignore: - 'dependabot/**' + - 'renovate/**' paths: - '.github/workflows/haml-lint-problem-matcher.json' - '.github/workflows/lint-haml.yml' diff --git a/.github/workflows/lint-js.yml b/.github/workflows/lint-js.yml index 547035ab3f..1f0cfd1e70 100644 --- a/.github/workflows/lint-js.yml +++ b/.github/workflows/lint-js.yml @@ -3,6 +3,7 @@ on: push: branches-ignore: - 'dependabot/**' + - 'renovate/**' paths: - 'package.json' - 'yarn.lock' diff --git a/.github/workflows/lint-json.yml b/.github/workflows/lint-json.yml index 7dfc0e0588..8712d8bd80 100644 --- a/.github/workflows/lint-json.yml +++ b/.github/workflows/lint-json.yml @@ -3,6 +3,7 @@ on: push: branches-ignore: - 'dependabot/**' + - 'renovate/**' paths: - 'package.json' - 'yarn.lock' diff --git a/.github/workflows/lint-md.yml b/.github/workflows/lint-md.yml index b489ce9684..d19a0470db 100644 --- a/.github/workflows/lint-md.yml +++ b/.github/workflows/lint-md.yml @@ -3,6 +3,7 @@ on: push: branches-ignore: - 'dependabot/**' + - 'renovate/**' paths: - '.github/workflows/lint-md.yml' - '.nvmrc' diff --git a/.github/workflows/lint-ruby.yml b/.github/workflows/lint-ruby.yml index de54fe9ae5..0395c8639f 100644 --- a/.github/workflows/lint-ruby.yml +++ b/.github/workflows/lint-ruby.yml @@ -3,6 +3,7 @@ on: push: branches-ignore: - 'dependabot/**' + - 'renovate/**' paths: - 'Gemfile*' - '.rubocop*.yml' diff --git a/.github/workflows/lint-yml.yml b/.github/workflows/lint-yml.yml index d77451ee62..295e9610b3 100644 --- a/.github/workflows/lint-yml.yml +++ b/.github/workflows/lint-yml.yml @@ -3,6 +3,7 @@ on: push: branches-ignore: - 'dependabot/**' + - 'renovate/**' paths: - 'package.json' - 'yarn.lock' diff --git a/.github/workflows/rebase-needed.yml b/.github/workflows/rebase-needed.yml index 6a8035210c..131a62a576 100644 --- a/.github/workflows/rebase-needed.yml +++ b/.github/workflows/rebase-needed.yml @@ -4,10 +4,12 @@ on: push: branches-ignore: - 'dependabot/**' + - 'renovate/**' - 'l10n_main' pull_request_target: branches-ignore: - 'dependabot/**' + - 'renovate/**' - 'l10n_main' types: [synchronize] diff --git a/.github/workflows/test-js.yml b/.github/workflows/test-js.yml index 32e21d23ce..3306105f9e 100644 --- a/.github/workflows/test-js.yml +++ b/.github/workflows/test-js.yml @@ -3,6 +3,7 @@ on: push: branches-ignore: - 'dependabot/**' + - 'renovate/**' paths: - 'package.json' - 'yarn.lock' diff --git a/.github/workflows/test-migrations-one-step.yml b/.github/workflows/test-migrations-one-step.yml index 212b2cfe73..a91fd819a2 100644 --- a/.github/workflows/test-migrations-one-step.yml +++ b/.github/workflows/test-migrations-one-step.yml @@ -3,6 +3,7 @@ on: push: branches-ignore: - 'dependabot/**' + - 'renovate/**' pull_request: jobs: diff --git a/.github/workflows/test-migrations-two-step.yml b/.github/workflows/test-migrations-two-step.yml index 310153929d..50266fb8a0 100644 --- a/.github/workflows/test-migrations-two-step.yml +++ b/.github/workflows/test-migrations-two-step.yml @@ -3,6 +3,7 @@ on: push: branches-ignore: - 'dependabot/**' + - 'renovate/**' pull_request: jobs: diff --git a/.github/workflows/test-ruby.yml b/.github/workflows/test-ruby.yml index f284745ea4..07cb1d41f8 100644 --- a/.github/workflows/test-ruby.yml +++ b/.github/workflows/test-ruby.yml @@ -4,6 +4,7 @@ on: push: branches-ignore: - 'dependabot/**' + - 'renovate/**' pull_request: env: