|
1 | 1 | { |
2 | | - $schema: 'https://docs.renovatebot.com/renovate-schema.json', |
3 | | - extends: ['mergeConfidence:all-badges', 'group:monorepos'], |
| 2 | + $schema: "https://docs.renovatebot.com/renovate-schema.json", |
| 3 | + extends: ["mergeConfidence:all-badges", "group:monorepos"], |
4 | 4 | dependencyDashboard: true, |
5 | | - rangeStrategy: 'replace', |
| 5 | + rangeStrategy: "replace", |
6 | 6 | automerge: false, |
7 | 7 |
|
8 | 8 | // Schedule Renovate to run during off-peak hours |
9 | 9 | schedule: [ |
10 | | - 'after 6am on Monday, Thurday, Friday', |
11 | | - 'before 12pm on Monday, Thurday, Friday', |
| 10 | + "after 6am on Monday, Thurday, Friday", |
| 11 | + "before 12pm on Monday, Thurday, Friday", |
12 | 12 | ], |
13 | 13 |
|
14 | 14 | prConcurrentLimit: 8, |
15 | 15 | prHourlyLimit: 4, |
16 | | - timezone: 'Europe/Rome', |
| 16 | + timezone: "Europe/Rome", |
17 | 17 |
|
18 | 18 | // Commit and PR customization |
19 | | - commitBody: 'See associated pull request for more information.', |
20 | | - semanticCommits: 'enabled', |
21 | | - semanticCommitScope: '', |
22 | | - semanticCommitType: 'build', |
23 | | - labels: ['area: build & ci', 'action: merge', 'target: automation'], |
| 19 | + commitBody: "See associated pull request for more information.", |
| 20 | + semanticCommits: "enabled", |
| 21 | + semanticCommitScope: "", |
| 22 | + semanticCommitType: "build", |
| 23 | + labels: ["area: build & ci", "action: merge", "target: automation"], |
24 | 24 |
|
25 | 25 | lockFileMaintenance: { |
26 | 26 | enabled: true, |
27 | | - "schedule": ["before 4am on Tuesday"], |
| 27 | + schedule: ["before 4am on Tuesday"], |
28 | 28 | }, |
29 | 29 |
|
30 | 30 | // Feature disabled: permission to enable vulnerability alerts is not granted |
31 | 31 | osvVulnerabilityAlerts: true, |
32 | | - vulnerabilityAlerts: { |
| 32 | + vulnerabilityAlerts: { |
33 | 33 | enabled: true, |
34 | 34 | }, |
35 | 35 |
|
36 | 36 | // Ignored dependencies in all repositories |
37 | 37 | ignoreDeps: [ |
38 | | - 'rules_pkg', |
39 | | - 'yarn', // Yarn is copied locally in all repositories where needed. |
| 38 | + "rules_pkg", |
| 39 | + "yarn", // Yarn is copied locally in all repositories where needed. |
40 | 40 | ], |
41 | 41 |
|
42 | 42 | packageRules: [ |
|
50 | 50 | { |
51 | 51 | postUpgradeTasks: { |
52 | 52 | commands: [ |
53 | | - 'git restore .npmrc || true', // In case `.npmrc` avoid a hard error. |
54 | | - 'bazel mod deps --lockfile_mode=update', |
| 53 | + "git restore .npmrc || true", // In case `.npmrc` avoid a hard error. |
| 54 | + "bazel mod deps --lockfile_mode=update", |
55 | 55 | ], |
56 | 56 | // This is theory should be `branch` but in some cases this is causing the command not to |
57 | 57 | // run when in the same branch there are mixtures of update types by different managers. |
58 | | - executionMode: 'update', |
| 58 | + executionMode: "update", |
59 | 59 | }, |
60 | | - matchManagers: ['bazel', 'bazel-module', 'bazelisk'], |
| 60 | + matchManagers: ["bazel", "bazel-module", "bazelisk"], |
61 | 61 | }, |
62 | 62 |
|
63 | 63 | // Rule to disable NPM updates on branches other than 'main'. |
64 | 64 | // But allow updating engines and packageManagers. |
65 | 65 | { |
66 | 66 | enabled: false, |
67 | | - matchBaseBranches: ['!main'], |
68 | | - matchDepNames: ['!node', '!pnpm', '!npm', '!yarn'], |
69 | | - matchManagers: ['npm'], |
| 67 | + matchBaseBranches: ["!main"], |
| 68 | + matchDepNames: ["!node", "!pnpm", "!npm", "!yarn"], |
| 69 | + matchManagers: ["npm"], |
70 | 70 | }, |
71 | 71 |
|
72 | 72 | // Group all non-major dependencies together for updates. |
73 | 73 | { |
74 | | - groupName: 'all non-major dependencies', |
75 | | - matchDepNames: ['*', '!node', '!pnpm', '!npm', '!yarn'], |
76 | | - matchUpdateTypes: ['digest', 'patch', 'minor'], |
77 | | - matchManagers: ['npm'], |
| 74 | + groupName: "all non-major dependencies", |
| 75 | + matchDepNames: ["*", "!node", "!pnpm", "!npm", "!yarn"], |
| 76 | + matchUpdateTypes: ["digest", "patch", "minor"], |
| 77 | + matchManagers: ["npm"], |
78 | 78 | }, |
79 | 79 |
|
80 | 80 | // ============================================================================ |
|
83 | 83 | // Delay NPM updates to mitigate dependency chain attacks by malicious actors. |
84 | 84 | // This rule only affects direct dependencies. |
85 | 85 | { |
86 | | - minimumReleaseAge: '1 day', |
87 | | - matchManagers: ['npm'], |
| 86 | + minimumReleaseAge: "1 day", |
| 87 | + matchManagers: ["npm"], |
88 | 88 | }, |
89 | 89 |
|
90 | 90 | // Group Bazel updates |
91 | 91 | { |
92 | | - groupName: 'bazel dependencies', |
93 | | - matchManagers: ['bazel', 'bazel-module'], |
| 92 | + groupName: "bazel dependencies", |
| 93 | + matchManagers: ["bazel", "bazel-module"], |
94 | 94 | }, |
95 | 95 |
|
96 | 96 | // Group GitHub Actions workflow |
97 | 97 | { |
98 | | - groupName: 'all github actions', |
99 | | - matchManagers: ['github-actions'], |
| 98 | + groupName: "all github actions", |
| 99 | + matchManagers: ["github-actions"], |
100 | 100 | }, |
101 | 101 |
|
102 | 102 | // ============================================================================ |
|
106 | 106 | // Group updates related to Angular ecosystem across repositories |
107 | 107 | { |
108 | 108 | enabled: true, // Enable NPM updates of cross-repo dependencies on all branches. |
109 | | - groupName: 'cross-repo angular dependencies', |
110 | | - followTag: 'next', |
| 109 | + groupName: "cross-repo angular dependencies", |
| 110 | + followTag: "next", |
111 | 111 | minimumReleaseAge: null, |
112 | 112 | separateMajorMinor: false, |
113 | | - schedule: ['* 0-22/2 * * *'], // Every minute, every 2 hours |
| 113 | + // schedule: ["* 0-22/2 * * *"], // Every minute, every 2 hours |
114 | 114 | matchPackageNames: [ |
115 | | - '@angular-devkit/**', |
116 | | - '@angular/**', |
117 | | - '@schematics/**', |
118 | | - 'angular/**', |
119 | | - 'ng-packagr', |
| 115 | + "@angular-devkit/**", |
| 116 | + "@angular/**", |
| 117 | + "@schematics/**", |
| 118 | + "angular/**", |
| 119 | + "ng-packagr", |
120 | 120 | ], |
121 | 121 | }, |
122 | 122 |
|
123 | 123 | // @angular/benchpress is not released as 'next' |
124 | 124 | { |
125 | 125 | followTag: null, |
126 | | - matchDepNames: ['@angular/benchpress'], |
| 126 | + matchDepNames: ["@angular/benchpress"], |
127 | 127 | }, |
128 | 128 |
|
129 | 129 | // Disable 'next' tag tracking on non-main branches |
130 | 130 | { |
131 | | - matchBaseBranches: ['!main'], |
| 131 | + matchBaseBranches: ["!main"], |
132 | 132 | followTag: null, |
133 | 133 | }, |
134 | 134 |
|
135 | 135 | // Keep minor and patch updates separate for TypeScript |
136 | 136 | { |
137 | | - matchDepNames: ['typescript'], |
| 137 | + matchDepNames: ["typescript"], |
138 | 138 | separateMinorPatch: true, |
139 | 139 | }, |
140 | 140 |
|
141 | 141 | // Group TypeScript-related packages |
142 | 142 | { |
143 | | - groupName: 'typescript dependencies', |
144 | | - matchDepNames: ['typescript', 'tslib'], |
| 143 | + groupName: "typescript dependencies", |
| 144 | + matchDepNames: ["typescript", "tslib"], |
145 | 145 | }, |
146 | 146 |
|
147 | 147 | // Limit how many times these packages get updated (They deploy each merged PR) |
148 | 148 | { |
149 | 149 | matchDepNames: [ |
150 | | - 'github/codeql-action', |
151 | | - 'google-closure-compiler', |
152 | | - 'quicktype-core', |
153 | | - 'renovate', |
| 150 | + "github/codeql-action", |
| 151 | + "google-closure-compiler", |
| 152 | + "quicktype-core", |
| 153 | + "renovate", |
154 | 154 | ], |
155 | | - schedule: ['on sunday and wednesday'], |
| 155 | + schedule: ["on sunday and wednesday"], |
156 | 156 | }, |
157 | 157 |
|
158 | 158 | // ============================================================================ |
|
162 | 162 | // Disable updates for placeholder or 0.0.0-style versions |
163 | 163 | { |
164 | 164 | enabled: false, |
165 | | - matchCurrentVersion: '/^[~^]?0\\.0\\.0-/', |
| 165 | + matchCurrentVersion: "/^[~^]?0\\.0\\.0-/", |
166 | 166 | }, |
167 | 167 |
|
168 | 168 | // Disable major updates for specified dependencies |
169 | 169 | { |
170 | 170 | enabled: false, |
171 | 171 | matchDepNames: [ |
172 | | - '@types/node', |
173 | | - 'node', |
174 | | - 'bazel', // bazelisk bazel version |
175 | | - 'npm', |
176 | | - 'rxjs', |
177 | | - 'tslib', |
178 | | - 'yarn', |
| 172 | + "@types/node", |
| 173 | + "node", |
| 174 | + "bazel", // bazelisk bazel version |
| 175 | + "npm", |
| 176 | + "rxjs", |
| 177 | + "tslib", |
| 178 | + "yarn", |
179 | 179 | ], |
180 | | - matchUpdateTypes: ['major'], |
| 180 | + matchUpdateTypes: ["major"], |
181 | 181 | }, |
182 | 182 |
|
183 | 183 | // Disable TypeScript major and minor updates |
184 | 184 | { |
185 | 185 | enabled: false, |
186 | | - matchDepNames: ['typescript'], |
187 | | - matchUpdateTypes: ['major', 'minor'], |
| 186 | + matchDepNames: ["typescript"], |
| 187 | + matchUpdateTypes: ["major", "minor"], |
188 | 188 | }, |
189 | 189 |
|
190 | 190 | // Rule to disable major updates on branches other than 'main'. |
191 | 191 | { |
192 | 192 | enabled: false, |
193 | | - matchBaseBranches: ['!main'], |
194 | | - matchUpdateTypes: ['major'], |
| 193 | + matchBaseBranches: ["!main"], |
| 194 | + matchUpdateTypes: ["major"], |
195 | 195 | }, |
196 | 196 |
|
197 | 197 | // TODO(alanagius): delete the below rule once RC branch is `21.0.x` |
198 | 198 | // Temporary disable updates of `rules_angular` on non main branches due to the APF breaking change |
199 | 199 | // See: https://github.com/devversion/rules_angular/pull/63 |
200 | 200 | { |
201 | 201 | enabled: false, |
202 | | - matchBaseBranches: ['!main'], |
203 | | - matchDepNames: ['rules_angular'], |
| 202 | + matchBaseBranches: ["!main"], |
| 203 | + matchDepNames: ["rules_angular"], |
204 | 204 | }, |
205 | 205 | ], |
206 | 206 | } |
0 commit comments