forked from OrchardCMS/OrchardCore
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathrenovate.json5
More file actions
182 lines (180 loc) · 6.87 KB
/
renovate.json5
File metadata and controls
182 lines (180 loc) · 6.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
{
// As a GitHub organization admin, you can access the Renovate dashboard at
// https://developer.mend.io/github/OrchardCMS/OrchardCore and manage the GitHub app at
// https://github.com/organizations/OrchardCMS/settings/installations/57088442.
$schema: 'https://docs.renovatebot.com/renovate-schema.json',
extends: [
'config:recommended',
'helpers:pinGitHubActionDigests',
// See https://docs.renovatebot.com/semantic-commits/.
':semanticCommitsDisabled',
],
// See https://docs.renovatebot.com/configuration-options/#configmigration.
configMigration: true,
packageRules: [
// Such updates should never break, so are usually safe to automerge (unless another group below overrides it
// for a given dependency).
{
groupName: 'Non-Breaking Dependency Versions',
matchUpdateTypes: ['patch', 'pin', 'pinDigest'],
'automerge': true,
},
// Minor dependencies are ought to be non-breaking but can be (like
// https://github.com/OrchardCMS/OrchardCore/pull/17584), so better to keep them separate.
{
groupName: 'Minor Dependency Versions',
matchUpdateTypes: ['minor'],
},
// Elastic.Clients.Elasticsearch doesn't follow SemVer, so updates need to be tested manually and can't be
// auto-merged even if it's only a patch version update.
{
groupName: 'Elasticsearch',
matchPackageNames: [
'Elastic.Clients.Elasticsearch',
],
// We need to keep this on 8.x for now, see
// https://github.com/OrchardCMS/OrchardCore/pull/17942#issuecomment-2903626717.
allowedVersions: '<9.0.0',
},
// Disable certain updates.
{
// The .NET 8 versions of these packages need to stay on 8.x. We maintain a separate reference to the
// .NET 9 versions in Directory.Packages.props, only active when building for .NET 9.
matchPackageNames: [
'AspNet.Security.OAuth.GitHub',
'Microsoft.AspNetCore.Authentication.Facebook',
'Microsoft.AspNetCore.Authentication.Google',
'Microsoft.AspNetCore.Authentication.MicrosoftAccount',
'Microsoft.AspNetCore.Authentication.OpenIdConnect',
'Microsoft.AspNetCore.Authentication.Twitter',
'Microsoft.AspNetCore.DataProtection.StackExchangeRedis',
'Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation',
'Microsoft.AspNetCore.Mvc.Testing',
'Microsoft.AspNetCore.Owin',
'Microsoft.AspNetCore.Authorization',
'Microsoft.Extensions.Caching.Memory',
'Microsoft.Extensions.Caching.StackExchangeRedis',
'Microsoft.Extensions.Http.Resilience',
'Serilog.AspNetCore',
'System.IO.Hashing',
'System.Text.Json',
],
allowedVersions: '<9.0.0',
matchCurrentVersion: '/^8\\./',
},
{
// See https://github.com/OrchardCMS/OrchardCore/issues/16318 on why we have NPM updates disabled.
matchManagers: [
'npm',
],
enabled: false,
},
{
matchManagers: [
'npm',
],
matchPackageNames: [
'trumbowyg',
],
enabled: true,
groupName: 'Trumbowyg',
},
{
// See the the comment in global.json on why this is disabled.
groupName: 'global.json',
matchFileNames: ['global.json'],
enabled: false,
},
// These are database engines referenced in .github/workflows/functional_all_db.yml. They should match the
// minimum versions supported by YesSql, see:
// https://github.com/sebastienros/yessql/blob/main/.github/workflows/build.yml.
{
matchPackageNames: [
'postgres',
'mysql',
'mcr.microsoft.com/mssql/server',
],
enabled: false,
},
// These are updated manually during a .NET SDK upgrade.
{
matchPackageNames: [
'mcr.microsoft.com/dotnet/aspnet',
'mcr.microsoft.com/dotnet/sdk',
],
enabled: false,
},
// See the comment in src/docs/requirements.txt.
{
matchPackageNames: [
'click',
],
enabled: false,
},
// Groups of packages that we want to update together.
{
groupName: 'Azure.Communication packages',
matchPackageNames: [
'/^Azure\\.Communication.*$/',
],
},
{
groupName: 'Elastic Docker images',
matchPackageNames: [
'/^docker\\.elastic\\.co.*$/',
],
},
{
groupName: 'GraphQL packages',
matchPackageNames: [
'/^GraphQL.*$/',
],
},
{
// Microsoft.AspNetCore.Authentication.OpenIdConnect depends on Microsoft.IdentityModel.* packages, just as
// Microsoft.Identity.Web and the OpenIddict packages do. Additionally, we also reference
// Microsoft.IdentityModel.Protocols.OpenIdConnect directly. So, we need to update them together.
groupName: 'Identity packages',
matchPackageNames: [
'Microsoft.AspNetCore.Authentication.OpenIdConnect',
'Microsoft.IdentityModel.Protocols.OpenIdConnect',
'Microsoft.Identity.Web',
'/^OpenIddict.*$/',
],
},
{
groupName: 'Lucene.NET packages',
matchPackageNames: [
'/^Lucene\\.Net.*$/',
],
},
{
// MailKit depends on MimeKit (what we also use directly), so we need to keep the two in sync.
groupName: 'MailKit and MimeKit packages',
matchPackageNames: [
'MailKit',
'MimeKit',
],
},
{
groupName: 'SixLabors.ImageSharp.Web packages',
matchPackageNames: [
'/^SixLabors\\.ImageSharp\\.Web.*$/',
],
},
{
groupName: 'YesSql packages',
matchPackageNames: [
'/^YesSql.*$/',
],
},
],
// With GitHub Actions, concurrency is not really an issue.
prHourlyLimit: 0,
// Between 0:00 and 6:00 UTC on Sundays. Large time window to ensure that Renovate runs at least once then:
// https://docs.renovatebot.com/configuration-options/#schedule.
schedule: [
'* 0-6 * * 7',
],
addLabels: ['dependencies'],
}