default.template.json5

{
  "extends": [
    // Default base configuration for all languages.
    // https://docs.renovatebot.com/presets-config/#configrecommended
    "config:recommended",
    // Group various lint packages together.                                  | https://docs.renovatebot.com/presets-group/#grouplinters
    "group:linters",
    // Pin GitHub Action digests.                                             | https://docs.renovatebot.com/presets-helpers/#helperspingithubactiondigests
    "helpers:pinGitHubActionDigests",
    // Upgrade Minor and Major Docker tags to newer versions.                 | https://docs.renovatebot.com/presets-preview/#previewdockerversions
    "preview:dockerVersions",
    // Pin Docker digests.                                                    | https://docs.renovatebot.com/presets-docker/#dockerpindigests
    "docker:pinDigests",
    // Enable Docker Compose image updating.                                  | https://docs.renovatebot.com/presets-preview/#previewdockercompose
    "preview:dockerCompose",
    // Separate each Major version of dependencies into individual PRs.       | https://docs.renovatebot.com/presets-default/#separatemultiplemajorreleases
    ":separateMultipleMajorReleases",
    // Upgrade to unstable versions only if the existing version is unstable. | https://docs.renovatebot.com/presets-default/#ignoreunstable
    ":ignoreUnstable",
    // Use semantic prefixes for commit messages and PR titles.               | https://docs.renovatebot.com/presets-default/#semanticcommits
    ":semanticCommits",
    // If Renovate detects semantic commits, it will use semantic
    // commit type `fix` for dependencies and `chore` for all others.         | https://docs.renovatebot.com/presets-default/#semanticprefixfixdepschoreothers
    ":semanticPrefixFixDepsChoreOthers",
    // Update `_VERSION` variables in Dockerfiles.                            | https://docs.renovatebot.com/presets-customManagers/#custommanagersdockerfileversions
    "customManagers:dockerfileVersions",
    // Update `_VERSION` environment variables in GitHub Action files.        | https://docs.renovatebot.com/presets-customManagers/#custommanagersgithubactionsversions
    "customManagers:githubActionsVersions",
    // Show OpenSSF badge on pull requests.                                   | https://docs.renovatebot.com/presets-security/#securityopenssf-scorecard
    "security:openssf-scorecard"
  ],

  // Dependency Dashboard issue customization.                                | https://docs.renovatebot.com/configuration-options/#dependencydashboard
  "dependencyDashboardTitle": "Renovate Dependency Dashboard",
  "dependencyDashboardLabels": ["auto-update"],
  "dependencyDashboardHeader": "This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.<br>Main configs and useful links are located in [SpotOnInc/renovate-config](https://github.com/SpotOnInc/renovate-config); Renovate logs for debug [here](https://developer.mend.io/{{platform}}/{{repository}}).",
  // Wait at least 3 days for possible fixes before creating a branch/PR.     | https://docs.renovatebot.com/configuration-options/#minimumreleaseage
  "minimumReleaseAge": "3 days",
  // Create PRs to roll back versions
  // if the current version is not found in the registry.                     | https://docs.renovatebot.com/configuration-options/#rollbackprs
  "rollbackPrs": true,
  // All matched addLabels strings will be attached to the PR.                | https://docs.renovatebot.com/configuration-options/#addlabels
  "addLabels": ["auto-update"],
  // Sometimes you need to change your Renovate configuration.
  // To help with this, Renovate will create config migration pull requests.  | https://docs.renovatebot.com/configuration-options/#configmigration
  "configMigration": true,
  // Renovate will wait until status checks have been completed
  // (passed or failed) before raising the PR."                               | https://docs.renovatebot.com/configuration-options/#prcreation
  "prCreation": "not-pending",

  "vulnerabilityAlerts": {
    "description": "Be sure that the Dependency graph and Dependabot alerts are enabled for the repo. Details: https://docs.renovatebot.com/configuration-options/#vulnerabilityalerts",
    "enabled": true,
    // Append `security` label.
    "addLabels": ["security"]
  },
  // Use vulnerability alerts from https://osv.dev                            | https://docs.renovatebot.com/configuration-options/#osvvulnerabilityalerts
  "osvVulnerabilityAlerts": true,
  // Terraform manager custom settings                                        | https://docs.renovatebot.com/modules/manager/terraform/
  "terraform": {
    "ignorePaths": ["**/context.tf"], // Cloud Posse managed
    "pinDigests": true // Make versions idempotent
  },
  // In beta. Need opt-in. Details - https://docs.renovatebot.com/modules/manager/pre-commit/
  "pre-commit": {
    "enabled": true
  },
  // No files by default. Enable to all possible files                        | https://docs.renovatebot.com/modules/manager/kubernetes/
  "kubernetes": {
    "fileMatch": ["\\.yaml$"]
  },
  // Disable copier until Renovate will support our custom copier structure OR
  // until Delivery team will change how we use copier
  "copier": {
    "enabled": false
  },
  "packageRules": [
    {
      "description": "v prefix workaround for action updates",
      "matchDepTypes": ["action"],
      "extractVersion": "^(?<version>v\\d+\\.\\d+\\.\\d+)$",
      "versioning": "regex:^v(?<major>\\d+)(\\.(?<minor>\\d+)\\.(?<patch>\\d+))?$"
    },
    {
      "description": "Remove v prefix in regex `_VERSION` updates",
      "matchManagers": ["custom.regex"],
      "extractVersion": "^?v?(?<version>\\d+\\.\\d+\\.\\d+.*)$",
      "versioning": "regex:^v?(?<major>\\d+)(\\.(?<minor>\\d+)\\.(?<patch>\\d+.*))?$"
    },
    {
      // Extend the update period because of Docker Hub API rate limits.
      // That can be avoided by making a self-hosted Renovate and providing a token.
      "matchDatasources": ["docker"],
      "schedule": ["after 4am on monday and tuesday"]
    },
    {
      // Extend the update period because of Docker Hub API rate limits.
      // That can be avoided by making a self-hosted Renovate and providing a token.
      "matchManagers": ["custom.regex"],
      "schedule": ["after 4am on monday and tuesday"]
    }
  ],
  // Limit branch creation to these times of day or week.                     | https://docs.renovatebot.com/configuration-options/#schedule
  // Deal with docker updates firstly (on Monday) to workaround problems with Docker Rate limits
  // Other idea - update them in different days at all. IE - docker only tue-wed, other stuff - Monday
  "schedule": ["after 4am on tuesday"]
}