{ // Renovate config for the orbintsoft overlay. // // Renovate manages: the Go lint tools (`go install …@vX.Y.Z`), the gentoo/stage3 // container digest, the setup-go/setup-node versions, and the GitHub Actions pins // (SHA + version comment). Dependabot also maintains the GitHub Actions pins // (.github/dependabot.yml), on a different day — the two overlap on actions. // // json5 (not json) so each custom manager can be documented inline. Validated // by `make lint-renovate` (renovate-config-validator) and by the Mend app. "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": ["config:recommended"], // Once a week. The Dependency Dashboard issue lets us force an out-of-schedule // run/PR by ticking a box, so a manual run can always open PRs. "schedule": ["after 1pm and before 4pm on wednesday"], "dependencyDashboard": true, // Conventional Commits: everything Renovate touches here is CI tooling. "semanticCommits": "enabled", "semanticCommitType": "ci", // GitHub Actions pins — bumped here (and also by Dependabot, on a different day). "github-actions": { "enabled": true, }, "packageRules": [ { // One grouped, weekly PR for everything Renovate manages here (CI tooling // and the GitHub Actions pins). Node follows upstream to the latest major. "matchManagers": ["custom.regex", "github-actions"], "groupName": "ci tooling", }, ], "customManagers": [ { // Go lint tools installed via `go install …@vX.Y.Z` in the lint workflow. // Each is tagged in-file with `# renovate: datasource=… depName=…`. "customType": "regex", "managerFilePatterns": ["/^\\.github/workflows/lint\\.yml$/"], "matchStrings": [ "# renovate:\\s*datasource=(?\\S+)\\s+depName=(?\\S+)\\s+go install \\S+@(?v[0-9]\\S*)", ], }, { // gentoo/stage3 image, digest-pinned in the container launchers (the test // runner + the livecheck bump runner). The rolling `latest` tag keeps its // name, so Renovate just refreshes the pinned digest in both files. "customType": "regex", "managerFilePatterns": [ "/^scripts/test-pkg\\.sh$/", "/^scripts/livecheck-ci\\.sh$/", ], "matchStrings": [ "# renovate:\\s*datasource=(?\\S+)\\s+depName=(?\\S+)\\s+STAGE3_IMAGE=\"\\$\\{STAGE3_IMAGE:-[^:\"]+:(?[^@\"]+)@(?sha256:[a-f0-9]+)\\}\"", ], }, { // setup-go / setup-node versions in the lint workflow, pinned exact and // bumped by Renovate to the latest upstream major (node and go alike). The // `# renovate:` annotation sits on the line directly above each // `*-version:` value. "customType": "regex", "managerFilePatterns": ["/^\\.github/workflows/lint\\.yml$/"], "matchStrings": [ "# renovate:\\s*datasource=(?\\S+)\\s+depName=(?\\S+)(?:\\s+versioning=(?\\S+))?\\s*\\n\\s*[\\w.-]+:\\s*['\"]?(?[^'\"\\s]+)['\"]?", ], }, ], }