From 37a0c854b51c251a6411d0134bc81f98ad03e4ce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Guillaume=20Desv=C3=A9?= <guillaume.desve@almapay.com>
Date: Wed, 26 Jun 2024 09:09:57 +0200
Subject: [PATCH] chore: add renovate/dependabot configuration for updates and
 security issues

---
 .github/dependabot.yml | 27 ++++++++++++++++++---------
 .github/renovate.json  | 27 +++++++++++++++++++++++++++
 .nvmrc                 |  1 +
 3 files changed, 46 insertions(+), 9 deletions(-)
 create mode 100644 .github/renovate.json
 create mode 100644 .nvmrc

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 37320800..bd64723c 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,13 +1,22 @@
+# This file is only used for vulnerability alerts, not for automatic updates.
+# This is due to the fact that Renovate does not support patching lock files directly.
+# cf. https://docs.renovatebot.com/configuration-options/#transitiveremediation
+
 version: 2
 
 updates:
-
-  - package-ecosystem: "github-actions"
-    # Workflow files stored in the
-    # default location of `.github/workflows`
-    directory: "/"
+  - package-ecosystem: npm
+    directory: /
     schedule:
-      interval: weekly
-      day: sunday
-      time: "20:00"
-    open-pull-requests-limit: 10
\ No newline at end of file
+      interval: monthly
+    open-pull-requests-limit: 0  # only allow vulnerabilities
+    groups:
+      npm-vulnerabilities:
+        applies-to: security-updates
+        patterns:
+          - "*"
+    labels:
+      - "type: security"
+    reviewers:
+      - alma/squad-e-commerce-integrations
+      - alma/it-and-security-operation
diff --git a/.github/renovate.json b/.github/renovate.json
new file mode 100644
index 00000000..6ce64733
--- /dev/null
+++ b/.github/renovate.json
@@ -0,0 +1,27 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "prHourlyLimit": 20,
+  "prConcurrentLimit": 20,
+  "recreateWhen": "always",
+  "enabledManagers": ["github-actions", "nvm", "npm"],
+  "reviewers": ["team:squad-e-commerce-integrations"],
+  "extends": [
+    "github>alma/renovate:github-actions",
+    "github>alma/renovate:vulnerabilities",
+    "github>alma/renovate:confidence-badges"
+  ],
+  "packageRules": [
+    {
+      "matchManagers": ["npm"],
+      "groupName": "NPM dependencies",
+      "reviewers": ["team:squad-e-commerce-integrations"]
+    },
+    {
+      "matchManagers": ["npm"],
+      "matchUpdateTypes": ["major"],
+      "groupName": "major NPM dependencies",
+      "reviewers": ["team:squad-e-commerce-integrations"],
+      "draftPR": true
+    }
+  ]
+}
diff --git a/.nvmrc b/.nvmrc
new file mode 100644
index 00000000..48082f72
--- /dev/null
+++ b/.nvmrc
@@ -0,0 +1 @@
+12