Refactor Renovate configuration for timezone and rules

Updated timezone and PR limits in Renovate config. Modified package rules for better grouping and automerge behavior.
2026-01-13 16:11:01 -05:00
parent cd41a07e53
commit 0bc31b2865
1 changed files with 28 additions and 146 deletions
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -10,24 +10,29 @@
    "feature/beta-release",
    "nightly"
  ],
-  "timezone": "EST",
+  "timezone": "America/New_York",
  "dependencyDashboard": true,
  "prConcurrentLimit": 10,
-  "prHourlyLimit": 5,
+  "prHourlyLimit": 0,
  "labels": [
    "dependencies"
  ],
-  "rebaseWhen": "conflicted",
+  
+  "rebaseWhen": "auto",
+  
  "vulnerabilityAlerts": {
    "enabled": true
  },
+  
  "schedule": [
-    "before 8am"
+    "before 8am on monday"
  ],
+  
  "rangeStrategy": "bump",
  "automerge": true,
  "automergeType": "pr",
  "platformAutomerge": true,
+  
  "customManagers": [
    {
      "customType": "regex",
@@ -42,165 +47,42 @@
      "versioningTemplate": "semver"
    }
  ],
+  
  "packageRules": [
    {
-      "description": "Automerge digest updates (action pins, Docker SHAs)",
+      "description": "THE MEGAZORD: Group ALL non-major updates (NPM, Docker, Go, Actions) into one weekly PR",
+      "matchPackagePatterns": ["*"],
      "matchUpdateTypes": [
-        "digest",
-        "pin"
+        "minor",
+        "patch",
+        "pin",
+        "digest"
      ],
+      "groupName": "weekly-non-major-updates",
      "automerge": true
    },
    {
-      "description": "Caddy transitive dependency patches in Dockerfile",
-      "matchManagers": [
-        "custom.regex"
-      ],
-      "matchFileNames": [
-        "Dockerfile"
-      ],
-      "labels": [
-        "dependencies",
-        "caddy-patch",
-        "security"
-      ],
-      "automerge": true,
+      "description": "Preserve your custom Caddy patch labels but allow them to group into the weekly PR",
+      "matchManagers": ["custom.regex"],
+      "matchFileNames": ["Dockerfile"],
+      "labels": ["caddy-patch", "security"],
      "matchPackageNames": [
        "/expr-lang/expr/",
        "/quic-go/quic-go/",
        "/smallstep/certificates/"
      ]
    },
-    {
-      "description": "Automerge safe patch updates",
-      "matchUpdateTypes": [
-        "patch"
-      ],
-      "automerge": true
-    },
-    {
-      "description": "Frontend npm: automerge minor for devDependencies",
-      "matchManagers": [
-        "npm"
-      ],
-      "matchDepTypes": [
-        "devDependencies"
-      ],
-      "matchUpdateTypes": [
-        "minor",
-        "patch"
-      ],
-      "automerge": true,
-      "labels": [
-        "dependencies",
-        "npm"
-      ]
-    },
-    {
-      "description": "Backend Go modules",
-      "matchManagers": [
-        "gomod"
-      ],
-      "labels": [
-        "dependencies",
-        "go"
-      ],
-      "matchUpdateTypes": [
-        "minor",
-        "patch"
-      ],
-      "automerge": true
-    },
-    {
-      "description": "GitHub Actions updates",
-      "matchManagers": [
-        "github-actions"
-      ],
-      "labels": [
-        "dependencies",
-        "github-actions"
-      ],
-      "matchUpdateTypes": [
-        "minor",
-        "patch"
-      ],
-      "automerge": true
-    },
-    {
-      "description": "actions/checkout",
-      "matchManagers": [
-        "github-actions"
-      ],
-      "matchPackageNames": [
-        "actions/checkout"
-      ],
-      "automerge": false,
-      "matchUpdateTypes": [
-        "minor",
-        "patch"
-      ],
-      "labels": [
-        "dependencies",
-        "github-actions",
-        "manual-review"
-      ]
-    },
-    {
-      "description": "Do not auto-upgrade other github-actions majors without review",
-      "matchManagers": [
-        "github-actions"
-      ],
-      "matchUpdateTypes": [
-        "major"
-      ],
-      "automerge": false,
-      "labels": [
-        "dependencies",
-        "github-actions",
-        "manual-review"
-      ],
-      "prPriority": 0
-    },
    {
      "description": "Docker: keep Caddy within v2 (no automatic jump to v3)",
-      "matchManagers": [
-        "dockerfile"
-      ],
-      "matchPackageNames": [
-        "caddy"
-      ],
-      "allowedVersions": "<3.0.0",
-      "labels": [
-        "dependencies",
-        "docker"
-      ],
-      "automerge": true,
-      "extractVersion": "^(?<version>\\d+\\.\\d+\\.\\d+)",
-      "versioning": "semver"
+      "matchManagers": ["dockerfile"],
+      "matchPackageNames": ["caddy"],
+      "allowedVersions": "<3.0.0"
    },
    {
-      "description": "Group non-breaking npm minor/patch",
-      "matchManagers": [
-        "npm"
-      ],
-      "matchUpdateTypes": [
-        "minor",
-        "patch"
-      ],
-      "groupName": "npm minor/patch",
-      "prPriority": -1
-    },
-    {
-      "description": "Group docker base minor/patch",
-      "matchManagers": [
-        "dockerfile"
-      ],
-      "matchUpdateTypes": [
-        "minor",
-        "patch"
-      ],
-      "groupName": "docker base updates",
-      "prPriority": -1
+      "description": "Safety: Keep MAJOR updates separate and require manual review",
+      "matchUpdateTypes": ["major"],
+      "automerge": false,
+      "labels": ["manual-review"]
    }
  ]
 }