Skip to content

Configure Renovate #26

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Configure Renovate #26

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Aug 6, 2025

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

Detected Package Files

  • Dockerfile (dockerfile)
  • Dockerfile.static (dockerfile)
  • .github/workflows/build-binary-signed-ghat-malicious.yml (github-actions)
  • .github/workflows/build-binary-signed-ghat.yml (github-actions)
  • .github/workflows/build-binary-unsigned.yml (github-actions)
  • .github/workflows/build-image-signed-cosign-malicious.yml (github-actions)
  • .github/workflows/build-image-signed-cosign-static-copied.yml (github-actions)
  • .github/workflows/build-image-signed-cosign-static.yml (github-actions)
  • .github/workflows/build-image-signed-cosign.yml (github-actions)
  • .github/workflows/build-image-signed-ghat-malicious.yml (github-actions)
  • .github/workflows/build-image-signed-ghat-static-copied.yml (github-actions)
  • .github/workflows/build-image-signed-ghat-static.yml (github-actions)
  • .github/workflows/build-image-signed-ghat.yml (github-actions)
  • .github/workflows/build-image-unsigned.yml (github-actions)
  • requirements.txt (pip_requirements)

Configuration Summary

Based on the default config's presets, Renovate will:

  • Start dependency updates only once this onboarding PR is merged
  • Hopefully safe environment variables to allow users to configure.
  • Show all Merge Confidence badges for pull requests.
  • Enable Renovate Dependency Dashboard creation.
  • Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
  • Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
  • Group known monorepo packages together.
  • Use curated list of recommended non-monorepo package groupings.
  • Show only the Age and Confidence Merge Confidence badges for pull requests.
  • Apply crowd-sourced package replacement rules.
  • Apply crowd-sourced workarounds for known problems with packages.

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

What to Expect

With your current configuration, Renovate will create 11 Pull Requests:

Update actions/checkout digest to 8edcb1b
  • Schedule: ["at any time"]
  • Branch name: renovate/actions-checkout-digest
  • Merge into: main
  • Upgrade actions/checkout to 8edcb1bdb4e267140fa742c62e395cd74f332709
Update docker.io/library/python:3.8-slim Docker digest to 1d52838
  • Schedule: ["at any time"]
  • Branch name: renovate/docker.io-library-python-3.8-slim
  • Merge into: main
  • Upgrade docker.io/library/python to sha256:1d52838af602b4b5a831beb13a0e4d073280665ea7be7f69ce2382f29c5a613f
Update docker/build-push-action digest to 55146d9
  • Schedule: ["at any time"]
  • Branch name: renovate/docker-build-push-action-digest
  • Merge into: main
  • Upgrade docker/build-push-action to 55146d969b0dff1a5c12630229609757af5b1081
Update docker/login-action digest to 184bdaa
  • Schedule: ["at any time"]
  • Branch name: renovate/docker-login-action-digest
  • Merge into: main
  • Upgrade docker/login-action to 184bdaa0721073962dff0199f1fb9940f07167d1
Update docker/metadata-action digest to c1e5197
  • Schedule: ["at any time"]
  • Branch name: renovate/docker-metadata-action-digest
  • Merge into: main
  • Upgrade docker/metadata-action to c1e51972afc2121e065aed6d45c65596fe445f3f
Update docker/setup-buildx-action digest to 774224a
  • Schedule: ["at any time"]
  • Branch name: renovate/docker-setup-buildx-action-digest
  • Merge into: main
  • Upgrade docker/setup-buildx-action to 774224adf69ca8de2e87f0afc9ef26b0e4dc8072
Update actions/attest-build-provenance action to v1.4.4
Update docker.io/library/python Docker tag to v3.13
  • Schedule: ["at any time"]
  • Branch name: renovate/docker.io-library-python-3.x
  • Merge into: main
  • Upgrade docker.io/library/python to sha256:4c2cf9917bd1cbacc5e9b07320025bdb7cdf2df7b0ceaccb55e9dd7e30987419
Update python Docker tag to v3.13
  • Schedule: ["at any time"]
  • Branch name: renovate/python-3.x
  • Merge into: main
  • Upgrade python to 3.13-slim
Update sigstore/cosign-installer action to v3.9.2
  • Schedule: ["at any time"]
  • Branch name: renovate/sigstore-cosign-installer-3.x
  • Merge into: main
  • Upgrade sigstore/cosign-installer to v3.9.2
Update actions/attest-build-provenance action to v2

🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for prhourlylimit for details.

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

This PR was generated by Mend Renovate. View the repository job log.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants