sadasd

Author: alan-agius4

.github/workflows/assistant-to-the-branch-manager.yml

@@ -0,0 +1,27 @@
+name: Assistant to the Branch Manager
+
+# Because the branch manager does not work for dev-infra, due to not using target branches, we don't
+# actually use any automatic triggers. Repository dispatch is included for our own testing use and
+# ensuring a valid config.
+on:
+  repository_dispatch:
+  # push:
+  # pull_request_target:
+  #   types: [opened, synchronize, reopened, ready_for_review, labeled]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  assistant_to_the_branch_manager:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v5.0.0
+        with:
+          # Setting persist-credentials instructs actions/checkout not to persist the credentials
+          # in configuration or environment.  Since we don't rely on the credentials used for
+          # checkout this is an improved security measure.
+          persist-credentials: false
+      - uses: ./github-actions/branch-manager
+        with:
+          angular-robot-key: ${{ secrets.ANGULAR_ROBOT_PRIVATE_KEY }}

package.json

@@ -6,7 +6,25 @@
     "node": "^18.19.1 || ^20.11.1 || >=22.0.0"
   },
   "dependencies": {
-    "zone.js": "~0.12.4"
+    "@angular/benchpress": "~0.3.0",
+    "@octokit/auth-app": "^6",
+    "@octokit/core": "^5",
+    "@angular/core": "^20.0.0-rc",
+    "@angular/common": "20.0.0-rc.1",
+    "@types/jasmine": "~5.1.0",
+    "quicktype-core": "23.1.0",
+    "@types/node": "^12.11.1",
+    "jasmine-core": "~3.8.0",
+    "karma": "~6.3.0",
+    "karma-chrome-launcher": "~3.1.0",
+    "karma-coverage": "~2.0.3",
+    "karma-jasmine": "~4.0.0",
+    "karma-jasmine-html-reporter": "~2.1.0",
+    "ng-packagr": "^20.0.0-rc",
+    "rxjs": "~6.6.0",
+    "tslib": "^2.3.0",
+    "typescript": "~4.3.5",
+    "zone.js": "~0.11.4"
   },
   "pnpm": {
     "onlyBuiltDependencies": []

renovate-preset/default.json5

@@ -1,66 +1,89 @@
 {
-  $schema: "https://docs.renovatebot.com/renovate-schema.json",
-  extends: ["group:monorepos"],
+  $schema: 'https://docs.renovatebot.com/renovate-schema.json',
+  extends: ['group:monorepos'],
   dependencyDashboard: true,
-  rangeStrategy: "replace",
+  rangeStrategy: 'replace',
+  automerge: false,
+
+  // Temporary workaround for https://github.com/renovatebot/renovate/discussions/30812
+  ignoreScripts: false,
 
   // Schedule Renovate to run during off-peak hours
-  schedule: [
-    "after 10:00pm every weekday",
-    "before 5:00am every weekday",
-    "every weekend",
-  ],
+  schedule: ['after 10:00pm every weekday', 'before 5:00am every weekday', 'every weekend'],
   prConcurrentLimit: 8,
   prHourlyLimit: 4,
-  timezone: "America/Tijuana",
+  timezone: 'America/Tijuana',
 
   // Commit and PR customization
-  commitBody: "See associated pull request for more information.",
-  semanticCommits: "enabled",
-  semanticCommitScope: "",
-  semanticCommitType: "build",
-  labels: ["area: build & ci", "action: review"],
+  commitBody: 'See associated pull request for more information.',
+  semanticCommits: 'enabled',
+  semanticCommitScope: '',
+  semanticCommitType: 'build',
+  labels: ['area: build & ci', 'action: merge'],
 
   lockFileMaintenance: {
     enabled: true,
   },
 
+  // Feature disabled: permission to enable vulnerability alerts is not granted
+  vulnerabilityAlerts: {
+    enabled: false,
+  },
+
   // Ignored dependencies in all repositories
   ignoreDeps: [
-    "build_bazel_rules_nodejs",
-    "rules_pkg",
-    "yarn", // Yarn is copied locally in all repositories where needed.
+    'rules_pkg',
+    'yarn', // Yarn is copied locally in all repositories where needed.
   ],
+
+  // Renovate does not update Bazel lockfile for the time being.
+  // Workaround for https://github.com/renovatebot/renovate/issues/25557
   postUpgradeTasks: {
-    commands: ["foo-bar-command333"],
-    fileFilters: ["MODULE.bazel.lock2"],
-    executionMode: "branch",
+    commands: [
+      '.npmrc',
+      'pnpm install --frozen-lockfile',
+      'pnpm bazel mod deps --lockfile_mode=update',
+    ],
+    fileFilters: ['MODULE.bazel.lock'],
+    executionMode: 'branch',
   },
+
   packageRules: [
-    {
-      matchDepNames: ["!zone.js"],
-      enabled: false,
-    },
     // ============================================================================
     // GENERAL GROUPING & UPDATE BEHAVIOR
     // ============================================================================
 
-    // Group all non-major updates (minor and patch) together
+    // Rule to disable updates on branches other than 'main'.
     {
-      groupName: "all non-major dependencies",
-      matchDepNames: ["*", "!node", "!pnpm", "!npm", "!yarn"],
-      matchUpdateTypes: ["digest", "patch", "minor"],
-      postUpgradeTasks: null,
+      'enabled': false,
+      'matchBaseBranches': ['!main'],
+      'matchDepNames': ['!node', '!pnpm', '!npm', '!yarn'],
     },
 
+    // Group all non-major dependencies together for updates on the 'main' branch.
+    {
+      'enabled': true,
+      'matchBaseBranches': ['main'],
+      'groupName': 'all non-major dependencies',
+      'matchDepNames': ['*', '!node', '!pnpm', '!npm', '!yarn'],
+      'matchUpdateTypes': ['digest', 'patch', 'minor'],
+    },
     // ============================================================================
     // ECOSYSTEM-SPECIFIC GROUPING
     // ============================================================================
 
     // Group Bazel updates
     {
-      groupName: "bazel dependencies",
-      matchManagers: ["bazel"],
+      enabled: true,
+      groupName: 'bazel dependencies',
+      matchManagers: ['bazel'],
+    },
+
+    // Group GitHub Actions workflow
+    {
+      enabled: true,
+      groupName: 'all github actions',
+      matchManagers: ['github-actions'],
     },
 
     // ============================================================================
@@ -69,58 +92,54 @@
 
     // Group updates related to Angular ecosystem across repositories
     {
-      groupName: "cross-repo angular dependencies",
-      followTag: "next",
+      enabled: true,
+      groupName: 'cross-repo angular dependencies',
+      followTag: 'next',
       separateMajorMinor: false,
-      schedule: ["at any time"],
+      schedule: ['at any time'],
       matchPackageNames: [
-        "@angular-devkit/**",
-        "@angular/**",
-        "@schematics/**",
-        "angular/**",
-        "ng-packagr",
+        '@angular-devkit/**',
+        '@angular/**',
+        '@schematics/**',
+        'angular/**',
+        'ng-packagr',
       ],
     },
 
     // @angular/benchpress is not released as 'next'
     {
       followTag: null,
-      matchDepNames: ["@angular/benchpress"],
+      matchDepNames: ['@angular/benchpress'],
+    },
+
+    // Disable 'postUpdateTasks' for changes that do not effect the BAZEL lock files or generated files.
+    {
+      matchManagers: ['github-actions'],
+      postUpgradeTasks: null,
     },
 
     // Disable 'next' tag tracking on non-main branches
     {
-      matchBaseBranches: ["!main"],
+      matchBaseBranches: ['!main'],
       followTag: null,
     },
 
     // Keep minor and patch updates separate for TypeScript
     {
-      matchDepNames: ["typescript"],
+      matchDepNames: ['typescript'],
       separateMinorPatch: true,
     },
 
     // Group TypeScript-related packages
     {
-      groupName: "typescript dependencies",
-      matchDepNames: ["typescript", "tslib"],
+      groupName: 'typescript dependencies',
+      matchDepNames: ['typescript', 'tslib'],
     },
 
     // Limit how many times these packages get updated (They deploy each merged PR)
     {
-      matchDepNames: ["renovate", "quicktype-core"],
-      schedule: ["on sunday and wednesday"],
-    },
-
-    // ============================================================================
-    // WORKFLOW-SPECIFIC UPDATE RULES
-    // ============================================================================
-
-    // Group dependencies in the scorecard GitHub Actions workflow
-    {
-      groupName: "scorecard action dependencies",
-      matchFileNames: [".github/workflows/scorecard.yml"],
-      matchDepNames: ["*"],
+      matchDepNames: ['renovate', 'quicktype-core', 'google-closure-compiler'],
+      schedule: ['on sunday and wednesday'],
     },
 
     // ============================================================================
@@ -130,30 +149,36 @@
     // Disable updates for placeholder or 0.0.0-style versions
     {
       enabled: false,
-      matchCurrentVersion: "/^[~^]?0\\.0\\.0-/",
+      matchCurrentVersion: '/^[~^]?0\\.0\\.0-/',
     },
 
     // Disable major updates for specified dependencies
     {
       enabled: false,
       matchDepNames: [
-        "@types/node",
-        "node",
-        "bazel", // bazelisk bazel verison
-        "npm",
-        "pnpm",
-        "rxjs",
-        "tslib",
-        "yarn",
+        '@types/node',
+        'node',
+        'bazel', // bazelisk bazel version
+        'npm',
+        'rxjs',
+        'tslib',
+        'yarn',
       ],
-      matchUpdateTypes: ["major"],
+      matchUpdateTypes: ['major'],
     },
 
     // Disable TypeScript major and minor updates
     {
       enabled: false,
-      matchDepNames: ["typescript"],
-      matchUpdateTypes: ["major", "minor"],
+      matchDepNames: ['typescript'],
+      matchUpdateTypes: ['major', 'minor'],
+    },
+
+    // Rule to disable major updates on branches other than 'main'.
+    {
+      'enabled': false,
+      'matchBaseBranches': ['!main'],
+      'matchUpdateTypes': ['major'],
     },
   ],
 }