Switch from Dependabot to Renovate to match org convention#56
Merged
lwwmanning merged 1 commit intomainfrom May 4, 2026
Merged
Switch from Dependabot to Renovate to match org convention#56lwwmanning merged 1 commit intomainfrom
lwwmanning merged 1 commit intomainfrom
Conversation
The flagship vortex repo plus duckdb-vortex and vortex-datafusion-cli all use Renovate; bring vortex.dev in line. The new renovate.json is modeled on vortex/renovate.json but tailored for a Next.js marketing site: - config:recommended + :automergeStableNonMajor + :automergePr + :automergeRequireAllStatusChecks for safe auto-merge of non-major bumps once CI passes (replaces the dependabot-auto-merge.yml workflow, which is now removed since Renovate's platformAutomerge handles this natively). - :dependencyDashboard for a single tracking issue. - schedule:earlyMondays preserves the previous Monday cadence. - helpers:pinGitHubActionDigests keeps workflow actions SHA-pinned to match the existing ci.yml style. - lockFileMaintenance enabled for periodic bun.lock refresh. - packageRules group Next.js, React, TailwindCSS, MDX pipeline, Analytics, Biome, and GitHub Actions; "all patch updates" collapses patch noise into a single weekly PR. Note: this is not a restore of the original renovate.json from #13. That config had no grouping, which is part of why the post-Biome-migration Renovate PRs piled up uncollapsed. The new config groups by ecosystem so a future toolchain change won't generate a flood of independent PRs. Signed-off-by: Will Manning <will@willmanning.io>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
This was referenced May 4, 2026
Closed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Replaces the Dependabot config that landed in #47 with a Renovate config to match the rest of the
vortex-data/*org. The flagshipvortexrepo plusduckdb-vortexandvortex-datafusion-cliall use Renovate; bringingvortex.devin line removes a one-off mental model and simplifies cross-repo maintenance.The new
renovate.jsonis modeled onvortex/renovate.jsonbut tailored for a Next.js marketing site:config:recommended+:automergeStableNonMajor+:automergePr+:automergeRequireAllStatusChecks— safe auto-merge of non-major bumps once CI passes. Replaces thedependabot-auto-merge.ymlworkflow (also removed in this PR), since Renovate'splatformAutomergehandles this natively without a custom workflow.:dependencyDashboard— single tracking issue for everything in flight.schedule:earlyMondays— preserves the previous weekly Monday cadence.helpers:pinGitHubActionDigests— keeps GH-action references SHA-pinned to match the existingci.ymlstyle.lockFileMaintenance: { enabled: true }— periodicbun.lockrefresh.packageRulesgroup Next.js, React, TailwindCSS, the MDX pipeline, Analytics, Biome, and GitHub Actions.patch.groupNamecollapses all patch-level updates into a single weekly PR.Notably, this is not a restore of the original
renovate.jsonfrom #13. That config had no grouping, which is a big part of why the post-Biome-migration Renovate PRs (#32, #33, #35–#39, #41–#43, #45) piled up as independent PRs against tools that no longer exist in the repo. The new config groups by ecosystem so a future toolchain swap won't produce the same noise.Changes
renovate.json(with$schemafor editor validation).github/dependabot.yml.github/workflows/dependabot-auto-merge.ymlTest plan