akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity
Files
3ec6eba23a06ff4c8e8d1eb5d70b8a0c4faacb6a
Charon/.github/renovate.json
GitHub Actions 562bb012fb feat: Enhance Dockerfile for Caddy with security patches and automate dependency management 
- Added custom manager in renovate.json to track Go dependencies patched in Dockerfile for Caddy CVE fixes.
- Updated Dockerfile to pre-fetch and override vulnerable module versions for dependencies (expr, quic-go, smallstep/certificates) during the build process.
- Improved build resilience by implementing a fallback mechanism for Caddy versioning.
- Introduced tests for user SMTP audit, covering invite token security, input validation, authorization, and SMTP config security.
- Enhanced user invite functionality with duplicate email protection and case-insensitive checks.
- Updated go.work.sum to include new dependencies and ensure compatibility.
2025-12-05 02:15:43 +00:00

109 lines
3.4 KiB
JSON
Raw Blame History

{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:recommended",
":semanticCommits",
":separateMultipleMajorReleases",
"helpers:pinGitHubActionDigests"
],
"baseBranches": ["development"],
"timezone": "UTC",
"dependencyDashboard": true,
"prConcurrentLimit": 10,
"prHourlyLimit": 5,
"labels": ["dependencies"],
"rebaseWhen": "conflicted",
"vulnerabilityAlerts": { "enabled": true },
"schedule": ["every weekday"],
"rangeStrategy": "bump",
"customManagers": [
{
"customType": "regex",
"description": "Track Go dependencies patched in Dockerfile for Caddy CVE fixes",
"fileMatch": ["^Dockerfile$"],
"matchStrings": [
"#\\s*renovate:\\s*datasource=go\\s+depName=(?<depName>[^\\s]+)\\s*\\n\\s*go get (?<depName2>[^@]+)@v(?<currentValue>[^\\s|]+)"
],
"datasourceTemplate": "go",
"versioningTemplate": "semver"
}
],
"packageRules": [
{
"description": "Caddy transitive dependency patches in Dockerfile",
"matchManagers": ["regex"],
"matchFileNames": ["Dockerfile"],
"matchPackagePatterns": ["expr-lang/expr", "quic-go/quic-go", "smallstep/certificates"],
"labels": ["dependencies", "caddy-patch", "security"],
"automerge": true
},
{
"description": "Automerge safe patch updates",
"matchUpdateTypes": ["patch"],
"automerge": true
},
{
"description": "Frontend npm: automerge minor for devDependencies",
"matchManagers": ["npm"],
"matchDepTypes": ["devDependencies"],
"matchUpdateTypes": ["minor", "patch"],
"automerge": true,
"labels": ["dependencies", "npm"]
},
{
"description": "Backend Go modules",
"matchManagers": ["gomod"],
"labels": ["dependencies", "go"],
"matchUpdateTypes": ["minor", "patch"],
"automerge": false
},
{
"description": "GitHub Actions updates",
"matchManagers": ["github-actions"],
"labels": ["dependencies", "github-actions"],
"matchUpdateTypes": ["minor", "patch"],
"automerge": true
},
{
"description": "actions/checkout",
"matchManagers": ["github-actions"],
"matchPackageNames": ["actions/checkout"],
"automerge": false,
"matchUpdateTypes": ["minor", "patch"],
"labels": ["dependencies", "github-actions", "manual-review"]
},
{
"description": "Do not auto-upgrade other github-actions majors without review",
"matchManagers": ["github-actions"],
"matchUpdateTypes": ["major"],
"automerge": false,
"labels": ["dependencies", "github-actions", "manual-review"],
"prPriority": 0
},
{
"description": "Docker: keep Caddy within v2 (no automatic jump to v3)",
"matchManagers": ["dockerfile"],
"matchPackageNames": ["caddy"],
"allowedVersions": "<3.0.0",
"labels": ["dependencies", "docker"],
"automerge": true,
"extractVersion": "^(?<version>\\d+\\.\\d+\\.\\d+)",
"versioning": "semver"
},
{
"description": "Group non-breaking npm minor/patch",
"matchManagers": ["npm"],
"matchUpdateTypes": ["minor", "patch"],
"groupName": "npm minor/patch",
"prPriority": -1
},
{
"description": "Group docker base minor/patch",
"matchManagers": ["dockerfile"],
"matchUpdateTypes": ["minor", "patch"],
"groupName": "docker base updates",
"prPriority": -1
}
]
}
Reference in New Issue View Git Blame Copy Permalink