Feature/renovate bot (jahwag#90)

### PR: Add Renovate Configuration for Automated Dependency Management #### Summary This pull request introduces a Renovate configuration to automate dependency updates for this repository. With Renovate, we aim to keep our dependencies up-to-date, improve security by addressing potential vulnerabilities quickly, and maintain compatibility with the latest versions of libraries. #### Details - **Renovate Configuration**: - Enables updates for `pip` requirements files (e.g., `requirements.txt`). - Groups non-major updates to reduce PR noise. - Schedules updates outside of regular working hours to minimize disruptions. - Optionally includes GitHub Actions updates to keep workflows current. - **Key Features**: - **Automated Dependency Updates**: Renovate will check for updates regularly and create pull requests for any available updates. - **Security**: Reduces the risk of vulnerabilities in outdated dependencies. - **Compatibility and Stability**: Maintains compatibility with updated libraries and improves code stability over time. #### How It Works 1. Renovate will open pull requests for dependency updates according to the rules defined in the `renovate.json` file. 2. Each PR will be labeled and grouped as per the configuration, allowing us to review, test, and merge updates efficiently. #### Next Steps Once merged, Renovate will begin creating PRs for available dependency updates according to the configured schedule and rules. We can monitor and review these updates through the GitHub dashboard and merge them as appropriate. --- Please review and let me know if any adjustments are needed to the configuration before we merge this. Closes jahwag#89
pressdarling · Dec 1, 2024 · 598d302 · 598d302
1 parent d1badd5
commit 598d302
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 0 deletions.
diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml
@@ -0,0 +1,19 @@
+name: Renovate
+
+on:
+  schedule:
+    - cron: '0 3 * * *'  # Runs daily at 3 AM UTC
+  workflow_dispatch:
+
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Run Renovate
+        uses: renovatebot/github-action@v36
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/renovate.json b/renovate.json
@@ -0,0 +1,24 @@
+{
+  "extends": ["config:base"],
+  "pip_requirements": {
+    "enabled": true
+  },
+  "packageRules": [
+    {
+      "matchManagers": ["pip_requirements"],
+      "matchUpdateTypes": ["minor", "patch"],
+      "groupName": "All non-major Python updates"
+    },
+    {
+      "matchManagers": ["github-actions"],
+      "groupName": "GitHub Actions updates"
+    }
+  ],
+  "automerge": false,
+  "timezone": "UTC",
+  "schedule": ["after 10pm and before 5am"],
+  "labels": ["dependencies", "renovate"],
+  "dependencyDashboard": true,
+  "prHourlyLimit": 5,
+  "prConcurrentLimit": 10
+}