From 246291e186c0959f4da5980155d1c801ca8d822a Mon Sep 17 00:00:00 2001 From: sheldonhull Date: Tue, 22 Oct 2024 19:00:10 -0500 Subject: [PATCH] refactor: align with latest grouped updates (#30) --- .markdownlint.yaml | 55 ------ .trunk/.gitignore | 3 +- .../configs/.gitleaks.toml | 0 .trunk/configs/.markdownlint.yaml | 63 +++++- .../configs/.prettierrc.yaml | 0 .trunk/configs/.shellcheckrc | 7 + .../configs/.yamllint.yaml | 0 .trunk/trunk.yaml | 46 +++-- .whitesource | 25 --- common.json | 56 ++++-- default-disabled-managers.json | 5 + default-enabled-nonstandard-managers.json | 16 ++ default-schedule.json | 5 + default.json | 153 ++------------- group-by-manager.json | 71 ------- packagerules-default.json | 181 ++++++++++++++++++ packagerules-disable.json | 24 +++ packagerules-force-disable-all-managers.json | 11 ++ packagerules-npm.json | 5 + packagerules-pinned.json | 13 ++ renovate.json | 5 +- security.json | 22 +-- 22 files changed, 426 insertions(+), 340 deletions(-) delete mode 100644 .markdownlint.yaml rename .gitleaks.toml => .trunk/configs/.gitleaks.toml (100%) rename .prettierrc.yaml => .trunk/configs/.prettierrc.yaml (100%) create mode 100644 .trunk/configs/.shellcheckrc rename .yamllint.yaml => .trunk/configs/.yamllint.yaml (100%) delete mode 100644 .whitesource create mode 100644 default-disabled-managers.json create mode 100644 default-enabled-nonstandard-managers.json create mode 100644 default-schedule.json delete mode 100644 group-by-manager.json create mode 100644 packagerules-default.json create mode 100644 packagerules-disable.json create mode 100644 packagerules-force-disable-all-managers.json create mode 100644 packagerules-npm.json create mode 100644 packagerules-pinned.json diff --git a/.markdownlint.yaml b/.markdownlint.yaml deleted file mode 100644 index a0bc7f4..0000000 --- a/.markdownlint.yaml +++ /dev/null @@ -1,55 +0,0 @@ ---- -#https://github.com/DavidAnson/markdownlint/blob/main/doc/Rules.md#md002 -comment: my-markdown-linting-rules - -# enable all default tagged rules -default: true - -# enable indentation rules by default -indentation: true - -#MD004 - Unordered list style -# Parameters: style ("consistent", "asterisk", "plus", "dash", "sublist"; default "consistent") -# Defaults to dash -MD004: - style: dash - -# MD041 - First line in a file should be a top-level heading: https://github.com/DavidAnson/markdownlint/blob/main/doc/Rules.md#md041---first-line-in-a-file-should-be-a-top-level-heading -MD041: true -# MD007 - Unordered list indentation: https://github.com/DavidAnson/markdownlint/blob/main/doc/Rules.md#md007---unordered-list-indentation -# This rule is triggered when list items are not indented by the configured number of spaces (default: 2). -MD007: true -no-hard-tabs: true - -# enable all whitespace rules, such as: -# - eliminate trailing whitespace -# - no tabs, use only spaces -# - remove double spaces -# - clean spacing up -whitespace: true - -# require urls to have []() format, rather than just pasting raw links. This improves readability. -no-bare-urls: true - -# Don't allow anonymous code blocks, make sure a language is specificed, so that formatting can be applied. -fenced-code-language: true -# Don't allow nested html to be directly used without exception being allowed. -no-inline-html: true -# MD025 - Multiple top-level headings in the same document -> https://github.com/DavidAnson/markdownlint/blob/main/doc/Rules.md#md025---multiple-top-level-headings-in-the-same-document -# if using front matter, we don't want a title property + a # Title to conflict -MD025: true - -# MD013 - Line length -# This is for maintainability and code diffs. -# Try applying semantic line break concept for breaking up longer phrases -# https://sembr.org/ -MD013: - line_length: 200 - -# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content -# This tweaks to allow nested items to have duplicate headers. -MD024: - # Only check sibling headings - allow_different_nesting: true - # Only check sibling headings - siblings_only: true diff --git a/.trunk/.gitignore b/.trunk/.gitignore index 695b519..15966d0 100644 --- a/.trunk/.gitignore +++ b/.trunk/.gitignore @@ -2,7 +2,8 @@ *logs *actions *notifications +*tools plugins user_trunk.yaml user.yaml -tools +tmp diff --git a/.gitleaks.toml b/.trunk/configs/.gitleaks.toml similarity index 100% rename from .gitleaks.toml rename to .trunk/configs/.gitleaks.toml diff --git a/.trunk/configs/.markdownlint.yaml b/.trunk/configs/.markdownlint.yaml index fb94039..778c53a 100644 --- a/.trunk/configs/.markdownlint.yaml +++ b/.trunk/configs/.markdownlint.yaml @@ -1,10 +1,55 @@ -# Autoformatter friendly markdownlint config (all formatting rules disabled) +--- +#https://github.com/DavidAnson/markdownlint/blob/main/doc/Rules.md#md002 +# comment: my-markdown-linting-rules + +# enable all default tagged rules default: true -blank_lines: false -bullet: false -html: false -indentation: false -line_length: false -spaces: false -url: false -whitespace: false + +# enable indentation rules by default +indentation: true + +#MD004 - Unordered list style +# Parameters: style ("consistent", "asterisk", "plus", "dash", "sublist"; default "consistent") +# Defaults to dash +MD004: + style: dash + +# MD041 - First line in a file should be a top-level heading: https://github.com/DavidAnson/markdownlint/blob/main/doc/Rules.md#md041---first-line-in-a-file-should-be-a-top-level-heading +MD041: true +# MD007 - Unordered list indentation: https://github.com/DavidAnson/markdownlint/blob/main/doc/Rules.md#md007---unordered-list-indentation +# This rule is triggered when list items are not indented by the configured number of spaces (default: 2). +MD007: true +no-hard-tabs: true + +# enable all whitespace rules, such as: +# - eliminate trailing whitespace +# - no tabs, use only spaces +# - remove double spaces +# - clean spacing up +whitespace: true + +# require urls to have []() format, rather than just pasting raw links. This improves readability. +no-bare-urls: true + +# Don't allow anonymous code blocks, make sure a language is specificed, so that formatting can be applied. +fenced-code-language: true +# Don't allow nested html to be directly used without exception being allowed. +no-inline-html: true +# MD025 - Multiple top-level headings in the same document -> https://github.com/DavidAnson/markdownlint/blob/main/doc/Rules.md#md025---multiple-top-level-headings-in-the-same-document +# if using front matter, we don't want a title property + a # Title to conflict +MD025: true + +# MD013 - Line length +# This is for maintainability and code diffs. +# Try applying semantic line break concept for breaking up longer phrases +# https://sembr.org/ +MD013: + line_length: 200 + +# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content +# This tweaks to allow nested items to have duplicate headers. +MD024: + # Only check sibling headings + allow_different_nesting: true + # Only check sibling headings + siblings_only: true diff --git a/.prettierrc.yaml b/.trunk/configs/.prettierrc.yaml similarity index 100% rename from .prettierrc.yaml rename to .trunk/configs/.prettierrc.yaml diff --git a/.trunk/configs/.shellcheckrc b/.trunk/configs/.shellcheckrc new file mode 100644 index 0000000..8c7b1ad --- /dev/null +++ b/.trunk/configs/.shellcheckrc @@ -0,0 +1,7 @@ +enable=all +source-path=SCRIPTDIR +disable=SC2154 + +# If you're having issues with shellcheck following source, disable the errors via: +# disable=SC1090 +# disable=SC1091 diff --git a/.yamllint.yaml b/.trunk/configs/.yamllint.yaml similarity index 100% rename from .yamllint.yaml rename to .trunk/configs/.yamllint.yaml diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml index 8fe400c..ddbd99b 100644 --- a/.trunk/trunk.yaml +++ b/.trunk/trunk.yaml @@ -1,42 +1,56 @@ version: 0.1 cli: - version: 1.13.0 + version: 1.22.6 plugins: sources: - id: trunk - ref: v1.0.0 + ref: v1.2.1 uri: https://github.com/trunk-io/plugins lint: enabled: - - renovate@36.40.6 - - taplo@0.8.1 - - yamllint@1.32.0 - - actionlint@1.6.25 + - checkov@3.2.269 + - shellcheck@0.10.0 + - shfmt@3.6.0 + - trivy@0.56.2 + - trufflehog@3.82.12 + - renovate@38.129.2 + - taplo@0.9.3 + - yamllint@1.35.1 + - actionlint@1.7.3 - git-diff-check - - gitleaks@8.17.0 - - markdownlint@0.35.0 - - prettier@3.0.1 - ignore: - - linters: - - renovate - paths: + - gitleaks@8.21.1 + - markdownlint@0.42.0 + - prettier@3.3.3 + files: + - name: renovate + filenames: - common.json + - default-disabled-managers.json + - default-enabled-nonstandard-managers.json + - default-manager-config.json + - default-schedule.json - default.json - - group-by-manager.json + - packagerules-disable.json + - packagerules-default.json + - packagerules-force-disable-all-managers.json + - packagerules-npm.json + - packagerules-pinned.json + - renovate.json - security.json runtimes: enabled: - python@3.10.8 - - go@1.19.5 + - go@1.23.0 - node@18.12.1 actions: disabled: - trunk-announce + - renovate-config-validator + enabled: - trunk-fmt-pre-commit - trunk-check-pre-push - trunk-upgrade-available - - renovate-config-validator definitions: - id: renovate-config-validator description: Validate the config. diff --git a/.whitesource b/.whitesource deleted file mode 100644 index e467438..0000000 --- a/.whitesource +++ /dev/null @@ -1,25 +0,0 @@ -{ - "scanSettings": { - "configMode": "AUTO", - "configExternalURL": "", - "projectToken": "", - "baseBranches": [], - "enableLicenseViolations": true, - "displayLicenseViolations": false - }, - "checkRunSettings": { - "vulnerableCheckRunConclusionLevel": "failure", - "displayMode": "diff", - "useMendCheckNames": true - }, - "issueSettings": { - "minSeverityLevel": "NONE", - "issueType": "DEPENDENCY" - }, - "remediateSettings": { - "enableRenovate": true, - "workflowRules": { - "enabled": true - } - } -} diff --git a/common.json b/common.json index a139f82..1fabc11 100644 --- a/common.json +++ b/common.json @@ -1,27 +1,59 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ - ":dependencyDashboard", - ":semanticPrefixFixDepsChoreOthers", + ":semanticCommits", + ":semanticCommitTypeAll(build)", ":ignoreModulesAndTests", "replacements:all", "workarounds:all", - ":semanticCommitTypeAll(chore)", - "github>whitesource/merge-confidence:beta", - "github>aquaproj/aqua-renovate-config#1.2.6", "helpers:pinGitHubActionDigests", "regexManagers:githubActionsVersions", "regexManagers:dockerfileVersions", - ":enableVulnerabilityAlerts", - "group:linters" + "group:linters", + ":disablePrControls", + ":pinVersions", + ":pinSkipCi", + ":disableDependencyDashboard", + "group:dotNetCore", + "github>aquaproj/aqua-renovate-config:installer-script#2.3.1(scripts/.*\\.sh)", + "github>aquaproj/aqua-renovate-config#2.3.1", + "github>aquaproj/aqua-renovate-config:aqua-renovate-config#2.3.1(common\\.json)", + "security:openssf-scorecard", + ":renovatePrefix", + "mergeConfidence:all-badges" ], + "autoApprove": true, + "automerge": true, + "automergeStrategy": "squash", + "automergeType": "pr", "binarySource": "docker", + "branchPrefix": "renovate/", + "branchTopic": "{{{manager}}}-{{{newMajor}}}{{#if separateMinorPatch}}{{#if isPatch}}.{{{newMinor}}}{{/if}}{{/if}}.x{{#if isLockfileUpdate}}-lockfile{{/if}}", + "dependencyDashboardAutoclose": false, + "dependencyDashboardLabels": ["dependencies"], + "labels": ["dependencies"], + "major": { + "automerge": false, + "dependencyDashboardApproval": true + }, + "minor": { + "automerge": true + }, + "onboardingPrTitle": "chore(deps): onboard with renovate", + "patch": { + "automerge": true + }, "platformAutomerge": true, - "pruneStaleBranches": true, "postUpdateOptions": ["gomodTidy", "gomodUpdateImportPaths"], - "unicodeEmoji": true, + "prConcurrentLimit": 0, + "prCreation": "immediate", + "prHourlyLimit": 0, + "pruneStaleBranches": true, "rangeStrategy": "pin", - "onboardingPrTitle": "chore(deps): onboard with renovate", - "labels": ["dependencies"], - "dependencyDashboardLabels": ["dependencies"] + "rebaseWhen": "behind-base-branch", + "semanticCommits": "enabled", + "separateMajorMinor": true, + "stopUpdatingLabel": "take-a-break-renovate", + "timezone": "America/Chicago", + "unicodeEmoji": true } diff --git a/default-disabled-managers.json b/default-disabled-managers.json new file mode 100644 index 0000000..ec3e5a1 --- /dev/null +++ b/default-disabled-managers.json @@ -0,0 +1,5 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "description": "## Default Disabled Managers\n\nThis configuration defines the disabled managers.", + "packageRules": [] +} diff --git a/default-enabled-nonstandard-managers.json b/default-enabled-nonstandard-managers.json new file mode 100644 index 0000000..8df1bfe --- /dev/null +++ b/default-enabled-nonstandard-managers.json @@ -0,0 +1,16 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "description": "### Default Enabled Nonstandard Managers\n\nThis is the default setup of enabled managers that aren't by default included. These are experimental or not in the standard list of [supported managers](https://docs.renovatebot.com/modules/manager/#supported-managers).", + "azure-pipelines": { + "description": "#### Azure Pipelines Manager\n\nAzure Pipelines functionality is currently in beta testing, so you must opt-in to test it. [Azure Pipelines Documentation](https://docs.renovatebot.com/modules/manager/azure-pipelines/)\n\n- **enabled**: `true` to enable the manager.\n\n- **fileMatch**: An array of file patterns to match Azure Pipelines YAML files.", + "enabled": true, + "fileMatch": [ + "azure.*pipelines?.*\\.ya?ml$", + "build/.*\\.ya?ml$", + "pipelines/.*\\.ya?ml$", + "ci/.*\\.ya?ml$", + ".ci/.*\\.ya?ml$", + ".azure-devops/.*\\.ya?ml$" + ] + } +} diff --git a/default-schedule.json b/default-schedule.json new file mode 100644 index 0000000..6d00ffc --- /dev/null +++ b/default-schedule.json @@ -0,0 +1,5 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "description": "### Default Schedule\n\nSets up a default schedule for Renovate to run during specific times. Security or override updates are generated outside of the evening hours. Note: This is relative to the CST timezone.\n\n- **Schedule**: \n - After 10pm\n - Before 3am\n\nFor more details, refer to the [Renovate Schema](https://docs.renovatebot.com/renovate-schema.json).", + "schedule": ["after 10pm", "before 3am"] +} diff --git a/default.json b/default.json index 54a295d..82ad15d 100644 --- a/default.json +++ b/default.json @@ -1,140 +1,23 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "description": "Welcome to the default renovate setup!", + "username": "Renovate Bot", + "gitAuthor": "bot@renovateapp.com", "extends": [ - "config:base", - ":dependencyDashboard", - ":semanticPrefixFixDepsChoreOthers", - ":ignoreModulesAndTests", - "replacements:all", - "workarounds:all", - "schedule:earlyMondays", - ":semanticCommitTypeAll(chore)", - "github>whitesource/merge-confidence:beta", - "github>aquaproj/aqua-renovate-config#1.2.6", - "helpers:pinGitHubActionDigests", - "regexManagers:githubActionsVersions", - "regexManagers:dockerfileVersions", - ":enableVulnerabilityAlerts", - "group:linters" + "local>DelineaXPM/renovate-config:common", + "local>DelineaXPM/renovate-config:default-schedule", + "local>DelineaXPM/renovate-config:default-enabled-nonstandard-managers", + "local>DelineaXPM/renovate-config:default-manager-config", + "local>DelineaXPM/renovate-config:default-disabled-managers", + "local>DelineaXPM/renovate-config:packagerules-default", + "local>DelineaXPM/renovate-config:packagerules-pinned", + "local>DelineaXPM/renovate-config:packagerules-disable", + "local>DelineaXPM/renovate-config:security" ], - "labels": ["dependencies"], - "dependencyDashboardLabels": ["dependencies"], - "binarySource": "docker", - "semanticCommits": "enabled", - "pruneStaleBranches": true, - "rebaseWhen": "behind-base-branch", - "semanticCommitType": "chore", - "semanticCommitScope": "deps", - "platformAutomerge": true, - "automergeStrategy": "squash", - "unicodeEmoji": true, - "rangeStrategy": "pin", - "postUpdateOptions": ["gomodTidy", "gomodUpdateImportPaths"], - "prCreation": "not-pending", - "prConcurrentLimit": 3, - "onboardingPrTitle": "chore(deps): onboard with renovate", - "gomod": { - "enabled": true, - "commitMessageTopic": "⬆️ golang module {{depName}}" - }, - "docker": { - "enabled": true, - "commitMessageTopic": "⬆️ docker update 🐳 {{depName}}" - }, - "npm": { - "commitMessageTopic": "⬆️ npm update {{depName}}", - "fileMatch": ["(^|/)package.json$"], - "rollbackPrs": true, - "versioning": "npm" - }, - "terraform": { - "commitMessageTopic": "☁️ terraform update {{depName}}", - "enabled": true - }, - "major": { - "dependencyDashboardApproval": true - }, - "dependencyDashboardAutoclose": true, - "minor": { - "automerge": true - }, - "patch": { - "automerge": true - }, - "packageRules": [ - { - "matchPackagePatterns": ["aws-sdk"], - "groupName": "aws-sdk", - "commitMessageTopic": "☁️ aws-sdk update {{depName}}" - }, - { - "matchFileNames": ["**/magefiles/**", "magefile.go", "mage.go"], - "groupName": "mage-tooling", - "commitMessageTopic": "🤖 mage tooling", - "automerge": true, - "matchUpdateTypes": ["minor", "patch"], - "prPriority": -1 - }, - { - "matchPackagePatterns": [ - "github.com/magefile/mage", - "github.com/sheldonhull/magetools", - "github.com/bitfield/script", - "github.com/pterm/pterm" - ], - "groupName": "mage-tooling", - "commitMessageTopic": "🤖 mage tooling", - "automerge": true, - "matchUpdateTypes": ["minor", "patch"], - "prPriority": -1 - }, - { - "matchFileNames": ["**/.github/**"], - "matchManagers": ["github-actions"], - "groupName": "github-actions", - "automerge": true, - "commitMessageTopic": "🤖 github actions", - "matchUpdateTypes": ["minor", "patch", "digest", "pin", "pinDigest"], - "prPriority": -1, - "prBodyDefinitions": { - "Package": "[{{{depName}}}](https://github.com/{{{depName}}})", - "Change": "[`{{{displayFrom}}}` -> `{{{displayTo}}}`](https://github.com/{{{depName}}}/compare/{{{displayFrom}}}...{{{displayTo}}})" - }, - "prBodyColumns": ["Package", "Change", "Type", "Update"] - }, - { - "matchManagers": ["npm"], - "matchDepTypes": ["devDependencies"], - "enabled": true, - "groupName": "npm-devdependencies", - "stabilityDays": 5 - }, - { - "matchDatasources": ["npm"], - "stabilityDays": 5 - }, - { - "description": "Opt-out minimum Go version updates: https://github.com/renovatebot/renovate/issues/16715", - "matchManagers": ["gomod"], - "matchDepTypes": ["golang"], - "enabled": false - }, - { - "matchFileNames": ["aqua.yaml", "registry.yaml"], - "groupName": "aqua-packages", - "automerge": true, - "commitMessageTopic": "🤖 aqua tooling", - "matchUpdateTypes": ["minor", "patch"], - "prPriority": -1 - } - ], - "osvVulnerabilityAlerts": true, - "vulnerabilityAlerts": { - "enabled": true, - "prCreation": "immediate", - "labels": ["security"], - "minimumReleaseAge": null, - "dependencyDashboardApproval": false, - "schedule": [] - } + "ignorePaths": [ + "**/node_modules/**", + "**/bower_components/**", + "**/vendor/**", + "**/__fixtures__/**" + ] } diff --git a/group-by-manager.json b/group-by-manager.json deleted file mode 100644 index bcedfc8..0000000 --- a/group-by-manager.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "packageRules": [ - { - "matchManagers": ["regex"], - "groupName": "regex", - "commitMessageTopic": "⬆️ regex matched {{depName}}", - "automerge": true - }, - { - "matchManagers": ["dockerfile", "docker-compose"], - "groupName": "docker", - "commitMessageTopic": "⬆️ docker {{depName}}", - "automerge": true - }, - { - "matchManagers": ["gomod"], - "groupName": "gomod", - "commitMessageTopic": "⬆️ gomod {{depName}}", - "automerge": true - }, - { - "matchManagers": ["nodenv", "npm"], - "groupName": "npm", - "commitMessageTopic": "⬆️ node, npm {{depName}}", - "automerge": true - }, - { - "matchManagers": [ - "terraform", - "terraform-version", - "terragrunt", - "terragrunt-version", - "tflint-plugin" - ], - "groupName": "terraform", - "commitMessageTopic": "⬆️ terraform", - "automerge": true - }, - { - "matchManagers": ["nuget"], - "groupName": "nuget", - "commitMessageTopic": "⬆️ nuget", - "automerge": true - }, - { - "matchManagers": ["github-actions"], - "groupName": "github-actions", - "commitMessageTopic": "⬆️ github-actions", - "automerge": true - }, - { - "matchManagers": ["azure-pipelines"], - "groupName": "azure-pipelines", - "commitMessageTopic": "⬆️ azure-pipeline", - "automerge": true - }, - { - "matchPaths": [ - "aqua.yaml", - "registry.yaml", - ".aqua/aqua.yaml", - ".aqua/registry.yaml" - ], - "groupName": "⬆️ aqua-packages", - "commitMessageTopic": "⬆️ aqua-packages", - "prPriority": -1, - "automerge": true - } - ] -} diff --git a/packagerules-default.json b/packagerules-default.json new file mode 100644 index 0000000..43b7359 --- /dev/null +++ b/packagerules-default.json @@ -0,0 +1,181 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "description": "Tweaks to package management to add nice titles, prioritization overrides, group based on prettyDepType and other tweaks for performance or fixes. Automerge set to true so autocomplete is one click and go. Will automerge if project has no reviewer policy in place.", + "packageRules": [ + { + "matchPackageNames": ["*"], + "description": "Overall grouping on depType to minimize noise", + "groupName": "{{manager}}", + "commitMessageAction": "📦 {{updateType}}", + "commitMessageTopic": "{{prettyDepType}}", + "semanticCommitType": "build", + "semanticCommitScope": "{{manager}}", + "automerge": true + }, + { + "extends": ["monorepo:aws-sdk-net"], + "description": "AWS SDK for .NET with custom changelog", + "changelogUrl": "https://github.com/aws/aws-sdk-net/blob/main/changelogs/SDK.CHANGELOG.2024.md", + "automerge": true + }, + { + "description": "Lower priority updates for mage tooling", + "groupName": "mage-tooling", + "commitMessageAction": "✨ mage tooling", + "prPriority": 2, + "schedule": ["after 10pm on monday", "before 3am on monday"], + "matchPackageNames": [ + "/github.com/magefile/mage/", + "/github.com/sheldonhull/magetools/", + "/github.com/bitfield/script/", + "/github.com/pterm/pterm/" + ], + "automerge": true + }, + { + "description": "Lower priority for GitHub Actions updates", + "matchManagers": ["github-actions"], + "prPriority": -1, + "automerge": true + }, + { + "description": "NPM devDependencies with a delay", + "matchManagers": ["npm"], + "matchDepTypes": ["devDependencies"], + "minimumReleaseAge": "5 days", + "schedule": ["after 10pm on monday", "before 3am on monday"], + "automerge": true + }, + { + "description": "NPM datasources with a delay", + "matchDatasources": ["npm"], + "minimumReleaseAge": "5 days", + "automerge": true + }, + { + "description": "Regex manager updates", + "matchManagers": ["regex"], + "groupName": "{{manager}}", + "commitMessageAction": "🔍 {{updateType}}", + "automerge": true + }, + { + "description": "Custom regex manager updates", + "matchManagers": ["custom.regex"], + "groupName": "{{manager}}", + "commitMessageAction": "🔍 {{updateType}}", + "automerge": true + }, + { + "description": "Docker updates", + "matchManagers": ["dockerfile", "docker-compose"], + "groupName": "docker", + "commitMessageAction": "🐳 {{updateType}}", + "automerge": true + }, + { + "description": "Go module updates", + "matchManagers": ["gomod"], + "groupName": "{{manager}}", + "commitMessageAction": "⚡ {{updateType}}", + "automerge": true + }, + { + "description": "Node environment and NPM updates", + "matchManagers": ["nodenv", "npm"], + "groupName": "{{manager}}", + "automerge": true + }, + { + "description": "Terraform and related updates", + "matchManagers": [ + "terraform", + "terraform-version", + "terragrunt", + "terragrunt-version", + "tflint-plugin" + ], + "groupName": "{{manager}}", + "automerge": true + }, + { + "description": "GitHub Actions updates", + "matchManagers": ["github-actions"], + "groupName": "{{manager}}", + "automerge": true + }, + { + "description": "Azure pipeline templates with high priority", + "matchManagers": ["azure-pipelines"], + "groupName": "{{depNameSanitized}}", + "commitMessageAction": "🚀 {{updateType}}", + "prPriority": 9, + "automerge": true + }, + { + "description": "Major version updates for Azure pipeline tasks", + "matchDatasources": ["azure-pipelines-tasks"], + "extractVersion": "^(?\\d+)", + "groupName": "{{datasource}}", + "commitMessageAction": "🚀 {{updateType}}", + "prPriority": -1, + "automerge": true + }, + { + "description": "Minor updates for Aqua registry files", + "matchDepNames": [ + "aquaproj/aqua-registry", + "aquaproj/aqua", + "aquaproj/aqua-installer", + "aquaproj/aqua-renovate-config" + ], + "groupName": "aqua", + "matchUpdateTypes": ["minor", "patch", "digest", "pin", "pinDigest"], + "commitMessageAction": "🌊 {{updateType}}", + "semanticCommitScope": "aqua-proj", + "prPriority": 2, + "schedule": ["after 10pm on monday", "before 3am on monday"], + "automerge": true + }, + { + "description": "Minor updates for Aqua registry files", + "matchFileNames": [ + "aqua.yaml", + "registry.yaml", + ".aqua/aqua.yaml", + ".aqua/registry.yaml" + ], + "groupName": "aqua", + "matchUpdateTypes": ["minor", "patch", "digest", "pin", "pinDigest"], + "commitMessageAction": "🌊 {{updateType}}", + "semanticCommitScope": "aqua-proj", + "prPriority": 2, + "schedule": ["after 10pm on monday", "before 3am on monday"], + "automerge": true + }, + { + "description": "Major updates for Aqua registry files", + "matchFileNames": [ + "aqua.yaml", + "registry.yaml", + ".aqua/aqua.yaml", + ".aqua/registry.yaml" + ], + "groupName": "aqua {{updateType}}", + "matchUpdateTypes": ["major"], + "commitMessageAction": "🌊 {{updateType}}", + "semanticCommitScope": "aqua-proj", + "autoApprove": false, + "schedule": ["after 10pm on monday", "before 3am on monday"], + "automerge": true + }, + { + "description": "Group dependencies from devex/nuke automation", + "matchDepTypes": ["nuget"], + "matchFileNames": ["**/.nuke/*", "**/build/*"], + "groupName": "nuke", + "commitMessageAction": "💣 {{updateType}}", + "automerge": true + } + ] +} diff --git a/packagerules-disable.json b/packagerules-disable.json new file mode 100644 index 0000000..062aec9 --- /dev/null +++ b/packagerules-disable.json @@ -0,0 +1,24 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "description": "### Package Rules to Always Disable\n\nThese rules are designed to always be disabled to avoid edge cases or problematic updates.\n\n#### Custom Managers\n\n- **Terraform Reusable Module Provider Versions**: \n - Bypasses pinning terraform reusable module provider versions.\n - Terraform files in the root are reusable modules, not 'root modules', using the cloudposse module project structure.\n - These should _not_ pin provider versions but honor a minimum range to avoid failure with pinned root modules calling a module with a different version, which would cause an error.\n - Examples nested directory should still version pin.\n - [Renovate Schema](https://docs.renovatebot.com/renovate-schema.json)\n", + "packageRules": [ + { + "description": "Bypasses pinning terraform reusable module provider versions. Terraform files in the root are reusable modules, not 'root modules', using the cloudposse module project structure. These should _not_ pin provider versions but honor a minimum range to avoid failure with pinned root modules calling a module with a different version, which would cause an error. Examples nested directory should still version pin.", + "enabled": false, + "matchFileNames": ["*.tf"], + "matchDatasources": ["terraform-provider"], + "matchUpdateTypes": ["pin"] + }, + { + "matchDatasources": ["golang-version"], + "description": "Opt-out minimum Go version updates. See [issue #16715](https://github.com/renovatebot/renovate/issues/16715) and [Go Modules Directive Versioning](https://docs.renovatebot.com/modules/versioning/#go-modules-directive-versioning).", + "enabled": false + }, + { + "description": "Terraform version is not pinned, as this CLI version is often managed with tooling like `aqua` or called via plugins. Until it's determined to be worth it, let's avoid constant updates.", + "matchDepTypes": ["required_version"], + "matchManagers": ["terraform"], + "enabled": false + } + ] +} diff --git a/packagerules-force-disable-all-managers.json b/packagerules-force-disable-all-managers.json new file mode 100644 index 0000000..d68759e --- /dev/null +++ b/packagerules-force-disable-all-managers.json @@ -0,0 +1,11 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "description": "🚨 **Warning:** Disables all package patterns. Use this to disable everything, then selectively re-enable.", + "packageRules": [ + { + "matchPackagePatterns": ["*"], + "enabled": false, + "description": "Disables all package patterns." + } + ] +} diff --git a/packagerules-npm.json b/packagerules-npm.json new file mode 100644 index 0000000..1c40ca7 --- /dev/null +++ b/packagerules-npm.json @@ -0,0 +1,5 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "description": "Custom npm exclusions and rules based on feedback.", + "packageRules": [] +} diff --git a/packagerules-pinned.json b/packagerules-pinned.json new file mode 100644 index 0000000..f4bacfc --- /dev/null +++ b/packagerules-pinned.json @@ -0,0 +1,13 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "description": "### Problematic Versions\n\nPinned as a global rule to block upgrades for any repositories.", + "packageRules": [ + { + "description": "Limit the .NET ASP.NET Core to 8.0-alpine, preventing upgrades to 9.0-alpine", + "matchPackageNames": ["mcr.microsoft.com/dotnet/aspnet"], + "allowedVersions": "8.0-alpine", + "matchDepTypes": ["final"], + "matchDatasources": ["docker"] + } + ] +} diff --git a/renovate.json b/renovate.json index 0c655eb..459a388 100644 --- a/renovate.json +++ b/renovate.json @@ -1,6 +1,5 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": [ - "local>DelineaXPM/renovate-config" - ] + "description": "This is for renovate managing it's own repo. Use default.json as the actual entry point for a org config.", + "extends": ["local>DelineaXPM/renovate-config"] } diff --git a/security.json b/security.json index 79bcea1..8b91c8f 100644 --- a/security.json +++ b/security.json @@ -1,21 +1,17 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": [ - "config:base", - "schedule:weekdays", - "github>DelineaXPM/renovate-config:common", - "github>DelineaXPM/renovate-config:group-by-manager" - ], - "dependencyDashboardApproval": true, + "description": "This is typically near end of all extends and will forcibly group and override any security related fixes to be seperated regardless of default matching behaviors.", "osvVulnerabilityAlerts": true, "vulnerabilityAlerts": { + "groupName": "🛡️ vulnerability [{{{vulnerabilitySeverity}}}]", + "commitMessageSuffix": "", "enabled": true, - "prCreation": "immediate", - "labels": ["security"], - "dependencyDashboardApproval": false, - "schedule": [], "semanticCommitType": "security", - "commitMessageTopic": "🛡️ {{depName}}", - "prPriority": 100 + "prCreation": "immediate", + "labels": ["security", "ignore-stale", "dependencies"], + "schedule": ["at any time"], + "recreateWhen": "always", + "branchTopic": "{{{datasource}}}-vulnerability", + "commitMessageAction": "🛡️ {{updateType}}" } }