From 2c24d9338979de9ff59c2986fc63f12de855919d Mon Sep 17 00:00:00 2001
From: Joe Corall <joe@libops.io>
Date: Wed, 18 Dec 2024 13:37:50 -0500
Subject: [PATCH] Add renovate

---
 .github/workflows/validate-renovate.yml | 21 ++++++++
 renovate.json5                          | 67 +++++++++++++++++++++++++
 2 files changed, 88 insertions(+)
 create mode 100644 .github/workflows/validate-renovate.yml
 create mode 100644 renovate.json5

diff --git a/.github/workflows/validate-renovate.yml b/.github/workflows/validate-renovate.yml
new file mode 100644
index 0000000..81aeece
--- /dev/null
+++ b/.github/workflows/validate-renovate.yml
@@ -0,0 +1,21 @@
+name: validate renovate.json5
+
+on:
+  pull_request:
+
+env:
+  LOG_LEVEL: debug
+
+jobs:
+  renovate-config-validator:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+
+      - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4
+        with:
+          node-version: 20
+
+      - run: npx -p renovate renovate-config-validator renovate.json5
diff --git a/renovate.json5 b/renovate.json5
new file mode 100644
index 0000000..6f2a47b
--- /dev/null
+++ b/renovate.json5
@@ -0,0 +1,67 @@
+{
+  extends: [
+    'config:best-practices',
+    ':rebaseStalePrs',
+    'customManagers:dockerfileVersions',
+  ],
+  packageRules: [
+    {
+      matchUpdateTypes: [
+        'minor',
+        'patch',
+        'digest',
+      ],
+      groupName: 'all non-major dependencies',
+      schedule: [
+        'after 10pm on Friday',
+      ],
+      matchPackageNames: [
+        '*',
+      ],
+    },
+    {
+      matchManagers: [
+        'gomod',
+      ],
+      postUpdateOptions: [
+        'gomodTidy',
+      ],
+      groupName: 'gomod updates',
+    },
+    {
+      matchManagers: [
+        'dockerfile',
+      ],
+      groupName: 'Dockerfile updates',
+    },
+    {
+      matchManagers: [
+        'github-actions',
+      ],
+      groupName: 'GitHub Actions updates',
+      schedule: [
+        'after 10pm on Friday',
+      ],
+    },
+    {
+      matchUpdateTypes: [
+        'major',
+      ],
+      groupName: 'all major updates',
+      schedule: [
+        'after 10pm on the first day of the month',
+      ],
+      matchPackageNames: [
+        '*',
+      ],
+    },
+  ],
+  labels: [
+    'dependencies',
+  ],
+  osvVulnerabilityAlerts: true,
+  dependencyDashboardOSVVulnerabilitySummary: 'unresolved',
+  vulnerabilityAlerts: {
+    enabled: true,
+  },
+}
\ No newline at end of file