Add GOPRIVATE to renovate-config.json#15
Merged
Conversation
This makes sure any go module in our org is fetched direct rather than through the public module proxy. GOPRIVATE should be permitted here according to renovatebot/renovate#40041
bryanbeverly
added a commit
to trufflesecurity/helm-charts
that referenced
this pull request
Jun 12, 2026
## Summary Bumps the shared Renovate config preset from `v1.0.1` to `v1.0.2`. ### What's in v1.0.2 - Adds `GOPRIVATE=github.com/trufflesecurity/*` via the `env` config key, so Renovate's Go toolchain resolves private org modules directly instead of through the public module proxy ([.github#15](trufflesecurity/.github#15)) Without this, Renovate's `go get` fails when updating dependencies in repos that import private `trufflesecurity/*` Go modules (e.g., `interservice-contracts`, `common`). ## Test plan - [x] CI passes - [ ] On next Renovate run, verify artifact update errors for private Go modules are resolved Made with [Cursor](https://cursor.com) <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Single-line config reference change with no application or security logic touched. > > **Overview** > **Renovate preset bump** from `v1.0.1` to `v1.0.2` in `.github/renovate.json`, pulling in the shared org config that sets `GOPRIVATE=github.com/trufflesecurity/*` so Renovate’s Go updates can resolve private `trufflesecurity/*` modules instead of failing on the public proxy. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 947b58a. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Cursor <cursoragent@cursor.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This makes sure any go module in our org is fetched direct rather than through the public module proxy.
GOPRIVATE should be permitted here according to renovatebot/renovate#40041
Note
Low Risk
Dependency-bot configuration only; no application runtime or auth logic changes.
Overview
Renovate’s shared config now sets
GOPRIVATEtogithub.com/trufflesecurity/*so private org Go modules are resolved directly instead of via the public module proxy when Renovate runs Go-related updates (e.g. with existinggomodTidypost-update options).The diff also fixes
packageRulesJSON closing syntax (]→],) before the new top-levelenvblock.Reviewed by Cursor Bugbot for commit ffee775. Bugbot is set up for automated code reviews on this repo. Configure here.