chore(deps): Renovate: restrict actions/checkout updates to <5.0.0 and require manual review for major GH Actions upgrades

2025-12-03 15:02:08 +00:00
parent d2d7c194e5
commit 9d1e8be410
1 changed files with 17 additions and 0 deletions
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -44,6 +44,23 @@
      "matchUpdateTypes": ["minor", "patch"],
      "automerge": true
    },
+    {
+      "description": "Limit actions/checkout to stable v4.x updates and block auto-upgrade to v5/v6",
+      "matchManagers": ["github-actions"],
+      "matchPackageNames": ["actions/checkout"],
+      "allowedVersions": "<5.0.0",
+      "automerge": false,
+      "matchUpdateTypes": ["minor", "patch"],
+      "labels": ["dependencies", "github-actions", "manual-review"]
+    },
+    {
+      "description": "Do not auto-upgrade other github-actions majors without review",
+      "matchManagers": ["github-actions"],
+      "matchUpdateTypes": ["major"],
+      "automerge": false,
+      "labels": ["dependencies", "github-actions", "manual-review"],
+      "prPriority": 0
+    },
    {
      "description": "Docker: keep Caddy within v2 (no automatic jump to v3)",
      "matchManagers": ["dockerfile"],