diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 78530d65b..3131083ca 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -1,20 +1,21 @@ { $schema: 'https://docs.renovatebot.com/renovate-schema.json', extends: [ - 'config:base', - ':dependencyDashboard', + 'config:recommended', ':labels(dependencies)', ':maintainLockFilesMonthly', // update non-direct dependencies monthly - ':prConcurrentLimit10', // only 10 open PRs at the same time + ':prConcurrentLimitNone', // Remove limit for open PRs at any time. + ':prHourlyLimit2' // Rate limit PR creation to a maximum of two per hour. ], - stabilityDays: 3, // Wait 3 days after the package has been published before upgrading it + minimumReleaseAge: "3", // Wait 3 days after the package has been published before upgrading it // packageRules order is important, they are applied from top to bottom and are merged, // meaning the most important ones must be at the bottom, for example grouping rules // If we do not want a package to be grouped with others, we need to set its groupName // to `null` after any other rule set it to something. + dependencyDashboardHeader: 'This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more. Before approving any upgrade: read the description and comments in the [`renovate.json5` file](https://github.com/mastodon/mastodon/blob/main/.github/renovate.json5).', packageRules: [ { - // Ignore major version bumps for these node packages + // Require Dependency Dashboard Approval for major version bumps of these node packages matchManagers: ['npm'], matchPackageNames: [ 'tesseract.js', // Requires code changes @@ -41,10 +42,10 @@ 'react-router-dom', ], matchUpdateTypes: ['major'], - enabled: false, + "dependencyDashboardApproval": true }, { - // Ignore major version bumps for these Ruby packages + // Require Dependency Dashboard Approval for major version bumps of these Ruby packages matchManagers: ['bundler'], matchPackageNames: [ 'rack', // Needs to be synced with Rails version @@ -55,7 +56,7 @@ 'redis', // Requires manual upgrade and sync with Sidekiq version ], matchUpdateTypes: ['major'], - enabled: false, + "dependencyDashboardApproval": true }, { // Update Github Actions and Docker images weekly @@ -63,25 +64,25 @@ extends: ['schedule:weekly'], }, { - // Ignore major & minor bumps for the ruby image, this needs to be synced with .ruby-version + // Require Dependency Dashboard Approval for major & minor bumps for the ruby image, this needs to be synced with .ruby-version matchManagers: ['dockerfile'], matchPackageNames: ['moritzheiber/ruby-jemalloc'], matchUpdateTypes: ['minor', 'major'], - enabled: false, + "dependencyDashboardApproval": true }, { - // Ignore major bump for the node image, this needs to be synced with .nvmrc + // Require Dependency Dashboard Approval for major bumps for the node image, this needs to be synced with .nvmrc matchManagers: ['dockerfile'], matchPackageNames: ['node'], matchUpdateTypes: ['major'], - enabled: false, + "dependencyDashboardApproval": true }, { - // Ignore major postgres bumps in the docker-compose file, as those break dev environments + // Require Dependency Dashboard Approval for major postgres bumps in the docker-compose file, as those break dev environments matchManagers: ['docker-compose'], matchPackageNames: ['postgres'], matchUpdateTypes: ['major'], - enabled: false, + "dependencyDashboardApproval": true }, { // Update devDependencies every week, with one grouped PR