From d582cdb41cdeb21f15682333ca3afe5e0f45b507 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guillaume=20Desv=C3=A9?= Date: Tue, 17 Sep 2024 16:06:57 +0200 Subject: [PATCH] Add renovate, dependabot configurations --- .github/dependabot.yml | 21 +++++++++++++++++++++ .github/renovate.json | 26 ++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/renovate.json diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..9b17f77 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,21 @@ +# This file is only used for vulnerability alerts for NPM, not for automatic updates. +# Renovate has trouble patching NPM lockfile-only vulnerabilities. + +version: 2 + +updates: + - package-ecosystem: npm + directory: / + schedule: + interval: monthly + open-pull-requests-limit: 0 # only allow vulnerabilities + groups: + npm-vulnerabilities: + applies-to: security-updates + patterns: + - "*" + labels: + - "type: security" + reviewers: + - alma/squad-e-commerce-integrations + - alma/it-and-security-operation diff --git a/.github/renovate.json b/.github/renovate.json new file mode 100644 index 0000000..63d7e0d --- /dev/null +++ b/.github/renovate.json @@ -0,0 +1,26 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "prHourlyLimit": 20, + "prConcurrentLimit": 20, + "recreateWhen": "always", + "enabledManagers": ["github-actions", "nvm", "npm"], + "reviewers": ["team:squad-e-commerce-integrations"], + "extends": [ + "github>alma/renovate:github-actions", + "github>alma/renovate:confidence-badges", + "github>alma/renovate:vulnerabilities" + ], + "separateMinorPatch": true, + "packageRules": [ + { + "matchManagers": ["npm"], + "groupName": "NPM dependencies", + "reviewers": ["team:squad-e-commerce-integrations"] + }, + { + "matchManagers": ["npm"], + "matchUpdateTypes": ["major"], + "enabled": false + } + ] +}