diff --git a/refarch-tools/refarch-renovate/refarch-renovate-config.json5 b/refarch-tools/refarch-renovate/refarch-renovate-config.json5 index 8a2b3ba3..fef0477b 100644 --- a/refarch-tools/refarch-renovate/refarch-renovate-config.json5 +++ b/refarch-tools/refarch-renovate/refarch-renovate-config.json5 @@ -1,44 +1,14 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "description": "Renovate config for projects based on the reference architecture of it@M", - "assigneesFromCodeOwners": true, "additionalBranchPrefix": "{{parentDir}}-", "extends": [ - // Custom Manager Presets (https://docs.renovatebot.com/presets-customManagers/) - "customManagers:dockerfileVersions", // manages _VERSION variables in Dockerfile - "customManagers:githubActionsVersions", // manages _VERSION variables in GitHub Action workflows - "customManagers:mavenPropertyVersions", // updates versions defined in maven properties ending with .version + "github>it-at-m/.github//renovate-configs/renovate-config.json5", // Default Presets (https://docs.renovatebot.com/presets-default/) - ":approveMajorUpdates", // major dependency updates need to be approved via dashboard before PR is created - ":disableRateLimiting", // allows unlimited creation of PRs - ":docker", // updating Dockerfile and docker-compose files ":enableVulnerabilityAlertsWithLabel(Type: Security)", // custom label for security PRs created by Renovatebot ":label(Type: Dependency)", // custom label for PRs created by Renovatebot - ":npm", // updating package.json and package-lock.json - ":pinAllExceptPeerDependencies", // do version pinning except for peer dependencies - ":rebaseStalePrs", // rebase Renovate PR branched when base branch is updated ":semanticCommits", // enabled semantic commits in PR titles - ":separateMultipleMajorReleases", // separate major updates of dependencies into separate PRs - ":timezone(Europe/Berlin)", // sets correct timezone for schedule based operations - - // Docker Presets (https://docs.renovatebot.com/presets-docker/) - "docker:enableMajor", // enables updating of major versions for docker images - - // Full Config Presets (https://docs.renovatebot.com/presets-config/) - "config:best-practices", // enables best practices by the Renovate team - - // Helper Presets (https://docs.renovatebot.com/presets-helpers/) - "helpers:pinGitHubActionDigestsToSemver", // enabled pinning the action digest with a semantic version comment - - // npm Presets (https://docs.renovatebot.com/presets-npm/) - "npm:unpublishSafe", // used to make sure updates are only done after the npm package is "stable" (at least for 3 days) - - // Schedule presets (https://docs.renovatebot.com/presets-schedule/) - "schedule:weekly", // Renovatebot will search weekly for available dependency updates - - // Security presets (https://docs.renovatebot.com/presets-security/) - "security:openssf-scorecard", // show OpenSSF badge on pull requests to evaluate security health metrics for dependencies ], "packageRules": [ { @@ -53,24 +23,6 @@ "matchDatasources": ["maven"], "matchPackageNames": ["org.apache.camel.springboot:camel-spring-boot-dependencies"], "allowedVersions": "<=4.8" - }, - { - "description": "Limit dependencies directly related to Node to versions on company machines (needs to be updated manually when new versions are rolled out)", - "matchDatasources": ["npm"], - "matchPackageNames": ["@types/node"], - "allowedVersions": "<=20.14.0" - }, - { - "description": "Limit Keycloak version in docker stack to versions in company infrastructure, might slighty differ due to some RedHat KeyCloak versions not available as Docker image (needs to be updated manually when new versions are rolled out)", - "matchDatasources": ["docker"], - "matchPackageNames": ["quay.io/keycloak/keycloak"], - "allowedVersions": "<=20.0.5" - }, - { - "description": "Limit Postgres version in docker stack to versions in company infrastructure (needs to be updated manually when new versions are rolled out)", - "matchDatasources": ["docker"], - "matchPackageNames": ["postgres"], - "allowedVersions": "<=16.4" } ] } \ No newline at end of file