Skip to content

Commit dfab0c3

Browse files
committed
fix(renovate): unified manager-agnostic trusted orgs rule + lock file automerge
Trust is org-based, not manager-based. A package from github/** should auto-merge whether detected by github-actions, custom.regex, or nix manager. Changes: - Remove matchManagers constraint from trusted orgs rule - Remove matchUpdateTypes constraint — trusted orgs get ALL update types (major, minor, patch, digest, pin, etc.) - Merge GitHub Actions + Nix flake input trust lists into single rule - Include both bare (github/**) and URL-prefixed (https://github.com/github/**) patterns since different managers report depName differently - Add automerge to lockFileMaintenance config - Remove redundant Nix flake inputs rule (orgs now in unified rule) - Remove redundant HuggingFace custom.regex rule (covered by source URL rule) - Remove hashicorp/* from Terraform providers rule (now in unified rule) - Expand trusted orgs: ansible, aws-ia, bitwarden, codecov, criblio, DopplerHQ, huggingface, kubernetes, kubernetes-sigs, nix-darwin, nix-systems, obra, open-telemetry, ossf, pre-commit, pypa, renovatebot, semgrep, sigstore Fixes: nix-ai#381 (github/gh-aw not auto-merging via custom.regex manager) (claude)
1 parent 62cebef commit dfab0c3

1 file changed

Lines changed: 90 additions & 50 deletions

File tree

renovate-presets.json

Lines changed: 90 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,10 @@
1313
"timezone": "America/Chicago",
1414
"lockFileMaintenance": {
1515
"enabled": true,
16-
"schedule": ["before 7am on Monday", "before 7am on Thursday"]
16+
"schedule": ["before 7am on Monday", "before 7am on Thursday"],
17+
"automerge": true,
18+
"automergeType": "pr",
19+
"automergeStrategy": "squash"
1720
},
1821
"customManagers": [
1922
{
@@ -43,31 +46,103 @@
4346
"minimumReleaseAge": "0 days"
4447
},
4548
{
46-
"description": "Auto-merge trusted GitHub Actions including major (3-day stabilization)",
47-
"matchManagers": ["github-actions"],
49+
"description": "Auto-merge trusted orgs — all managers, all update types (3-day stabilization)",
4850
"matchPackageNames": [
4951
"actions/**",
50-
"googleapis/**",
52+
"ansible/**",
5153
"anthropics/**",
5254
"astral-sh/**",
53-
"DeterminateSystems/**",
54-
"peter-evans/**",
55+
"aws-actions/**",
56+
"aws-ia/**",
57+
"Azure/**",
58+
"bitwarden/**",
59+
"cachix/**",
60+
"codecov/**",
61+
"criblio/**",
5562
"DavidAnson/**",
63+
"DeterminateSystems/**",
64+
"docker/**",
65+
"DopplerHQ/**",
5666
"dorny/**",
67+
"edolstra/**",
5768
"github/**",
58-
"softprops/**",
69+
"google/**",
70+
"google-github-actions/**",
71+
"googleapis/**",
5972
"hashicorp/**",
73+
"hercules-ci/**",
74+
"huggingface/**",
75+
"kubernetes/**",
76+
"kubernetes-sigs/**",
77+
"microsoft/**",
78+
"nix-community/**",
79+
"nix-darwin/**",
80+
"nix-systems/**",
81+
"NixOS/**",
82+
"numtide/**",
83+
"obra/**",
84+
"open-telemetry/**",
6085
"opentofu/**",
86+
"ossf/**",
87+
"oxalica/**",
88+
"peter-evans/**",
89+
"pre-commit/**",
90+
"pypa/**",
6191
"python/**",
62-
"microsoft/**",
63-
"Azure/**",
6492
"raycast/**",
65-
"aws-actions/**",
66-
"google/**",
67-
"google-github-actions/**",
68-
"docker/**"
93+
"renovatebot/**",
94+
"semgrep/**",
95+
"sigstore/**",
96+
"softprops/**",
97+
"wakatime/**",
98+
"https://github.com/actions/**",
99+
"https://github.com/ansible/**",
100+
"https://github.com/anthropics/**",
101+
"https://github.com/astral-sh/**",
102+
"https://github.com/aws-actions/**",
103+
"https://github.com/aws-ia/**",
104+
"https://github.com/Azure/**",
105+
"https://github.com/bitwarden/**",
106+
"https://github.com/cachix/**",
107+
"https://github.com/codecov/**",
108+
"https://github.com/criblio/**",
109+
"https://github.com/DavidAnson/**",
110+
"https://github.com/DeterminateSystems/**",
111+
"https://github.com/docker/**",
112+
"https://github.com/DopplerHQ/**",
113+
"https://github.com/dorny/**",
114+
"https://github.com/edolstra/**",
115+
"https://github.com/github/**",
116+
"https://github.com/google/**",
117+
"https://github.com/google-github-actions/**",
118+
"https://github.com/googleapis/**",
119+
"https://github.com/hashicorp/**",
120+
"https://github.com/hercules-ci/**",
121+
"https://github.com/huggingface/**",
122+
"https://github.com/kubernetes/**",
123+
"https://github.com/kubernetes-sigs/**",
124+
"https://github.com/microsoft/**",
125+
"https://github.com/nix-community/**",
126+
"https://github.com/nix-darwin/**",
127+
"https://github.com/nix-systems/**",
128+
"https://github.com/NixOS/**",
129+
"https://github.com/numtide/**",
130+
"https://github.com/obra/**",
131+
"https://github.com/open-telemetry/**",
132+
"https://github.com/opentofu/**",
133+
"https://github.com/ossf/**",
134+
"https://github.com/oxalica/**",
135+
"https://github.com/peter-evans/**",
136+
"https://github.com/pre-commit/**",
137+
"https://github.com/pypa/**",
138+
"https://github.com/python/**",
139+
"https://github.com/raycast/**",
140+
"https://github.com/renovatebot/**",
141+
"https://github.com/semgrep/**",
142+
"https://github.com/sigstore/**",
143+
"https://github.com/softprops/**",
144+
"https://github.com/wakatime/**"
69145
],
70-
"matchUpdateTypes": ["major", "minor", "patch"],
71146
"automerge": true,
72147
"automergeType": "pr",
73148
"automergeStrategy": "squash",
@@ -86,10 +161,7 @@
86161
"description": "Auto-merge trusted Terraform providers (3-day stabilization, minor/patch only)",
87162
"matchManagers": ["terraform"],
88163
"matchDatasources": ["terraform-provider"],
89-
"matchPackageNames": [
90-
"hashicorp/*",
91-
"bpg/*"
92-
],
164+
"matchPackageNames": ["bpg/*"],
93165
"matchUpdateTypes": ["minor", "patch"],
94166
"automerge": true,
95167
"automergeType": "pr",
@@ -106,44 +178,12 @@
106178
"automergeStrategy": "squash",
107179
"minimumReleaseAge": "3 days"
108180
},
109-
{
110-
"description": "Auto-merge trusted Nix flake inputs (3-day stabilization, CI-gated)",
111-
"matchManagers": ["nix"],
112-
"matchDatasources": ["git-refs"],
113-
"matchPackageNames": [
114-
"https://github.com/NixOS/**",
115-
"https://github.com/nix-community/**",
116-
"https://github.com/cachix/**",
117-
"https://github.com/anthropics/**",
118-
"https://github.com/numtide/**",
119-
"https://github.com/hercules-ci/**",
120-
"https://github.com/DeterminateSystems/**",
121-
"https://github.com/edolstra/**",
122-
"https://github.com/oxalica/**",
123-
"https://github.com/wakatime/**"
124-
],
125-
"automerge": true,
126-
"automergeType": "pr",
127-
"automergeStrategy": "squash",
128-
"minimumReleaseAge": "3 days"
129-
},
130181
{
131182
"description": "GitHub releases use v-prefixed tags for custom Nix packages",
132183
"matchDatasources": ["github-releases"],
133184
"matchManagers": ["custom.regex"],
134185
"extractVersion": "^v(?<version>.+)$"
135186
},
136-
{
137-
"description": "Auto-merge trusted PyPI packages from HuggingFace (custom managers)",
138-
"matchDatasources": ["pypi"],
139-
"matchManagers": ["custom.regex"],
140-
"matchPackageNames": ["huggingface-hub", "huggingface-mcp-server"],
141-
"matchUpdateTypes": ["minor", "patch"],
142-
"automerge": true,
143-
"automergeType": "pr",
144-
"automergeStrategy": "squash",
145-
"minimumReleaseAge": "3 days"
146-
},
147187
{
148188
"description": "Twice-weekly schedule for all custom regex managers",
149189
"matchManagers": ["custom.regex"],

0 commit comments

Comments
 (0)