From 2a567f04292bb5a5c6b3df5b24488adb02852d8c Mon Sep 17 00:00:00 2001
From: Kim Tsao <84398375+kim-tsao@users.noreply.github.com>
Date: Mon, 22 Apr 2024 17:56:01 -0400
Subject: [PATCH] chore(renovate): update renovate config (#1512)

* chore(renovate): update renovate config

Signed-off-by: Kim Tsao <ktsao@redhat.com>

* chore(renovate): add dev dependencies rule

Signed-off-by: Kim Tsao <ktsao@redhat.com>

* chore(renovate): address review comments

Signed-off-by: Kim Tsao <ktsao@redhat.com>

* Update .github/renovate.json

* add renovate.json to .prettierignore since the formatting that renovate wants != the prettier rules

Signed-off-by: Nick Boldt <nboldt@redhat.com>

---------

Signed-off-by: Kim Tsao <ktsao@redhat.com>
Signed-off-by: Nick Boldt <nboldt@redhat.com>
Co-authored-by: Nick Boldt <nboldt@redhat.com>
---
 .github/dependabot.yml | 28 ----------------------------
 .github/renovate.json  | 31 +++++++++++++++++++++++++++++--
 .prettierignore        |  1 +
 3 files changed, 30 insertions(+), 30 deletions(-)
 delete mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
deleted file mode 100644
index 027f8c8327..0000000000
--- a/.github/dependabot.yml
+++ /dev/null
@@ -1,28 +0,0 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
-
-version: 2
-updates:
-  # Maintain dependencies for GitHub Actions
-  - package-ecosystem: 'github-actions'
-    # Workflow files stored in the default location of `.github/workflows`. (You don't need to specify `/.github/workflows` for `directory`. You can use `directory: "/"`.)
-    directory: '/'
-    schedule:
-      interval: 'weekly'
-
-  - package-ecosystem: 'npm'
-    directory: '/' # for a monorepo, use root package.json and yarn.lock files
-    schedule:
-      interval: 'daily'
-    ignore:
-      # pin to @keycloak/keycloak-admin-client <19 - see https://github.com/janus-idp/backstage-plugins/issues/47 https://github.com/janus-idp/backstage-plugins/issues/1046
-      - dependency-name: 'keycloak-admin-client'
-        versions: ['> 18']
-      # pin to version that keycloak 18 needs
-      - dependency-name: 'axios'
-        versions: ['>0.26.1']
-      # pin to version that isn't broken - see https://github.com/RoadieHQ/roadie-backstage-plugins/issues/1238 https://github.com/janus-idp/backstage-showcase/pull/947 https://github.com/janus-idp/backstage-showcase/pull/1095
-      - dependency-name: 'backstage-plugin-argo-cd'
-        versions: ['>2.4.1']
diff --git a/.github/renovate.json b/.github/renovate.json
index 567c1198d6..22d7af9bcc 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -10,6 +10,10 @@
     ":pinOnlyDevDependencies"
   ],
   "labels": ["kind/dependency upgrade"],
+  "baseBranches": [
+    "main",
+    "/^1\\..*\\.x/"
+  ],
   "npm": {
     "minimumReleaseAge": "1 day"
   },
@@ -18,6 +22,12 @@
       "matchManagers": ["github-actions"],
       "groupName": "GitHub Actions"
     },
+    {
+      "matchDepTypes": ["devDependencies"],
+      "matchUpdateTypes": ["patch", "minor"],
+      "groupName": ["DevDependencies (non-major)"],
+      "automerge": true
+    },    
     {
       "matchPackagePatterns": ["^@backstage/"],
       "groupName": "Core Backstage packages"
@@ -29,8 +39,25 @@
         "^multi-semantic-release$"
       ],
       "groupName": "semantic-release monorepo"
-    }
+    },
+    {
+      "description": "disable updates to the keycloak admin client - see https://github.com/janus-idp/backstage-plugins/issues/47 https://github.com/janus-idp/backstage-plugins/issues/1046", 
+      "matchPackageName": ["@keycloak/keycloak-admin-client"],
+      "groupName": "Keycloak dependency",
+      "enabled": "false"
+    },
+    {
+      "description": "ignore updates to the axios to version that keycloak 18 needs", 
+      "matchCurrentVersion": "0.26.1",
+      "matchPackageName": ["axios"],
+      "enabled": "false",
+      "groupName": "Keycloak dependency"
+    }    
   ],
   "ignorePaths": ["**/dist-dynamic/**"],
-  "ignoreDeps": ["@roadiehq/backstage-plugin-argo-cd"]
+  "vulnerabilityAlerts": {
+    "enabled": true,
+    "addLabels": ["kind/security"]
+  },
+  "osvVulnerabilityAlerts": true  
 }
diff --git a/.prettierignore b/.prettierignore
index 6451fc668a..250647e60d 100644
--- a/.prettierignore
+++ b/.prettierignore
@@ -6,3 +6,4 @@ CHANGELOG.md
 generated
 templates
 *.hbs
+renovate.json