feat(renovate): onboard Renovate with fleet-standard config#152
feat(renovate): onboard Renovate with fleet-standard config#152williaby wants to merge 1 commit into
Conversation
Add a fleet-standard renovate.json modeled on williaby/image-generation, adapted to this repo's actual manifests. enabledManagers covers poetry and pip_requirements (Python: pyproject [tool.poetry] + poetry.lock and the exported requirements.txt), dockerfile (Dockerfile), github-actions, and pre-commit. Add a !renovate.json negation to .gitignore so the config is tracked despite the blanket *.json security-artifact ignore. SKIP=semgrep,vulture: both are pass_filenames:false Nox hooks that fail on a pre-existing private-source (assured-oss) auth error unrelated to this change; reproduced identically on clean origin/main.
|
Warning Review limit reached
More reviews will be available in 18 minutes and 21 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Pull request overview
This PR onboards Renovate to the repository by adding a fleet-standard renovate.json configuration and adjusting .gitignore so the Renovate config is tracked despite a blanket *.json ignore.
Changes:
- Add a Renovate configuration (
renovate.json) with scheduling, grouping/automerge rules, enabled managers, and vulnerability alert settings. - Update
.gitignoreto ensurerenovate.jsonis not ignored by the existing*.jsonrule.
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| renovate.json | Introduces Renovate onboarding configuration (managers, scheduling, packageRules, vulnerability settings). |
| .gitignore | Re-includes renovate.json so Renovate config can be committed even with *.json ignored. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "osvVulnerabilityAlerts": true, | ||
| "transitiveRemediation": true |
Summary
Onboards Renovate to this repo with a fleet-standard config modeled on the sibling williaby/image-generation renovate.json (same schema, extends/presets, scheduling, labels, packageRules shape, and vulnerability settings).
enabledManagers (verified against actual manifests)
poetryandpip_requirements— Python deps: pyproject.toml[tool.poetry]+ poetry.lock, plus the exported requirements.txtdockerfile— Dockerfile (FROM python:3.11-slim)github-actions— .github/workflows/pre-commit— .pre-commit-config.yamldocker-compose.yml uses only
build: .(no pinnableimage:refs), so the docker-compose manager is intentionally omitted. Noopen-pull-requests-limit: this is real PR-opening Renovate config (usesprConcurrentLimit: 5per the fleet sibling)..gitignore change
A blanket
*.jsonignore was hiding renovate.json; added a!renovate.jsonnegation so the config is tracked while the security-artifact ignore stays intact.Validation
renovate-config-validator(via npx renovate): Config validated successfully. The validator notestransitiveRemediationis deprecated in the current schema; retained for parity with the fleet sibling (informational, not an error).Notes
semgrepandvulturepre-commit hooks (bothpass_filenames: falsefull-tree Nox sessions) fail on a private-source (assured-oss / us-python.pkg.dev) authorization error, reproduced identically on clean origin/main. Skipped viaSKIP=for this commit; not related to this change. All file-scoped hooks passed.Generated with Claude Code