Skip to content

Commit

Permalink
Use renovate for dependency updates (#1054)
Browse files Browse the repository at this point in the history 
1. Disable dependabot for normal dependency updates. Note the dependabot PRs will need to be manually closed, and the "security" dependabot PRs will continue.

2. Use renovateapp instead.

The renovate configuration included here is based on that from ads-serve, and:

a. waits for updates to have been published for 4 days before raising a PR - this both reduces churn and also avoids the 3 day period where npm-published entries can be "unpublished"
b. combines all minor and patch updates into a single PR
  • Loading branch information
@tackley
tackley authored Jun 26, 2023
1 parent b557d22 commit 023ebe3
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 12 deletions.
12 changes: 0 additions & 12 deletions .github/dependabot.yml
View file

This file was deleted.

18 changes: 18 additions & 0 deletions renovate.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{
"extends": ["config:js-app", ":semanticCommitsDisabled"],
"labels": ["dependencies"],
"postUpdateOptions": ["npmDedupe"],
"packageRules": [
{
"matchDatasources": ["npm"],
"minimumReleaseAge": "4 days"
},
{
"groupName": "all non-major dependencies",
"groupSlug": "all-minor-patch",
"matchPackagePatterns": ["*"],
"matchUpdateTypes": ["minor", "patch"],
"matchDatasources": ["npm"]
}
]
}

0 comments on commit 023ebe3

Please sign in to comment.