1+ {
2+ "$schema" : "https://docs.renovatebot.com/renovate-schema.json" ,
3+ "extends" : [
4+ "config:base"
5+ ] ,
6+ // The maximum number of PRs to be created in parallel
7+ "prConcurrentLimit" : 5 ,
8+ // The branches renovate should target
9+ "baseBranches" : [ "main" ] ,
10+ "ignorePaths" : [ "design/**" ] ,
11+ "postUpdateOptions" : [ "gomodTidy" ] ,
12+ // By default renovate will auto detect whether semantic commits have been used
13+ // in the recent history and comply with that, we explicitly disable it
14+ "semanticCommits" : "disabled" ,
15+ // All PRs should have a label
16+ "labels" : [ "automated" ] ,
17+ "regexManagers" : [
18+ {
19+ // We want a PR to bump Go versions used through env variables in any Github
20+ // Actions, taking it from the official Github repository.
21+ "fileMatch" : [ "^\\.github\\/workflows\\/[^/]+\\.ya?ml$" ] ,
22+ "matchStrings" : [
23+ "GO_VERSION: '(?<currentValue>.*?)'\\n"
24+ ] ,
25+ "datasourceTemplate" : "golang-version" ,
26+ "depNameTemplate" : "golang"
27+ } , {
28+ // We want a PR to bump golangci-lint versions used through env variables in
29+ // any Github Actions, taking it from the official Github repository tags.
30+ "fileMatch" : [ "^\\.github\\/workflows\\/[^/]+\\.ya?ml$" ] ,
31+ "matchStrings" : [
32+ "GOLANGCI_VERSION: '(?<currentValue>.*?)'\\n"
33+ ] ,
34+ "datasourceTemplate" : "github-tags" ,
35+ "depNameTemplate" : "golangci/golangci-lint"
36+ }
37+ ] ,
38+ // PackageRules disabled below should be enabled in case of vulnerabilities
39+ "vulnerabilityAlerts" : {
40+ "enabled" : true
41+ } ,
42+ "packageRules" : [
43+ {
44+ // We need to ignore k8s.io/client-go older versions as they switched to
45+ // semantic version and old tags are still available in the repo.
46+ "matchDatasources" : [
47+ "go"
48+ ] ,
49+ "matchDepNames" : [
50+ "k8s.io/client-go"
51+ ] ,
52+ "allowedVersions" : "<1.0"
53+ } , {
54+ // We want a single PR for all the patches bumps of kubernetes related
55+ // dependencies, as most of the times these are all strictly related.
56+ "matchDatasources" : [
57+ "go"
58+ ] ,
59+ "groupName" : "kubernetes patches" ,
60+ "matchUpdateTypes" : [
61+ "patch" ,
62+ "digest"
63+ ] ,
64+ "matchPackagePrefixes" : [
65+ "k8s.io" ,
66+ "sigs.k8s.io"
67+ ]
68+ } , {
69+ // We want dedicated PRs for each minor and major bumps to kubernetes related
70+ // dependencies.
71+ "matchDatasources" : [
72+ "go"
73+ ] ,
74+ "matchUpdateTypes" : [
75+ "major" ,
76+ "minor"
77+ ] ,
78+ "matchPackagePrefixes" : [
79+ "k8s.io" ,
80+ "sigs.k8s.io"
81+ ]
82+ } , {
83+ // We want dedicated PRs for each bump to non-kubernetes Go dependencies, but
84+ // only if there are known vulnerabilities in the current version.
85+ "matchDatasources" : [
86+ "go"
87+ ] ,
88+ "matchPackagePatterns" : [
89+ "*"
90+ ] ,
91+ "enabled" : false ,
92+ "excludePackagePrefixes" : [
93+ "k8s.io" ,
94+ "sigs.k8s.io"
95+ ] ,
96+ "matchUpdateTypes" : [
97+ "major" ,
98+ ] ,
99+ } , {
100+ // We want a single PR for all minor and patch bumps to non-kubernetes Go
101+ // dependencies, but only if there are known vulnerabilities in the current
102+ // version.
103+ "matchDatasources" : [
104+ "go"
105+ ] ,
106+ "matchPackagePatterns" : [
107+ "*"
108+ ] ,
109+ "enabled" : false ,
110+ "excludePackagePrefixes" : [
111+ "k8s.io" ,
112+ "sigs.k8s.io"
113+ ] ,
114+ "matchUpdateTypes" : [
115+ "minor" ,
116+ "patch" ,
117+ "digest"
118+ ] ,
119+ "groupName" : "all non-major go dependencies"
120+ } , {
121+ // We want a single PR for all minor and patch bumps of Github Actions
122+ "matchDepTypes" : [
123+ "action"
124+ ] ,
125+ "matchUpdateTypes" : [
126+ "minor" ,
127+ "patch"
128+ ] ,
129+ "groupName" : "all non-major github action" ,
130+ "pinDigests" : true
131+ } , {
132+ // We want dedicated PRs for each major bump to Github Actions
133+ "matchDepTypes" : [
134+ "action"
135+ ] ,
136+ "pinDigests" : true
137+ }
138+ ]
139+ }
0 commit comments