diff --git a/default.json b/default.json index 584f444..31d4e9a 100644 --- a/default.json +++ b/default.json @@ -1,5 +1,5 @@ { - "enabled": true, + "enabled": false, "extends": [ "config:best-practices", ":pinAllExceptPeerDependencies", diff --git a/renovate-presets/automerge.json5 b/renovate-presets/automerge.json5 index 11ad5de..0cad2ae 100644 --- a/renovate-presets/automerge.json5 +++ b/renovate-presets/automerge.json5 @@ -6,37 +6,37 @@ Prerequisites for this preset: - CI workflow trigger on `merge_group:` event or on push to temporary merge queue branches *(Only if Merge Queue enabled)* */ { - "timezone": "Europe/Berlin", - "packageRules": [ - { - "matchUpdateTypes": [ - "minor", - "patch", - "digest", - "lockFileMaintenance" - ], - // Create PRs only during working hours - // This controls the update window for scenarios using platform automerge - // when renovate loses control over the merge schedule - "schedule": [ - "* 9-13 * * 1-5" - ], - /* Maintain backwards compatibility for repositories + timezone: "Europe/Berlin", + packageRules: [ + { + matchUpdateTypes: ["minor", "patch", "digest", "lockFileMaintenance"], + // Create PRs only during working hours + // This controls the update window for scenarios using platform automerge + // when renovate loses control over the merge schedule + schedule: ["* 9-13 * * 1-5"], + /* Maintain backwards compatibility for repositories + timezone: "Europe/Berlin", + packageRules: [ + { + matchUpdateTypes: ["minor", "patch", "digest", "lockFileMaintenance"], + // Create PRs only during working hours + // This controls the update window for scenarios using platform automerge + // when renovate loses control over the merge schedule + schedule: ["* 9-13 * * 1-5"], + /* Maintain backwards compatibility for repositories that do not require a merge queue and thus control automerges in renovate still */ - "automergeSchedule": [ - "* 9-13 * * 1-5" - ], - "automerge": true, - "automergeType": "pr", - "automergeStrategy": "auto", - // Enable Github automerge (renovate loses control over the merge schedule) - "platformAutomerge": true, - // Create PRs only if the stability days check has passed - // This prevents premature PR merges - "prCreation": "not-pending", - "internalChecksFilter": "strict", - "rebaseWhen": "conflicted" - } - ] + automergeSchedule: ["* 9-13 * * 1-5"], + automerge: false, + automergeType: "pr", + automergeStrategy: "auto", + // Enable Github automerge (renovate loses control over the merge schedule) + platformAutomerge: false, + // Create PRs only if the stability days check has passed + // This prevents premature PR merges + prCreation: "not-pending", + internalChecksFilter: "strict", + rebaseWhen: "conflicted", + }, + ], } diff --git a/renovate-presets/branch-merge.json b/renovate-presets/branch-merge.json index 0a13a1d..da6589b 100644 --- a/renovate-presets/branch-merge.json +++ b/renovate-presets/branch-merge.json @@ -1,17 +1,11 @@ { - "timezone": "Europe/Berlin", - "packageRules": [ - { - "matchUpdateTypes": [ - "minor", - "patch", - "digest" - ], - "automergeSchedule": [ - "* 9-13 * * 1-5" - ], - "automerge": true, - "automergeType": "branch" - } - ] + "timezone": "Europe/Berlin", + "packageRules": [ + { + "matchUpdateTypes": ["minor", "patch", "digest"], + "automergeSchedule": ["* 9-13 * * 1-5"], + "automerge": true, + "automergeType": "branch" + } + ] } diff --git a/renovate-presets/security.json5 b/renovate-presets/security.json5 index bb8d194..93cc3e5 100644 --- a/renovate-presets/security.json5 +++ b/renovate-presets/security.json5 @@ -1,23 +1,23 @@ { - // Display OSV vulnerability alerts in the dependency dashboard - "dependencyDashboardOSVVulnerabilitySummary": "all", - // Enable OSV vulnerability alerts for all repositories (experimental feature) - "osvVulnerabilityAlerts": true, - // Configuration for Security updates - "vulnerabilityAlerts": { - // no grouping - "groupName": null, - // may be created at any time - "schedule": [], - // no dashboard apporval required - "dependencyDashboardApproval": false, - // specific minimum release age for security updates - "minimumReleaseAge": "5 days", - // add label indicating sverity of CVEs - "addLabels": ["SEVERITY:{{vulnerabilitySeverity}}"], - // add commitMessageSuffix indicating sverity of CVEs - "commitMessageSuffix": "[SECURITY] [SEVERITY: {{vulnerabilitySeverity}}{{#if (or (equals vulnerabilitySeverity 'MEDIUM') (equals vulnerabilitySeverity 'MODERATE'))}} 🟡{{else if (or (equals vulnerabilitySeverity 'HIGH') (equals vulnerabilitySeverity 'CRITICAL'))}} 🔴{{/if}}]", - // use the lowest possible version that fixes the vulnerability - "vulnerabilityFixStrategy": "lowest" - } -} \ No newline at end of file + // Display OSV vulnerability alerts in the dependency dashboard + dependencyDashboardOSVVulnerabilitySummary: "all", + // Enable OSV vulnerability alerts for all repositories (experimental feature) + osvVulnerabilityAlerts: true, + // Configuration for Security updates + vulnerabilityAlerts: { + // no grouping + groupName: null, + // may be created at any time + schedule: [], + // no dashboard apporval required + dependencyDashboardApproval: false, + // specific minimum release age for security updates + minimumReleaseAge: "5 days", + // add label indicating sverity of CVEs + addLabels: ["SEVERITY:{{vulnerabilitySeverity}}"], + // add commitMessageSuffix indicating sverity of CVEs + commitMessageSuffix: "[SECURITY] [SEVERITY: {{vulnerabilitySeverity}}{{#if (or (equals vulnerabilitySeverity 'MEDIUM') (equals vulnerabilitySeverity 'MODERATE'))}} 🟡{{else if (or (equals vulnerabilitySeverity 'HIGH') (equals vulnerabilitySeverity 'CRITICAL'))}} 🔴{{/if}}]", + // use the lowest possible version that fixes the vulnerability + vulnerabilityFixStrategy: "lowest", + }, +}