From 191cb6546308c56b75f226622b719607435dd7cd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 8 May 2026 16:32:31 +0000 Subject: [PATCH 1/2] Add renovate.json --- renovate.json | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 renovate.json diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..5db72dd --- /dev/null +++ b/renovate.json @@ -0,0 +1,6 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:recommended" + ] +} From 8a953001bb5e41a714941c1a6b79e8cf3e6988c9 Mon Sep 17 00:00:00 2001 From: A Ibrahim Date: Sat, 9 May 2026 16:05:49 +0200 Subject: [PATCH 2/2] ci(repo): tune Renovate config and drop changeset gate Renovate config: - Group related ecosystems so we get one PR per ecosystem instead of per package: aws-sdk (sdk + crypto + smithy), changesets, commitlint, biome, react (peer + test deps), keyv, github-actions, pnpm. - Auto-merge devDependency patches/minors, GitHub Actions patches/minors, and weekly lockfile maintenance. - Schedule weekly with prHourlyLimit=4 and prConcurrentLimit=10; security alerts override the schedule. - Throttle major-version updates to every two weeks so we batch them instead of getting one every Monday. - Run weekly lockfile maintenance Mondays before 6am; pnpmDedupe after every update. - Use semantic commit scope `deps` (matches our commitlint scope rule). Workflow tweaks: - Drop the explicit `version: 10.33.4` from pnpm/action-setup in pr.yaml and release.yaml. The action reads `package.json#packageManager` automatically, so the pnpm version now lives in exactly one place. - Drop the changeset gate from pr.yaml. The gate's purpose was to force every package change to declare its own release; we'll rely on PR review to ensure changesets are added when needed instead. This also removes the need for a Renovate-PR auto-changeset workflow. Assisted-by: Claude Opus 4.7 (1M context) via Claude Code Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/pr.yaml | 15 ----- .github/workflows/release.yaml | 2 - renovate.json | 101 ++++++++++++++++++++++++++++++++- 3 files changed, 100 insertions(+), 18 deletions(-) diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 640019b..94042f9 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -15,8 +15,6 @@ jobs: ref: ${{ github.head_ref }} - uses: pnpm/action-setup@v4 - with: - version: 10.33.4 - uses: actions/setup-node@v4 with: @@ -42,16 +40,3 @@ jobs: TIGRIS_STORAGE_SECRET_ACCESS_KEY: ${{ secrets.TIGRIS_STORAGE_SECRET_ACCESS_KEY }} TIGRIS_STORAGE_ENDPOINT: ${{ secrets.TIGRIS_STORAGE_ENDPOINT }} run: pnpm -r --if-present run test - - - name: Detect package changes - id: pkg-changed - run: | - if git diff --name-only origin/main...HEAD | grep -qE '^(packages/|shared/)'; then - echo "changed=true" >> "$GITHUB_OUTPUT" - else - echo "changed=false" >> "$GITHUB_OUTPUT" - fi - - - name: Verify changeset present - if: steps.pkg-changed.outputs.changed == 'true' - run: pnpm changeset status --since=origin/main diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 57fe4f2..a6ca657 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -23,8 +23,6 @@ jobs: fetch-depth: 0 - uses: pnpm/action-setup@v4 - with: - version: 10.33.4 - uses: actions/setup-node@v4 with: diff --git a/renovate.json b/renovate.json index 5db72dd..013ef55 100644 --- a/renovate.json +++ b/renovate.json @@ -1,6 +1,105 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ - "config:recommended" + "config:recommended", + ":semanticCommitScope(deps)", + ":maintainLockFilesWeekly", + "schedule:weekly" + ], + "prHourlyLimit": 4, + "prConcurrentLimit": 10, + "rebaseWhen": "behind-base-branch", + "dependencyDashboard": true, + "osvVulnerabilityAlerts": true, + "vulnerabilityAlerts": { + "schedule": ["at any time"] + }, + "lockFileMaintenance": { + "enabled": true, + "schedule": ["before 6am on monday"] + }, + "postUpdateOptions": ["pnpmDedupe"], + "packageRules": [ + { + "description": "Throttle major-version updates to every two weeks", + "matchUpdateTypes": ["major"], + "schedule": ["every 2 weeks on monday before 6am"] + }, + { + "description": "Group AWS SDK + S3 + Smithy ecosystem into one PR", + "matchPackageNames": [ + "/^@aws-sdk\\//", + "/^@aws-crypto\\//", + "/^@smithy\\//" + ], + "groupName": "aws-sdk" + }, + { + "description": "Group Changesets tooling", + "matchPackageNames": ["/^@changesets\\//"], + "groupName": "changesets" + }, + { + "description": "Group commitlint + commitizen", + "matchPackageNames": [ + "commitizen", + "cz-conventional-changelog", + "/^@commitlint\\//" + ], + "groupName": "commitlint" + }, + { + "description": "Group Biome", + "matchPackageNames": ["/^@biomejs\\//"], + "groupName": "biome" + }, + { + "description": "Group React ecosystem (peer + test deps)", + "matchPackageNames": [ + "react", + "react-dom", + "@types/react", + "@types/react-dom", + "@testing-library/react", + "@testing-library/jest-dom", + "jsdom" + ], + "groupName": "react" + }, + { + "description": "Group Keyv", + "matchPackageNames": ["keyv", "/^@keyv\\//"], + "groupName": "keyv" + }, + { + "description": "Group all GitHub Actions into one PR", + "matchManagers": ["github-actions"], + "groupName": "github-actions" + }, + { + "description": "Group pnpm bumps (packageManager field + workflows)", + "matchPackageNames": ["pnpm"], + "groupName": "pnpm" + }, + { + "description": "Auto-merge devDependency patches and minors after CI passes", + "matchDepTypes": ["devDependencies"], + "matchUpdateTypes": ["patch", "minor"], + "automerge": true, + "automergeType": "pr" + }, + { + "description": "Auto-merge GitHub Actions patches and minors", + "matchManagers": ["github-actions"], + "matchUpdateTypes": ["patch", "minor"], + "automerge": true, + "automergeType": "pr" + }, + { + "description": "Auto-merge weekly lockfile maintenance", + "matchUpdateTypes": ["lockFileMaintenance"], + "automerge": true, + "automergeType": "pr" + } ] }