From e4165b73a462cebb0fff710f758b593f5337d316 Mon Sep 17 00:00:00 2001
From: Alexander Lanin <Alexander.Lanin@etas.com>
Date: Wed, 6 May 2026 21:11:22 +0200
Subject: [PATCH 1/3] feat: add renovate

---
 .github/renovate.json5             | 73 ++++++++++++++++++++++++++++++
 .github/workflows/_local_daily.yml | 15 ++++++
 2 files changed, 88 insertions(+)
 create mode 100644 .github/renovate.json5

diff --git a/.github/renovate.json5 b/.github/renovate.json5
new file mode 100644
index 0000000..41c2b8c
--- /dev/null
+++ b/.github/renovate.json5
@@ -0,0 +1,73 @@
+{
+  // Use Renovate's recommended baseline (PR limits, grouping, etc.)
+  extends: ["config:recommended"],
+
+  // Target following repositories
+  repositories: [
+    "eclipse-score/bazel_cpp_toolchains",
+    "eclipse-score/devcontainer",
+    "eclipse-score/docs-as-code",
+    "eclipse-score/itf",
+    "eclipse-score/os_images",
+    "eclipse-score/qnx_unit_tests",
+    "eclipse-score/rules_imagefs",
+    "eclipse-score/testing_tools",
+    "eclipse-score/toolchains_rust",
+  ],
+
+  // 🚨 Run experiment
+  prBodyNotes: [
+    "🚨 **EXPERIMENTAL** 🚨",
+    "This Renovate setup is currently under testing.  ",
+    "It should produce good PRs, but there may be some issues.  ",
+    "Contact #infrastructure if you have any questions or feedback.",
+  ],
+
+  // Add labels to all PRs, so we can actually find them
+  labels: [
+    "automation",
+    "renovate",
+  ],
+
+  // Run on all repos, without requiring local renovate.json
+  onboarding: false,
+  requireConfig: "ignored",
+
+  // Limit PRs to 10 at a time, to avoid overwhelming maintainers
+  prConcurrentLimit: 10,
+
+  // Override default weekly schedule from config:recommended so Renovate
+  // runs every time the workflow triggers.
+  schedule: ["at any time"],
+
+  // ---- BAZEL -----
+  
+  // For now, only update Bazel module dependencies
+  enabledManagers: ["bazel-module"],
+
+  // Allow bazel lockfile updates via `bazel mod deps --lockfile_mode=update`
+  allowedUnsafeExecutions: ["bazelModDeps"],
+
+  // Update score packages only
+  packageRules: [
+    {
+      // By default bazel is enabled, but it shall update only score packages,
+      // so disable all bazel module updates first.
+      matchManagers: ["bazel-module"],
+      enabled: false
+    },
+    {
+      // And then re-enable only modules whose package name starts with "score_"
+      matchManagers: ["bazel-module"],
+      matchPackageNames: ["/^score_/"],
+      enabled: true,
+    },
+    {
+      // score_tooling >1.1.0 up to and including 1.2.0 is broken with no fix
+      // available. Block updates beyond 1.1.0 until a fixed version is released.
+      matchManagers: ["bazel-module"],
+      matchPackageNames: ["score_tooling"],
+      allowedVersions: "<=1.1.0",
+    }
+  ],
+}
diff --git a/.github/workflows/_local_daily.yml b/.github/workflows/_local_daily.yml
index 4f48885..4f4333e 100644
--- a/.github/workflows/_local_daily.yml
+++ b/.github/workflows/_local_daily.yml
@@ -34,3 +34,18 @@ jobs:
       pull-requests: write
       pages: write
       id-token: write
+  renovate:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout config file
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Run renovate
+        uses: renovatebot/github-action@79dc0ba74dc3de28db0a7aeb1d0b95d5bf5fde2a # v46.1.13
+        with:
+          token: ${{ secrets.SCORE_BOT_CLASSIC_PAT }}
+          configurationFile: .github/renovate.json5
+        env:
+          LOG_LEVEL: debug

From 4a84c61e3a5e96528d84eb451e2ddc8d6929e8ed Mon Sep 17 00:00:00 2001
From: Alexander Lanin <Alexander.Lanin@etas.com>
Date: Wed, 6 May 2026 21:45:25 +0200
Subject: [PATCH 2/3] fix: renovate commit author

---
 .github/renovate.json5 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/renovate.json5 b/.github/renovate.json5
index 41c2b8c..8b496e7 100644
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@@ -2,6 +2,9 @@
   // Use Renovate's recommended baseline (PR limits, grouping, etc.)
   extends: ["config:recommended"],
 
+  // Commit author
+  gitAuthor: "eclipse-score-bot <score-bot@eclipse.com>",
+
   // Target following repositories
   repositories: [
     "eclipse-score/bazel_cpp_toolchains",

From 17299096da8108080b19987417deeaf6151c4e73 Mon Sep 17 00:00:00 2001
From: Alexander Lanin <Alexander.Lanin@etas.com>
Date: Wed, 6 May 2026 21:51:18 +0200
Subject: [PATCH 3/3] fix: author one more time

---
 .github/renovate.json5 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/renovate.json5 b/.github/renovate.json5
index 8b496e7..8e279e4 100644
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@@ -3,7 +3,7 @@
   extends: ["config:recommended"],
 
   // Commit author
-  gitAuthor: "eclipse-score-bot <score-bot@eclipse.com>",
+  gitAuthor: "eclipse-score-bot <score-bot@eclipse.org>",
 
   // Target following repositories
   repositories: [