renovatebot/.profile
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
.profile/README.md

96 lines
3.3 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 🤖 Renovate Bot
Welcome! This is the dedicated account that powers **Renovate Bot** on our selfhosted Gitea instance.
Its sole mission: keep our dependencies up to date, consistent, and secure—so you can focus on writing code rather than chasing version bumps.
---
## What Renovate Does
| 📦 | **Detects dependencies** in supported files (e.g. `package.json`, `pom.xml`, `Dockerfile`, `go.mod`, etc.) |
|----|-------------------------------------------------------------------------------------------------------------|
| 🔎 | **Checks upstream registries** for new releases, security patches, and licensing changes |
| 🛠 | **Opens pull requests** with version updates, changelogs, and automated release notes |
| 🚦 | **Groups or rebases PRs** to respect repository rules, semanticversioning, your schedule, and config |
---
## Typical Pull Request Anatomy
```
renovate/<package-name>-<new-version>
├─ 📄  commit: build(deps): update <package> to <new-version>
├─ 📝  PR body: changelogextract, release notes, breakingchange highlights
└─ 🔖  labels: dependencies • renovate • ❗ major (if semvermajor)
```
**Headsup:** The branch naming and commit convention above is standard but can be adjusted in repositorylevel config.
---
## Interacting With the Bot
| Action | How |
|--------|-----|
| **Merge or close** | Treat Renovate PRs like any other. Fastforward merges are preferred to keep history clean. |
| **Rerun a failed PR** | Comment `@renovate-bot rebase` or `@renovate-bot recreate` on the PR. |
| **Pause updates** | Add the label `renovateignore` **or** set `"enabled": false` in `renovate.json`. |
| **Schedule batches** | Define `schedule`: `"before 05:00 on monday"` etc. in your config. |
| **Group deps** | Use `"packageRules"` with a `groupName` key to bundle related packages. |
---
## QuickStart: PerRepo Config
Create a **`renovate.json`** at the repository root (or inherit from a preset)  for example:
```jsonc
{
"extends": ["config:base"],
"dependencyDashboard": true,
"schedule": ["before 06:00 on monday"],
"packageRules": [
{
"matchUpdateTypes": ["major"],
"automerge": false,
"labels": ["❗major"]
}
]
}
```
*Need more?* Consult the official docs: <https://docs.renovatebot.com/>.
---
## Security & Trust
* Runs in our private CI and never executes dependency code—only updates manifest files.
* Auth tokens are scoped to the minimal permissions required (read code, write PRs, no direct pushes to default branch).
* Changelogs are included so you can audit releases before merging.
---
## FAQs
* **Why so many PRs?**
Tune `schedule`, enable grouping, or raise thresholds in your `renovate.json`.
* **The update breaks my build.**
Close the PR and add a pin/range in your manifest, or configure Renovate to ignore that dependency version.
* **Can I opt-out completely?**
Yes—set `"enabled": false` in your repo config or ask the DevOps team to disable the repo.
---
## Maintainer & Support
* Primary contact: **DevOps / Platform Team** (`contact@morlana.net`)
* Emergency stop: remove Renovate from the repo permissions, then ping DevOps.
> **Happy automated upgrading!**
> Renovate Bot 🤖
```
Reference in New Issue View Git Blame Copy Permalink