[WIP] Add regexManager for detecting pip install pins in workflows

[Copilot]

• Understand the current renovate.json configuration and workflow files
• Update renovate.json to add regexManagers for detecting pip install patterns in workflow files
• Validate the regex patterns match the pip install commands in pull-requests.yml
• Test the renovate.json syntax is valid JSON
• Complete implementation

Original prompt

Problem: Renovate is not picking up ansible and ansible-lint pinned versions in the PR test job because those pins are inside workflow run steps (pip install ...) and not in a standard dependency file. We want Renovate to automatically detect and update these inline pip install pins inside .github/workflows/*.yml files.

Goal: Add a regexManager to renovate.json that scans workflow YAML files for pip install package==version patterns and configures Renovate to treat those as PyPI dependencies so it can open PRs updating the pinned versions.

Files to change:

• renovate.json (update to include regexManagers for workflow files)

Proposed change (new renovate.json content):

{
  "extends": [
    "config:recommended"
  ],
  "regexManagers": [
    {
      "fileMatch": ["^\\.github\\/workflows\\/.*\\.ya?ml$"],
      "matchStrings": [
        "(?:pip(?:3)? install)\\s+([^=\\s]+)==(?<currentValue>\\d+(?:\\.\\d+){0,})"
      ],
      "datasourceTemplate": "pypi",
      "depNameTemplate": "$1"
    },
    {
      "fileMatch": ["^\\.github\\/workflows\\/.*\\.ya?ml$"],
      "matchStrings": [
        "(?:pip(?:3)? install)\\s+-r\\s+([^\\s]+)"
      ],
      "datasourceTemplate": "file",
      "depNameTemplate": "$1"
    }
  ]
}

Notes and rationale:

• The first regexManager scans workflow YAML files for pip install == and maps the captured package name to a PyPI datasource so Renovate can lookup new versions and create PRs.
• fileMatch restricts scanning to .github/workflows YAML files to avoid false positives elsewhere.
• The second regexManager is a helper to detect pip install -r requirements.txt style calls; it uses the file datasource so Renovate will then parse that requirements file with the built-in pip manager if present.
• This keeps dependencies inline while enabling Renovate to update them. Alternatively moving deps to requirements.txt remains an option for future cleanup.

Acceptance criteria:

• renovate.json is updated on a new branch and a pull request is opened.
• Renovate runs subsequently and creates PRs to update pinned PyPI packages found in workflows (e.g. ansible and ansible-lint). If Renovate does not auto-run immediately, maintainers can trigger a run or wait for the next scheduled run.

Please create a branch and open a pull request implementing the change above in repository netbootxyz/netboot.xyz. Do not change other files.

This pull request was created as a result of the following prompt from Copilot chat.

Problem: Renovate is not picking up ansible and ansible-lint pinned versions in the PR test job because those pins are inside workflow run steps (pip install ...) and not in a standard dependency file. We want Renovate to automatically detect and update these inline pip install pins inside .github/workflows/*.yml files.

Goal: Add a regexManager to renovate.json that scans workflow YAML files for pip install package==version patterns and configures Renovate to treat those as PyPI dependencies so it can open PRs updating the pinned versions.

Files to change:

• renovate.json (update to include regexManagers for workflow files)

Proposed change (new renovate.json content):

{
  "extends": [
    "config:recommended"
  ],
  "regexManagers": [
    {
      "fileMatch": ["^\\.github\\/workflows\\/.*\\.ya?ml$"],
      "matchStrings": [
        "(?:pip(?:3)? install)\\s+([^=\\s]+)==(?<currentValue>\\d+(?:\\.\\d+){0,})"
      ],
      "datasourceTemplate": "pypi",
      "depNameTemplate": "$1"
    },
    {
      "fileMatch": ["^\\.github\\/workflows\\/.*\\.ya?ml$"],
      "matchStrings": [
        "(?:pip(?:3)? install)\\s+-r\\s+([^\\s]+)"
      ],
      "datasourceTemplate": "file",
      "depNameTemplate": "$1"
    }
  ]
}

Notes and rationale:

• The first regexManager scans workflow YAML files for pip install == and maps the captured package name to a PyPI datasource so Renovate can lookup new versions and create PRs.
• fileMatch restricts scanning to .github/workflows YAML files to avoid false positives elsewhere.
• The second regexManager is a helper to detect pip install -r requirements.txt style calls; it uses the file datasource so Renovate will then parse that requirements file with the built-in pip manager if present.
• This keeps dependencies inline while enabling Renovate to update them. Alternatively moving deps to requirements.txt remains an option for future cleanup.

Acceptance criteria:

• renovate.json is updated on a new branch and a pull request is opened.
• Renovate runs subsequently and creates PRs to update pinned PyPI packages found in workflows (e.g. ansible and ansible-lint). If Renovate does not auto-run immediately, maintainers can trigger a run or wait for the next scheduled run.

Please create a branch and open a pull request implementing the change above in repository netbootxyz/netboot.xyz. Do not change other files.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.