chore: set up Renovate for dependency updates [MEC-3447]#2331
Open
contentful-renovate-rollout[bot] wants to merge 1 commit into
Open
chore: set up Renovate for dependency updates [MEC-3447]#2331contentful-renovate-rollout[bot] wants to merge 1 commit into
contentful-renovate-rollout[bot] wants to merge 1 commit into
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Sets up Renovate as the dependency-update tool for this repository, part of an org-wide rollout.
Depending on this repo's starting state, this PR does some of the following:
renovate.jsonextending the Contentful shared presetpackageRuleswhere still needed, and removes Dependabot-only automation and secret policiesManual follow-up (not handled by this PR):
Migration Confidence: 🟡 Medium
Summary
Migrated from Dependabot to Renovate: added renovate.json extending the correct shared preset (local>contentful/renovate-config), deleted .github/dependabot.yml and the dependabot-approve-and-request-merge workflow, removed the dependabot vault policy, and updated CONTRIBUTING.md. The renovate.json goes beyond the minimal extends-only config by porting over the Dependabot-specific ignore rules (husky, figures, bfj, semantic-release major versions) and dependency grouping (production/dev minor+patch groups) — a judgment call not explicitly specified by the migration prompt, since a different developer might have relied entirely on the shared preset defaults.
Files requiring attention
The following files had edge cases or required judgment during migration and should be reviewed carefully:
renovate.json