Skip to content

chore: Configure Renovate #41

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore: Configure Renovate #41

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented May 19, 2025
edited
Loading

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

Detected Package Files

  • .github/workflows/dependabot-automerge.yaml (github-actions)
  • .github/workflows/periodic-zizmor.yaml (github-actions)
  • .github/workflows/self-zizmor.yaml (github-actions)
  • .github/workflows/snyk_monitor.yml (github-actions)
  • trivy/action.yml (github-actions)

Configuration Summary

Based on the default config's presets, Renovate will:

  • Start dependency updates only once this onboarding PR is merged
  • Hopefully safe environment variables to allow users to configure.
  • Show all Merge Confidence badges for pull requests.
  • Enable Renovate Dependency Dashboard creation.
  • Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
  • Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
  • Group known monorepo packages together.
  • Use curated list of recommended non-monorepo package groupings.
  • Show only the Age and Confidence Merge Confidence badges for pull requests.
  • Apply crowd-sourced package replacement rules.
  • Apply crowd-sourced workarounds for known problems with packages.

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

What to Expect

With your current configuration, Renovate will create 9 Pull Requests:

chore(deps): update actions/checkout digest to f43a0e5
  • Schedule: ["at any time"]
  • Branch name: renovate/actions-checkout-digest
  • Merge into: main
  • Upgrade actions/checkout to f43a0e5ff2bd294095638e18286ca9a3d1956744
chore(deps): update grafana/shared-workflows digest to 70731a5
  • Schedule: ["at any time"]
  • Branch name: renovate/grafana-shared-workflows-digest
  • Merge into: main
  • Upgrade grafana/shared-workflows to 70731a505da74b4f7430ffee6cfd205c0b7c66e3
chore(deps): update snyk/actions digest to 2860679
  • Schedule: ["at any time"]
  • Branch name: renovate/snyk-actions-digest
  • Merge into: main
  • Upgrade snyk/actions to 28606799782bc8e809f4076e9f8293bc4212d05e
chore(deps): update aquasecurity/trivy-action action to v0.32.0
  • Schedule: ["at any time"]
  • Branch name: renovate/aquasecurity-trivy-action-0.x
  • Merge into: main
  • Upgrade aquasecurity/trivy-action to dc5a429b52fcf669ce959baa2c2dd26090d2a6c4
chore(deps): update astral-sh/setup-uv action to v6.3.1
  • Schedule: ["at any time"]
  • Branch name: renovate/astral-sh-setup-uv-6.x
  • Merge into: main
  • Upgrade astral-sh/setup-uv to bd01e18f51369d5a26f1651c3cb451d3417e3bba
chore(deps): update dependabot/fetch-metadata action to v1.7.0
  • Schedule: ["at any time"]
  • Branch name: renovate/dependabot-fetch-metadata-1.x
  • Merge into: main
  • Upgrade dependabot/fetch-metadata to 8348ea7f5d949b08c7f125a44b569c9626b05db3
chore(deps): update actions/checkout action to v4
  • Schedule: ["at any time"]
  • Branch name: renovate/actions-checkout-4.x
  • Merge into: main
  • Upgrade actions/checkout to 11bd71901bbe5b1630ceea73d27597364c9af683
chore(deps): update dependabot/fetch-metadata action to v2
  • Schedule: ["at any time"]
  • Branch name: renovate/dependabot-fetch-metadata-2.x
  • Merge into: main
  • Upgrade dependabot/fetch-metadata to 08eff52bf64351f401fb50d4972fa95b9f2c2d1b
chore(deps): update tibdex/github-app-token action to v2
  • Schedule: ["at any time"]
  • Branch name: renovate/tibdex-github-app-token-2.x
  • Merge into: main
  • Upgrade tibdex/github-app-token to 3beb63f4bd073e61482598c45c71c1019b59b73a

🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for prhourlylimit for details.

Warning

Please correct - or verify that you can safely ignore - these dependency lookup failures before you merge this PR.

  • Could not determine new digest for update (github-tags package actions/checkout)

Files affected: trivy/action.yml

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

This PR was generated by Mend Renovate. View the repository job log.

@CLAassistant
Copy link

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@CLAassistant