renovate-config/README.md
justusbunsi ebe621b11c
Introduce security preset
Signed-off-by: justusbunsi <sk.bunsenbrenner@gmail.com>
2023-12-21 17:00:52 +01:00

2.6 KiB

renovate-config

To host the renovate config.

  • config.js holds the self-hosted Renovate configuration so that Renovate knows what and how it should process.
  • renovate.json in this repository ensures to receive Renovate updates.
  • default.json holds the basic config for all repositories. It extends the presets by the renovate project defined in renovate-schema.json.
  • Each repository can extend/alter this config by adding a renovate.json file to the root of the repository.

Reusable presets

Golang dependency group

What it does:

  • Groups all Golang dependencies into one PR
    • Respects your repository's separateMajorMinor setting1
  • Runs go mod tidy before committing to ensure a clean go.sum2

Usage:

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "local>gitea/renovate-config",
+   "local>gitea/renovate-config:go-deps"
  ]
}

NPM dependency group

What it does:

  • Groups all NPM dependencies3 into one PR
    • Respects your repository's separateMajorMinor setting1
  • Groups all NPM dev-dependencies3 into one PR
    • Respects your repository's separateMajorMinor setting1

Usage:

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "local>gitea/renovate-config",
+   "local>gitea/renovate-config:npm-deps"
  ]
}

Workflow dependency group

What it does:

  • Groups all workflow dependencies into one PR
    • Respects your repository's separateMajorMinor setting1

Usage:

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "local>gitea/renovate-config",
+   "local>gitea/renovate-config:workflow-deps"
  ]
}

Security fixes

What it does:

  • Bumps a dependency to resolve a vulnerability4
    • Overrules any scheduling and grouping for that vulnerability

Usage:

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "local>gitea/renovate-config",
+   "local>gitea/renovate-config:security"
  ]
}