Configure Renovate (#1526)

renovate[bot] · martincostello · web-flow · commit 59f285d46510 · 2025-07-04T07:55:40.000+01:00
* Add renovate.json

Signed-off-by: renovate[bot] &lt;29139614+renovate[bot]@users.noreply.github.com&gt;

* Update Renovate configuration

- Move to `.github`.
- Disable dependabot.
- Harden permissions.
- Improve Git checkout.
- Specify allowed licenses.

---------

Signed-off-by: renovate[bot] &lt;29139614+renovate[bot]@users.noreply.github.com&gt;
Co-authored-by: renovate[bot] &lt;29139614+renovate[bot]@users.noreply.github.com&gt;
Co-authored-by: Martin Costello &lt;martin@martincostello.com&gt;
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,39 +1,7 @@
 version: 2
 updates:
-- package-ecosystem: "docker"
-  directory: ".devcontainer"
-  schedule:
-    interval: daily
-    time: "05:30"
-    timezone: Europe/London
 - package-ecosystem: "github-actions"
   directory: "/"
   schedule:
-    interval: daily
-    time: "05:30"
-    timezone: Europe/London
-- package-ecosystem: nuget
-  directory: "/"
-  groups:
-    xunit:
-      patterns:
-        - xunit*
-  schedule:
-    interval: daily
-    time: "05:30"
-    timezone: Europe/London
-  open-pull-requests-limit: 99
-- package-ecosystem: npm
-  directory: "/src/TodoApp"
-  groups:
-    babel:
-      patterns:
-        - "@babel/*"
-    typescript-eslint:
-      patterns:
-        - "@typescript-eslint/*"
-  schedule:
-    interval: daily
-    time: "05:30"
+    interval: yearly
     timezone: Europe/London
-  open-pull-requests-limit: 99
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -0,0 +1,3 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json"
+}
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -47,6 +47,10 @@ jobs:
 
     - name: Checkout code
       uses: actions/checkout@v4
+      with:
+        filter: 'tree:0'
+        persist-credentials: false
+        show-progress: false
 
     - name: Setup .NET SDK
       uses: actions/setup-dotnet@v4
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -31,6 +31,10 @@ jobs:
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4
+      with:
+        filter: 'tree:0'
+        persist-credentials: false
+        show-progress: false
 
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v3
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -7,17 +7,25 @@ on:
       - dotnet-vnext
       - dotnet-nightly
 
-permissions:
-  contents: read
+permissions: {}
 
 jobs:
   dependency-review:
     runs-on: ubuntu-latest
 
+    permissions:
+      contents: read
+
     steps:
 
       - name: Checkout code
         uses: actions/checkout@v4
+        with:
+          filter: 'tree:0'
+          persist-credentials: false
+          show-progress: false
 
       - name: Review dependencies
         uses: actions/dependency-review-action@v4
+        with:
+          allow-licenses: 'Apache-2.0,BSD-2-Clause,BSD-3-Clause,MIT'
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -14,8 +14,7 @@ on:
       - dotnet-nightly
   workflow_dispatch:
 
-permissions:
-  contents: read
+permissions: {}
 
 env:
   FORCE_COLOR: 3
@@ -25,10 +24,17 @@ jobs:
   lint:
     runs-on: ubuntu-latest
 
+    permissions:
+      contents: read
+
     steps:
 
     - name: Checkout code
       uses: actions/checkout@v4
+      with:
+        filter: 'tree:0'
+        persist-credentials: false
+        show-progress: false
 
     - name: Add actionlint problem matcher
       run: echo "::add-matcher::.github/actionlint-matcher.json"

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+{`
	`2`	`+ "$schema": "https://docs.renovatebot.com/renovate-schema.json"`
	`3`	`+}`