renovatebot/.profile
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Renovate Bot 1240a8d7b5
Initialized profile page
2025-04-22 12:30:27 +00:00
README.md
Initialized profile page
2025-04-22 12:30:27 +00:00

README.md

🤖 Renovate Bot

Welcome! This is the dedicated account that powers Renovate Bot on our selfhosted Gitea instance.
Its sole mission: keep our dependencies up to date, consistent, and secure—so you can focus on writing code rather than chasing version bumps.

What Renovate Does

📦 Detects dependencies in supported files (e.g. package.json, pom.xml, Dockerfile, go.mod, etc.)
🔎 Checks upstream registries for new releases, security patches, and licensing changes
🛠 Opens pull requests with version updates, changelogs, and automated release notes
🚦 Groups or rebases PRs to respect repository rules, semanticversioning, your schedule, and config

Typical Pull Request Anatomy

renovate/<package-name>-<new-version>
│
├─ 📄  commit: build(deps): update <package> to <new-version>
├─ 📝  PR body: changelogextract, release notes, breakingchange highlights
└─ 🔖  labels: dependencies • renovate • ❗ major (if semvermajor)

Headsup: The branch naming and commit convention above is standard but can be adjusted in repositorylevel config.

Interacting With the Bot

Action How
Merge or close Treat Renovate PRs like any other. Fastforward merges are preferred to keep history clean.
Rerun a failed PR Comment @renovate-bot rebase or @renovate-bot recreate on the PR.
Pause updates Add the label renovateignore or set "enabled": false in renovate.json.
Schedule batches Define schedule: "before 05:00 on monday" etc. in your config.
Group deps Use "packageRules" with a groupName key to bundle related packages.

QuickStart: PerRepo Config

Create a renovate.json at the repository root (or inherit from a preset) – for example:

{
  "extends": ["config:base"],
  "dependencyDashboard": true,
  "schedule": ["before 06:00 on monday"],
  "packageRules": [
    {
      "matchUpdateTypes": ["major"],
      "automerge": false,
      "labels": ["❗major"]
    }
  ]
}

Need more? Consult the official docs: https://docs.renovatebot.com/.

Security & Trust

  • Runs in our private CI and never executes dependency code—only updates manifest files.
  • Auth tokens are scoped to the minimal permissions required (read code, write PRs, no direct pushes to default branch).
  • Changelogs are included so you can audit releases before merging.

FAQs

  • Why so many PRs?
    Tune schedule, enable grouping, or raise thresholds in your renovate.json.

  • The update breaks my build.
    Close the PR and add a pin/range in your manifest, or configure Renovate to ignore that dependency version.

  • Can I opt-out completely?
    Yes—set "enabled": false in your repo config or ask the DevOps team to disable the repo.

Maintainer & Support

  • Primary contact: DevOps / Platform Team (contact@morlana.net)
  • Emergency stop: remove Renovate from the repo permissions, then ping DevOps.

Happy automated upgrading!
Renovate Bot 🤖

Description
Renovate Bot Profile Page
Readme 27 KiB