mirror of
https://github.com/usnistgov/macos_security.git
synced 2026-02-03 14:03:24 +00:00
56f04dc966
- Moved rules with perminent, n_a, inherent, manual into their own folders - Refactored document generation templates to be more centralized instead of handleing individual folders for markdown and adoc - Fixed bug that caused various $OVD fields to not be replaced with the correct variable - Add Debug switch to all subcommands - Combine Jinja templates for adoc and markdown and split only when needed - Combine generate_asciidoc_documents and generate_markdown_documents into generate_documents - Refactor asciidoc_to_markdown to include additonal tags for combining generate_documents and Jinja Templates
135 lines
4.5 KiB
Plaintext
135 lines
4.5 KiB
Plaintext
{
|
|
$schema: "https://docs.renovatebot.com/renovate-schema.json",
|
|
commitBodyTable: true,
|
|
dependencyDashboard: true,
|
|
dependencyDashboardTitle: "Renovate Dashboard",
|
|
onboarding: false,
|
|
rebaseWhen: "conflicted",
|
|
requireConfig: "ignored",
|
|
semanticCommits: "enabled",
|
|
schedule: ["every weekend"],
|
|
suppressNotifications: ["prEditedNotification", "prIgnoreNotification"],
|
|
extends: [
|
|
"config:recommended",
|
|
":automergeBranch",
|
|
":dependencyDashboard",
|
|
":disableRateLimiting",
|
|
":semanticCommits",
|
|
":separatePatchReleases",
|
|
],
|
|
pip_requirements: {
|
|
fileMatch: ["(^|/)[\\w-]*requirements(-\\w+)?\\.(txt|pip)(?:\\.j2)?$"],
|
|
},
|
|
bundler: {
|
|
fileMatch: ["(^|/)Gemfile$"],
|
|
versioning: "ruby",
|
|
},
|
|
ignorePaths: ["**/archive/**"],
|
|
packageRules: [
|
|
{
|
|
description: ["Auto-merge GitHub Actions for minor and patch"],
|
|
matchManagers: ["github-actions"],
|
|
automerge: true,
|
|
automergeType: "branch",
|
|
ignoreTests: true,
|
|
matchUpdateTypes: ["minor", "patch"],
|
|
},
|
|
{
|
|
description: ["Pin exact package versions"],
|
|
matchPackageNames: ["pip-tools"],
|
|
versioning: "pip-tools",
|
|
enabled: false,
|
|
},
|
|
{
|
|
matchDatasources: ["github-releases", "github-tags"],
|
|
matchUpdateTypes: ["major"],
|
|
commitMessagePrefix: "feat(github-release)!: ",
|
|
commitMessageTopic: "{{depName}}",
|
|
commitMessageExtra: "( {{currentVersion}} → {{newVersion}} )",
|
|
},
|
|
{
|
|
matchDatasources: ["github-releases", "github-tags"],
|
|
matchUpdateTypes: ["minor"],
|
|
semanticCommitType: "feat",
|
|
semanticCommitScope: "github-release",
|
|
commitMessageTopic: "{{depName}}",
|
|
commitMessageExtra: "( {{currentVersion}} → {{newVersion}} )",
|
|
},
|
|
{
|
|
matchDatasources: ["github-releases", "github-tags"],
|
|
matchUpdateTypes: ["patch"],
|
|
semanticCommitType: "fix",
|
|
semanticCommitScope: "github-release",
|
|
commitMessageTopic: "{{depName}}",
|
|
commitMessageExtra: "( {{currentVersion}} → {{newVersion}} )",
|
|
},
|
|
{
|
|
matchManagers: ["github-actions"],
|
|
matchUpdateTypes: ["major"],
|
|
commitMessagePrefix: "feat(github-action)!: ",
|
|
commitMessageTopic: "{{depName}}",
|
|
commitMessageExtra: "( {{currentVersion}} → {{newVersion}} )",
|
|
},
|
|
{
|
|
matchManagers: ["github-actions"],
|
|
matchUpdateTypes: ["minor"],
|
|
semanticCommitType: "feat",
|
|
semanticCommitScope: "github-action",
|
|
commitMessageTopic: "{{depName}}",
|
|
commitMessageExtra: "( {{currentVersion}} → {{newVersion}} )",
|
|
},
|
|
{
|
|
matchManagers: ["github-actions"],
|
|
matchUpdateTypes: ["patch"],
|
|
semanticCommitType: "fix",
|
|
semanticCommitScope: "github-action",
|
|
commitMessageTopic: "{{depName}}",
|
|
commitMessageExtra: "( {{currentVersion}} → {{newVersion}} )",
|
|
},
|
|
{
|
|
matchUpdateTypes: ["major"],
|
|
labels: ["type/major"],
|
|
},
|
|
{
|
|
matchUpdateTypes: ["minor"],
|
|
labels: ["type/minor"],
|
|
},
|
|
{
|
|
matchUpdateTypes: ["patch"],
|
|
labels: ["type/patch"],
|
|
},
|
|
{
|
|
matchDatasources: ["github-releases", "github-tags"],
|
|
addLabels: ["renovate/github-release"],
|
|
},
|
|
{
|
|
matchManagers: ["github-actions"],
|
|
addLabels: ["renovate/github-action"],
|
|
},
|
|
],
|
|
customManagers: [
|
|
{
|
|
description: "Process annotated dependencies",
|
|
customType: "regex",
|
|
managerFilePatterns: [
|
|
"/(^|/).+\\.env(?:\\.j2)?$/",
|
|
"/(^|/).+\\.sh(?:\\.j2)?$/",
|
|
"/(^|/).+\\.ya?ml(?:\\.j2)?$/",
|
|
],
|
|
matchStrings: [
|
|
// # renovate: datasource=github-releases depName=k3s-io/k3s
|
|
// k3s_release_version: &version v1.29.0+k3s1
|
|
// # renovate: datasource=helm depName=cilium repository=https://helm.cilium.io
|
|
// version: 1.15.1
|
|
// # renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet
|
|
// KUBERNETES_VERSION=v1.31.1
|
|
"datasource=(?<datasource>\\S+) depName=(?<depName>\\S+)( repository=(?<registryUrl>\\S+))?\\n.+(:\\s|=)(&\\S+\\s)?(?<currentValue>\\S+)",
|
|
// # renovate: datasource=docker depName=ghcr.io/prometheus-operator/prometheus-operator
|
|
// https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
|
|
"datasource=(?<datasource>\\S+) depName=(?<depName>\\S+)\\n.+/(?<currentValue>(v|\\d)[^/]+)",
|
|
],
|
|
datasourceTemplate: "{{#if datasource}}{{{datasource}}}{{else}}github-releases{{/if}}",
|
|
},
|
|
],
|
|
}
|