chore: add shared renovate config with version bumping #453
Conversation
- Extends shared Unstructured renovate config for security-only dependency updates - Includes version bumping script for automatic version and CHANGELOG updates 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Syncs script with latest version from renovate-config that includes: - shfmt formatting (2-space indents) - pyproject.toml versioning support 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]>
- PEP 508 compliant package name regex (supports dots) - Detection for requirements/*.in files - Detection for pyproject.toml dependencies - Better logging of detected packages 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]>
🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]>
🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]>
🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]>
- Use portable sed for pyproject version extraction (avoid \x27) - Discard trailing content in pyproject version extraction - Include detected packages in changelog entries - Prevent substring match of CHANGELOG dev version header 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]>
Script now detects CHANGELOG format (brackets, subsections) and adapts output accordingly. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]>
| fi | ||
|
|
||
| cat "$tmp_file" "$CHANGELOG_FILE" >"$CHANGELOG_FILE.tmp" | ||
| mv "$CHANGELOG_FILE.tmp" "$CHANGELOG_FILE" |
There was a problem hiding this comment.
New CHANGELOG entry prepended before main file header
The create_new_changelog_entry function prepends the new version entry to the beginning of the file by concatenating tmp_file before CHANGELOG_FILE. For CHANGELOGs that have a main header like # Changelog or introductory text at the top, this inserts the new version section BEFORE the header, corrupting the file structure. Since the script is explicitly described as a "Shared script for Renovate" (line 5) intended for reuse, this breaks when used with repos that follow the common pattern of having a title header before version entries.
🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]>
| fi | ||
|
|
||
| cat "$tmp_file" "$CHANGELOG_FILE" >"$CHANGELOG_FILE.tmp" | ||
| mv "$CHANGELOG_FILE.tmp" "$CHANGELOG_FILE" |
There was a problem hiding this comment.
Prepending breaks CHANGELOGs with title headers
The create_new_changelog_entry() function uses cat to prepend the new version entry directly to the beginning of the CHANGELOG file. If the CHANGELOG follows Keep a Changelog format with a title header like # Changelog and description at the top, the new version entry would be inserted before this title, corrupting the document structure. The new entry should be inserted after any title/description but before the first version entry.
| if [ "$CHANGELOG_USE_BRACKETS" = true ]; then | ||
| DEV_VERSION_HEADER=$(grep -m 1 -E "^## \[${ESCAPED_VERSION}\]" "$CHANGELOG_FILE" || true) | ||
| else | ||
| DEV_VERSION_HEADER=$(grep -m 1 -E "^## ${ESCAPED_VERSION}(\s*$)" "$CHANGELOG_FILE" || true) |
There was a problem hiding this comment.
Non-bracketed version headers with dates won't match
The grep pattern for non-bracketed CHANGELOG format uses (\s*$) which requires the version to be at end of line. This fails to match common CHANGELOG headers that include dates like ## 1.2.0-dev1 - 2024-01-01. The bracketed format on line 251 doesn't have this restriction. When the dev header can't be matched, the script falls back to creating a new entry instead of renaming the existing one, potentially creating duplicate version entries in the CHANGELOG.
Summary
Test plan
🤖 Generated with Claude Code
Note
Sets up Renovate to manage security-only Python dependency updates and automates versioning/changelog maintenance.
renovate.json5extending org preset; for PyPI vulnerability alerts runsscripts/renovate-security-bump.sh(branch execution) with file filters forunstructured_inference/__version__.pyandCHANGELOG.mdscripts/renovate-security-bump.shthat detects versioning style (__version__.pyorpyproject.toml), computes release version (strip-devor bump patch), updates the version file, infers changed packages from diffs (requirements,uv.lock,pyproject.toml), and inserts a security-focused entry inCHANGELOG.mdrespecting existing formatWritten by Cursor Bugbot for commit a746443. This will update automatically on new commits. Configure here.