ni/python-renovate-config is a Git repository containing Renovate configurations for NI Python
projects.
The default configuration includes settings that are common to all NI Python projects.
- Extends
config:recommended - Branch prefix:
users/renovate - Time zone:
US/Central
The recommended configuration includes settings that are recommended for all NI Python projects, but which some project owners may want to configure differently.
- Extends
default.json - Updates GitHub Actions early Monday mornings
- Updates Python packages early Monday mornings
- Runs lock file maintenance monthly in order to upgrade indirect dependencies that are not covered
by the weekly update, such as
certifiortyping_extensions. - Enables vulnerability alerts (
presets/enableVulnerabilityAlerts.json) - Pins GitHub Action digests to semver
(
helpers:pinGitHubActionDigestsToSemver). This pins the digest hash so that builds are reproducible even if upstream updates their Git tags. It also adds a comment showing the version and treats the version as semantic versioning. For example, this convertsuses: actions/checkout@v4touses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2. - Rebases stale PRs (:rebaseStalePrs)
- Sets
minimumReleaseAgeto 14 days by default and 1 day forni/python-actionsand NI Python packages. If an upstream package is compromised, delaying makes it more likely that the compromised version will be detected and pulled from the repository before we try to upgrade. This should not affect security vulnerability alerts.
- Enables the
git-submodulesmanager.
- Extends
:enableVulnerabilityAlerts - Enables
osvVulnerabilityAlerts
Group GitHub Actions together.
Group Python packages together.
Matches all NI Python packages.