Skip to content

Configure Renovate #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Configure Renovate #8

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Aug 6, 2025

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

Detected Package Files

  • Dockerfile (dockerfile)
  • Dockerfile.static (dockerfile)
  • .github/workflows/build-binary-signed-ghat-malicious.yml (github-actions)
  • .github/workflows/build-binary-signed-ghat.yml (github-actions)
  • .github/workflows/build-binary-unsigned.yml (github-actions)
  • .github/workflows/build-image-signed-cosign-malicious.yml (github-actions)
  • .github/workflows/build-image-signed-cosign-static-copied.yml (github-actions)
  • .github/workflows/build-image-signed-cosign-static.yml (github-actions)
  • .github/workflows/build-image-signed-cosign.yml (github-actions)
  • .github/workflows/build-image-signed-ghat-malicious.yml (github-actions)
  • .github/workflows/build-image-signed-ghat-static-copied.yml (github-actions)
  • .github/workflows/build-image-signed-ghat-static.yml (github-actions)
  • .github/workflows/build-image-signed-ghat.yml (github-actions)
  • .github/workflows/build-image-unsigned.yml (github-actions)
  • .github/workflows/main.yml (github-actions)

Configuration Summary

Based on the default config's presets, Renovate will:

  • Start dependency updates only once this onboarding PR is merged
  • Hopefully safe environment variables to allow users to configure.
  • Show all Merge Confidence badges for pull requests.
  • Enable Renovate Dependency Dashboard creation.
  • Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
  • Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
  • Group known monorepo packages together.
  • Use curated list of recommended non-monorepo package groupings.
  • Show only the Age and Confidence Merge Confidence badges for pull requests.
  • Apply crowd-sourced package replacement rules.
  • Apply crowd-sourced workarounds for known problems with packages.

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

What to Expect

With your current configuration, Renovate will create 11 Pull Requests:

Update actions/checkout digest to 8edcb1b
  • Schedule: ["at any time"]
  • Branch name: renovate/actions-checkout-digest
  • Merge into: main
  • Upgrade actions/checkout to 8edcb1bdb4e267140fa742c62e395cd74f332709
Update docker/build-push-action digest to 55146d9
  • Schedule: ["at any time"]
  • Branch name: renovate/docker-build-push-action-digest
  • Merge into: main
  • Upgrade docker/build-push-action to 55146d969b0dff1a5c12630229609757af5b1081
Update docker/login-action digest to 184bdaa
  • Schedule: ["at any time"]
  • Branch name: renovate/docker-login-action-digest
  • Merge into: main
  • Upgrade docker/login-action to 184bdaa0721073962dff0199f1fb9940f07167d1
Update docker/metadata-action digest to c1e5197
  • Schedule: ["at any time"]
  • Branch name: renovate/docker-metadata-action-digest
  • Merge into: main
  • Upgrade docker/metadata-action to c1e51972afc2121e065aed6d45c65596fe445f3f
Update docker/setup-buildx-action digest to 774224a
  • Schedule: ["at any time"]
  • Branch name: renovate/docker-setup-buildx-action-digest
  • Merge into: main
  • Upgrade docker/setup-buildx-action to 774224adf69ca8de2e87f0afc9ef26b0e4dc8072
Update actions/attest-build-provenance action to v1.4.4
Update docker.io/library/rust Docker tag to v1.88
  • Schedule: ["at any time"]
  • Branch name: renovate/docker.io-library-rust-1.x
  • Merge into: main
  • Upgrade docker.io/library/rust to sha256:af306cfa71d987911a781c37b59d7d67d934f49684058f96cf72079c3626bfe0
Update rust Docker tag to v1.88
  • Schedule: ["at any time"]
  • Branch name: renovate/rust-1.x
  • Merge into: main
  • Upgrade rust to 1.88
Update sigstore/cosign-installer action to v3.9.2
  • Schedule: ["at any time"]
  • Branch name: renovate/sigstore-cosign-installer-3.x
  • Merge into: main
  • Upgrade sigstore/cosign-installer to v3.9.2
Update actions/attest-build-provenance action to v2
Update actions/checkout action to v4
  • Schedule: ["at any time"]
  • Branch name: renovate/actions-checkout-4.x
  • Merge into: main
  • Upgrade actions/checkout to v4

🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for prhourlylimit for details.

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

This PR was generated by Mend Renovate. View the repository job log.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants