|
1 | 1 | { |
2 | | - $schema: "https://docs.renovatebot.com/renovate-schema.json", |
3 | | - extends: ["mergeConfidence:all-badges", "group:monorepos"], |
| 2 | + $schema: 'https://docs.renovatebot.com/renovate-schema.json', |
| 3 | + extends: ['mergeConfidence:all-badges', 'group:monorepos'], |
4 | 4 | dependencyDashboard: true, |
5 | | - rangeStrategy: "replace", |
| 5 | + rangeStrategy: 'replace', |
6 | 6 | automerge: false, |
7 | 7 |
|
8 | 8 | // Schedule Renovate to run during off-peak hours |
9 | | - schedule: [ |
10 | | - "after 6am on Monday, Thurday, Friday", |
11 | | - "before 12pm on Monday, Thurday, Friday", |
12 | | - ], |
| 9 | + schedule: ['after 6am and before 10am on Monday, Wednesday, Friday'], |
13 | 10 |
|
14 | 11 | prConcurrentLimit: 8, |
15 | 12 | prHourlyLimit: 4, |
16 | | - timezone: "Europe/Rome", |
| 13 | + timezone: 'Europe/Rome', |
17 | 14 |
|
18 | 15 | // Commit and PR customization |
19 | | - commitBody: "See associated pull request for more information.", |
20 | | - semanticCommits: "enabled", |
21 | | - semanticCommitScope: "", |
22 | | - semanticCommitType: "build", |
23 | | - labels: ["area: build & ci", "action: merge", "target: automation"], |
| 16 | + commitBody: 'See associated pull request for more information.', |
| 17 | + semanticCommits: 'enabled', |
| 18 | + semanticCommitScope: '', |
| 19 | + semanticCommitType: 'build', |
| 20 | + labels: ['area: build & ci', 'action: merge', 'target: automation'], |
24 | 21 |
|
25 | 22 | lockFileMaintenance: { |
26 | 23 | enabled: true, |
27 | | - schedule: ["before 4am on Tuesday"], |
| 24 | + schedule: ['after 5am and on before 7am Tuesday'], |
28 | 25 | }, |
29 | 26 |
|
30 | 27 | // Feature disabled: permission to enable vulnerability alerts is not granted |
31 | | - osvVulnerabilityAlerts: true, |
32 | 28 | vulnerabilityAlerts: { |
33 | | - enabled: true, |
| 29 | + enabled: false, |
34 | 30 | }, |
35 | 31 |
|
36 | 32 | // Ignored dependencies in all repositories |
37 | 33 | ignoreDeps: [ |
38 | | - "rules_pkg", |
39 | | - "yarn", // Yarn is copied locally in all repositories where needed. |
| 34 | + 'rules_pkg', |
| 35 | + 'yarn', // Yarn is copied locally in all repositories where needed. |
40 | 36 | ], |
41 | 37 |
|
42 | 38 | packageRules: [ |
|
50 | 46 | { |
51 | 47 | postUpgradeTasks: { |
52 | 48 | commands: [ |
53 | | - "git restore .npmrc || true", // In case `.npmrc` avoid a hard error. |
54 | | - "bazel mod deps --lockfile_mode=update", |
| 49 | + 'git restore .npmrc || true', // In case `.npmrc` avoid a hard error. |
| 50 | + 'bazel mod deps --lockfile_mode=update', |
55 | 51 | ], |
56 | 52 | // This is theory should be `branch` but in some cases this is causing the command not to |
57 | 53 | // run when in the same branch there are mixtures of update types by different managers. |
58 | | - executionMode: "update", |
| 54 | + executionMode: 'update', |
59 | 55 | }, |
60 | | - matchManagers: ["bazel", "bazel-module", "bazelisk"], |
| 56 | + matchManagers: ['bazel', 'bazel-module', 'bazelisk'], |
61 | 57 | }, |
62 | 58 |
|
63 | 59 | // Rule to disable NPM updates on branches other than 'main'. |
64 | 60 | // But allow updating engines and packageManagers. |
65 | 61 | { |
66 | 62 | enabled: false, |
67 | | - matchBaseBranches: ["!main"], |
68 | | - matchDepNames: ["!node", "!pnpm", "!npm", "!yarn"], |
69 | | - matchManagers: ["npm"], |
| 63 | + matchBaseBranches: ['!main'], |
| 64 | + matchDepNames: ['!node', '!pnpm', '!npm', '!yarn'], |
| 65 | + matchManagers: ['npm'], |
70 | 66 | }, |
71 | 67 |
|
72 | 68 | // Group all non-major dependencies together for updates. |
73 | 69 | { |
74 | | - groupName: "all non-major dependencies", |
75 | | - matchDepNames: ["*", "!node", "!pnpm", "!npm", "!yarn"], |
76 | | - matchUpdateTypes: ["digest", "patch", "minor"], |
77 | | - matchManagers: ["npm"], |
| 70 | + groupName: 'all non-major dependencies', |
| 71 | + matchDepNames: ['*', '!node', '!pnpm', '!npm', '!yarn'], |
| 72 | + matchUpdateTypes: ['digest', 'patch', 'minor'], |
| 73 | + matchManagers: ['npm'], |
78 | 74 | }, |
79 | 75 |
|
80 | 76 | // ============================================================================ |
|
83 | 79 | // Delay NPM updates to mitigate dependency chain attacks by malicious actors. |
84 | 80 | // This rule only affects direct dependencies. |
85 | 81 | { |
86 | | - minimumReleaseAge: "1 day", |
87 | | - matchManagers: ["npm"], |
| 82 | + minimumReleaseAge: '1 day', |
| 83 | + matchManagers: ['npm'], |
88 | 84 | }, |
89 | 85 |
|
90 | 86 | // Group Bazel updates |
91 | 87 | { |
92 | | - groupName: "bazel dependencies", |
93 | | - matchManagers: ["bazel", "bazel-module"], |
| 88 | + groupName: 'bazel dependencies', |
| 89 | + matchManagers: ['bazel', 'bazel-module'], |
94 | 90 | }, |
95 | 91 |
|
96 | 92 | // Group GitHub Actions workflow |
97 | 93 | { |
98 | | - groupName: "all github actions", |
99 | | - matchManagers: ["github-actions"], |
| 94 | + groupName: 'all github actions', |
| 95 | + matchManagers: ['github-actions'], |
100 | 96 | }, |
101 | 97 |
|
102 | 98 | // ============================================================================ |
|
106 | 102 | // Group updates related to Angular ecosystem across repositories |
107 | 103 | { |
108 | 104 | enabled: true, // Enable NPM updates of cross-repo dependencies on all branches. |
109 | | - groupName: "cross-repo angular dependencies", |
110 | | - followTag: "next", |
| 105 | + groupName: 'cross-repo angular dependencies', |
| 106 | + followTag: 'next', |
111 | 107 | minimumReleaseAge: null, |
112 | 108 | separateMajorMinor: false, |
113 | | - // schedule: ["* 0-22/2 * * *"], // Every minute, every 2 hours |
| 109 | + schedule: ['* 0-22/2 * * *'], // Every minute, every 2 hours |
114 | 110 | matchPackageNames: [ |
115 | | - "@angular-devkit/**", |
116 | | - "@angular/**", |
117 | | - "@schematics/**", |
118 | | - "angular/**", |
119 | | - "ng-packagr", |
| 111 | + '@angular-devkit/**', |
| 112 | + '@angular/**', |
| 113 | + '@schematics/**', |
| 114 | + 'angular/**', |
| 115 | + 'ng-packagr', |
120 | 116 | ], |
121 | 117 | }, |
122 | 118 |
|
123 | 119 | // @angular/benchpress is not released as 'next' |
124 | 120 | { |
125 | 121 | followTag: null, |
126 | | - matchDepNames: ["@angular/benchpress"], |
| 122 | + matchDepNames: ['@angular/benchpress'], |
127 | 123 | }, |
128 | 124 |
|
129 | 125 | // Disable 'next' tag tracking on non-main branches |
130 | 126 | { |
131 | | - matchBaseBranches: ["!main"], |
| 127 | + matchBaseBranches: ['!main'], |
132 | 128 | followTag: null, |
133 | 129 | }, |
134 | 130 |
|
135 | 131 | // Keep minor and patch updates separate for TypeScript |
136 | 132 | { |
137 | | - matchDepNames: ["typescript"], |
| 133 | + matchDepNames: ['typescript'], |
138 | 134 | separateMinorPatch: true, |
139 | 135 | }, |
140 | 136 |
|
141 | 137 | // Group TypeScript-related packages |
142 | 138 | { |
143 | | - groupName: "typescript dependencies", |
144 | | - matchDepNames: ["typescript", "tslib"], |
| 139 | + groupName: 'typescript dependencies', |
| 140 | + matchDepNames: ['typescript', 'tslib'], |
145 | 141 | }, |
146 | 142 |
|
147 | 143 | // Limit how many times these packages get updated (They deploy each merged PR) |
148 | 144 | { |
149 | 145 | matchDepNames: [ |
150 | | - "github/codeql-action", |
151 | | - "google-closure-compiler", |
152 | | - "quicktype-core", |
153 | | - "renovate", |
| 146 | + 'github/codeql-action', |
| 147 | + 'google-closure-compiler', |
| 148 | + 'quicktype-core', |
| 149 | + 'renovate', |
154 | 150 | ], |
155 | | - schedule: ["on sunday and wednesday"], |
| 151 | + schedule: ['after 6am and before 10am on Wednesday'], |
156 | 152 | }, |
157 | 153 |
|
158 | 154 | // ============================================================================ |
|
162 | 158 | // Disable updates for placeholder or 0.0.0-style versions |
163 | 159 | { |
164 | 160 | enabled: false, |
165 | | - matchCurrentVersion: "/^[~^]?0\\.0\\.0-/", |
| 161 | + matchCurrentVersion: '/^[~^]?0\\.0\\.0-/', |
166 | 162 | }, |
167 | 163 |
|
168 | 164 | // Disable major updates for specified dependencies |
169 | 165 | { |
170 | 166 | enabled: false, |
171 | 167 | matchDepNames: [ |
172 | | - "@types/node", |
173 | | - "node", |
174 | | - "bazel", // bazelisk bazel version |
175 | | - "npm", |
176 | | - "rxjs", |
177 | | - "tslib", |
178 | | - "yarn", |
| 168 | + '@types/node', |
| 169 | + 'node', |
| 170 | + 'bazel', // bazelisk bazel version |
| 171 | + 'npm', |
| 172 | + 'rxjs', |
| 173 | + 'tslib', |
| 174 | + 'yarn', |
179 | 175 | ], |
180 | | - matchUpdateTypes: ["major"], |
| 176 | + matchUpdateTypes: ['major'], |
181 | 177 | }, |
182 | 178 |
|
183 | 179 | // Disable TypeScript major and minor updates |
184 | 180 | { |
185 | 181 | enabled: false, |
186 | | - matchDepNames: ["typescript"], |
187 | | - matchUpdateTypes: ["major", "minor"], |
| 182 | + matchDepNames: ['typescript'], |
| 183 | + matchUpdateTypes: ['major', 'minor'], |
188 | 184 | }, |
189 | 185 |
|
190 | 186 | // Rule to disable major updates on branches other than 'main'. |
191 | 187 | { |
192 | 188 | enabled: false, |
193 | | - matchBaseBranches: ["!main"], |
194 | | - matchUpdateTypes: ["major"], |
| 189 | + matchBaseBranches: ['!main'], |
| 190 | + matchUpdateTypes: ['major'], |
195 | 191 | }, |
196 | 192 |
|
197 | 193 | // TODO(alanagius): delete the below rule once RC branch is `21.0.x` |
198 | 194 | // Temporary disable updates of `rules_angular` on non main branches due to the APF breaking change |
199 | 195 | // See: https://github.com/devversion/rules_angular/pull/63 |
200 | 196 | { |
201 | 197 | enabled: false, |
202 | | - matchBaseBranches: ["!main"], |
203 | | - matchDepNames: ["rules_angular"], |
| 198 | + matchBaseBranches: ['!main'], |
| 199 | + matchDepNames: ['rules_angular'], |
204 | 200 | }, |
205 | 201 | ], |
206 | 202 | } |
0 commit comments