Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 0 additions & 6 deletions .github/dependabot.yml

This file was deleted.

32 changes: 32 additions & 0 deletions .github/renovate.json5
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
// This file follows JSON5 syntax, to make it
// easier to maintain.
{
$schema: "https://docs.renovatebot.com/renovate-schema.json",
// Disable every built-in manager (npm, dockerfile, ...) except github-actions.
enabledManagers: ["github-actions"],
// PR titles use Conventional Commits: `deps(<action>): ...`
semanticCommits: "enabled",
semanticCommitType: "deps",
packageRules: [
// GitHub Actions updates: run weekly, skip releases newer than 2 weeks
// to avoid picking up freshly published versions that may be unstable or
// compromised, and pin to full commit SHAs (with the version as a
// trailing comment) rather than mutable tags.
// When both major and minor releases exist, propose only the latest bump
// (typically major) instead of a separate minor PR.
{
matchManagers: ["github-actions"],
schedule: ["on monday"],
minimumReleaseAge: "14 days",
// Track upgrades by semver tag, but pin the resolved version to its full
// commit SHA (semver tag kept as a trailing comment). Use the coerced
// variant so short tags like `v3` / `v1.7` (which several actions only
// publish) still parse instead of silently stopping updates.
versioning: "semver-coerced",
pinDigests: true,
separateMajorMinor: false,
semanticCommitScope: "{{depName}}",
commitMessageTopic: "{{depName}}",
},
],
}
Loading