forked from valora-inc/renovate-config
-
Notifications
You must be signed in to change notification settings - Fork 0
/
base.json5
90 lines (84 loc) · 3.43 KB
/
base.json5
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
// This file configures Renovate.
// See: https://docs.renovatebot.com/configuration-options/
// This is a JSON5 (https://json5.org) file which supports comments and unquoted keys.
// for configs that are hard/impossible to override (but are still useful in most places) use default.json5 instead. see README for details
{
$schema: 'https://docs.renovatebot.com/renovate-schema.json',
// See https://docs.renovatebot.com/presets-config/#configbase
extends: ['config:base'],
// UTC is already the default, but for clarity we explicitly set it here
timezone: 'UTC',
// Ignore hourly limit from the base preset
ignorePresets: [':prHourlyLimit2'],
// Bump version ranges instead of pinning since we use lock files
rangeStrategy: 'bump',
// Set a status check pending for 3 days from release timestamp to guard against unpublishing
stabilityDays: 3,
// Automerge all updates (see packageRules below for exceptions)
automerge: true,
// Only automerge during weekdays when the team is up, and skip Fridays.
// Since we mostly use automated deploys, we don't want to deal with unexpected downtime
// when we can't easily fix it.
automergeSchedule: ['after 8:00 before 23:00 every weekday except on Friday'],
// Speed up merging PRs using GitHub automerge feature
// See https://docs.renovatebot.com/key-concepts/automerge/#faster-merges-with-platform-native-automerge
platformAutomerge: true,
// Renovate will hold back from creating PRs until the stabilityDays have passed
// Since we use platformAutomerge, this is important to prevent directly automerging PRs before the stabilityDays have passed
// Note: we can't use the branch protection for this, because we'd need that check only for renovate PRs
internalChecksFilter: 'strict',
// Disable vulnerability updates for now
// Dependabot is handling them instead because Renovate is not yet able to update transitive dependencies
// See https://github.com/renovatebot/renovate/issues/3080
vulnerabilityAlerts: {
enabled: false,
},
// Use semantic commits
semanticCommits: 'enabled',
// Labels applied to the PR
labels: ['renovate', '{{manager}}'],
// The order of objects in the packageRules array does matter,
// in the sense that rules declared later (towards the end of the array)
// overwrite values of an also-matching rule declared earlier.
packageRules: [
// Leave peerDependencies and engines alone
{
matchDepTypes: ['peerDependencies', 'engines'],
enabled: false,
},
// Leave major @types/node updates alone
// We only want to update these when we also update the node version
{
matchUpdateTypes: ['major'],
matchPackageNames: ['@types/node'],
enabled: false,
},
// Group devDependencies updates
{
matchDepTypes: ['devDependencies'],
groupName: 'devDependencies',
// Schedule this once a week since they can have frequent updates
extends: ['schedule:earlyMondays'],
},
// Group test packages (jest, etc)
{
extends: ['packages:test'],
groupName: 'test packages',
},
// Group linters (eslint, etc)
{
extends: ['packages:linters'],
groupName: 'linters',
},
// Group updates for prettier packages
{
matchPackagePatterns: ['^prettier'],
groupName: 'prettier packages',
},
// Group typescript packages
{
matchPackagePatterns: ['^typescript'],
groupName: 'typescript packages',
},
]
}