D .github/dependabot.yml => .github/dependabot.yml +0 -99
@@ 1,99 0,0 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
-version: 2
-updates:
- - package-ecosystem: npm
- directory: '/'
- schedule:
- interval: weekly
- open-pull-requests-limit: 99
- allow:
- - dependency-type: direct
- ignore:
- # This version needs to match Rails major version, so stick to 6.x only
- - dependency-name: '@rails/ujs'
- versions:
- - '>= 7'
- # TODO: This requires code changes for migration
- - dependency-name: 'tesseract.js'
- versions:
- - '>= 3'
- # TODO: This version needs manual updates for breaking changes
- - dependency-name: 'react-hotkeys'
- versions:
- - '>= 2'
- # TODO: This version requires code changes
- - dependency-name: 'webpack-dev-server'
- versions:
- - '>= 4'
- # TODO: This version was ignored in https://github.com/mastodon/mastodon/pull/15238
- - dependency-name: 'webpack-cli'
- versions:
- - '>= 4'
-
- - package-ecosystem: bundler
- directory: '/'
- schedule:
- interval: weekly
- open-pull-requests-limit: 99
- allow:
- - dependency-type: direct
- ignore:
- # This version needs to match Rails major version, so stick to 6.x only
- - dependency-name: 'rails-i18n'
- versions:
- - '>= 7.0.0'
- # This version needs manual updates https://github.com/rails/sprockets/blob/master/UPGRADING.md#guide-to-upgrading-from-sprockets-3x-to-4x
- - dependency-name: 'sprockets'
- versions:
- - '>= 4.0.0'
- # This version needs manual updates https://github.com/rails/sprockets/blob/master/UPGRADING.md#guide-to-upgrading-from-sprockets-3x-to-4x
- - dependency-name: 'strong_migrations'
- versions:
- - '>= 1.0.0'
- # This version needs updates and to sync with sidekiq-unique-jobs
- - dependency-name: 'sidekiq'
- versions:
- - '>= 7.0.0'
- # This version needs updates and to sync with sidekiq
- - dependency-name: 'sidekiq-unique-jobs'
- versions:
- - '>= 8.0.0'
- # This version needs updates and to sync with sidekiq and sidekiq-unique-jobs
- - dependency-name: 'redis'
- versions:
- - '>= 5.0.0'
- # TODO: was ignored in https://github.com/mastodon/mastodon/pull/13964
- - dependency-name: 'fog-openstack'
- versions:
- - '>= 1.0.0'
- # sassc dependency issue tracked in https://github.com/BetterErrors/better_errors/issues/516
- - dependency-name: 'better_errors'
- versions:
- - '2.10.0'
-
- - package-ecosystem: github-actions
- directory: '/'
- schedule:
- interval: weekly
- open-pull-requests-limit: 99
- allow:
- - dependency-type: direct
-
- - package-ecosystem: docker
- directory: '/'
- schedule:
- interval: weekly
- open-pull-requests-limit: 99
- ignore:
- - dependency-name: 'moritzheiber/ruby-jemalloc'
- update-types:
- # only suggest patch releases for ruby and needs to sync with .ruby-version
- - 'version-update:semver-minor'
- - dependency-name: 'node'
- update-types:
- # only node minor releases allowed unless .nvmrc major is changed
- - 'version-update:semver-major'
A .github/renovate.json5 => .github/renovate.json5 +109 -0
@@ 0,0 1,109 @@
+{
+ $schema: 'https://docs.renovatebot.com/renovate-schema.json',
+ extends: [
+ 'config:base',
+ ':dependencyDashboard',
+ ':labels(dependencies)',
+ ':maintainLockFilesMonthly', // update non-direct dependencies monthly
+ ':prConcurrentLimit10', // only 10 open PRs at the same time
+ ],
+ stabilityDays: 3, // Wait 3 days after the package has been published before upgrading it
+ // packageRules order is important, they are applied from top to bottom and are merged,
+ // so for example grouping rules needs to be at the bottom
+ packageRules: [
+ {
+ // Ignore major version bumps for these node packages
+ matchManagers: ['npm'],
+ matchPackageNames: [
+ '@rails/ujs', // Needs to match the major Rails version
+ 'tesseract.js', // Requires code changes
+ 'react-hotkeys', // Requires code changes
+
+ // Requires Webpacker upgrade or replacement
+ '@types/webpack',
+ 'babel-loader',
+ 'compression-webpack-plugin',
+ 'css-loader',
+ 'imports-loader',
+ 'mini-css-extract-plugin',
+ 'postcss-loader',
+ 'sass-loader',
+ 'terser-webpack-plugin',
+ 'webpack',
+ 'webpack-assets-manifest',
+ 'webpack-bundle-analyzer',
+ 'webpack-dev-server',
+ 'webpack-cli',
+
+ // react-router: Requires manual upgrade
+ 'history',
+ 'react-router-dom',
+ ],
+ matchUpdateTypes: ['major'],
+ enabled: false,
+ },
+ {
+ // Ignore major version bumps for these Ruby packages
+ matchManagers: ['bundler'],
+ matchPackageNames: [
+ 'sprockets', // Requires manual upgrade https://github.com/rails/sprockets/blob/master/UPGRADING.md#guide-to-upgrading-from-sprockets-3x-to-4x
+ 'strong_migrations', // Requires manual upgrade
+ 'sidekiq', // Requires manual upgrade
+ 'sidekiq-unique-jobs', // Requires manual upgrades and sync with Sidekiq version
+ 'redis', // Requires manual upgrade and sync with Sidekiq version
+ 'fog-openstack', // TODO: was ignored in https://github.com/mastodon/mastodon/pull/13964
+
+ // Needs major Rails version bump
+ 'rack',
+ 'rails',
+ 'rails-i18n',
+ ],
+ matchUpdateTypes: ['major'],
+ enabled: false,
+ },
+ {
+ // Update Github Actions and Docker images weekly
+ matchManagers: ['github-actions', 'dockerfile', 'docker-compose'],
+ extends: ['schedule:weekly'],
+ },
+ {
+ // Ignore major & minor bumps for the ruby image, this needs to be synced with .ruby-version
+ matchManagers: ['dockerfile'],
+ matchPackageNames: ['moritzheiber/ruby-jemalloc'],
+ matchUpdateTypes: ['minor', 'major'],
+ enabled: false,
+ },
+ {
+ // Ignore major bump for the node image, this needs to be synced with .nvmrc
+ matchManagers: ['dockerfile'],
+ matchPackageNames: ['node'],
+ matchUpdateTypes: ['major'],
+ enabled: false,
+ },
+ {
+ // Ignore major postgres bumps in the docker-compose file, as those break dev environments
+ matchManagers: ['docker-compose'],
+ matchPackageNames: ['postgres'],
+ matchUpdateTypes: ['major'],
+ enabled: false,
+ },
+ {
+ // Update devDependencies every week, with one grouped PR
+ matchDepTypes: 'devDependencies',
+ matchUpdateTypes: ['patch', 'minor'],
+ excludePackageNames: [
+ 'typescript', // Typescript has many changes in minor versions, needs to be checked every time
+ ],
+ groupName: 'devDependencies (non-major)',
+ extends: ['schedule:weekly'],
+ },
+ {
+ // Update @types/* packages every week, with one grouped PR
+ matchPackagePrefixes: '@types/',
+ matchUpdateTypes: ['patch', 'minor'],
+ groupName: 'DefinitelyTyped types (non-major)',
+ extends: ['schedule:weekly'],
+ addLabels: ['typescript'],
+ },
+ ],
+}
M .github/workflows/lint-css.yml => .github/workflows/lint-css.yml +1 -0
@@ 3,6 3,7 @@ on:
push:
branches-ignore:
- 'dependabot/**'
+ - 'renovate/**'
paths:
- 'package.json'
- 'yarn.lock'
M .github/workflows/lint-haml.yml => .github/workflows/lint-haml.yml +1 -0
@@ 3,6 3,7 @@ on:
push:
branches-ignore:
- 'dependabot/**'
+ - 'renovate/**'
paths:
- '.github/workflows/haml-lint-problem-matcher.json'
- '.github/workflows/lint-haml.yml'
M .github/workflows/lint-js.yml => .github/workflows/lint-js.yml +1 -0
@@ 3,6 3,7 @@ on:
push:
branches-ignore:
- 'dependabot/**'
+ - 'renovate/**'
paths:
- 'package.json'
- 'yarn.lock'
M .github/workflows/lint-json.yml => .github/workflows/lint-json.yml +1 -0
@@ 3,6 3,7 @@ on:
push:
branches-ignore:
- 'dependabot/**'
+ - 'renovate/**'
paths:
- 'package.json'
- 'yarn.lock'
M .github/workflows/lint-md.yml => .github/workflows/lint-md.yml +1 -0
@@ 3,6 3,7 @@ on:
push:
branches-ignore:
- 'dependabot/**'
+ - 'renovate/**'
paths:
- '.github/workflows/lint-md.yml'
- '.nvmrc'
M .github/workflows/lint-ruby.yml => .github/workflows/lint-ruby.yml +1 -0
@@ 3,6 3,7 @@ on:
push:
branches-ignore:
- 'dependabot/**'
+ - 'renovate/**'
paths:
- 'Gemfile*'
- '.rubocop*.yml'
M .github/workflows/lint-yml.yml => .github/workflows/lint-yml.yml +1 -0
@@ 3,6 3,7 @@ on:
push:
branches-ignore:
- 'dependabot/**'
+ - 'renovate/**'
paths:
- 'package.json'
- 'yarn.lock'
M .github/workflows/rebase-needed.yml => .github/workflows/rebase-needed.yml +2 -0
@@ 4,10 4,12 @@ on:
push:
branches-ignore:
- 'dependabot/**'
+ - 'renovate/**'
- 'l10n_main'
pull_request_target:
branches-ignore:
- 'dependabot/**'
+ - 'renovate/**'
- 'l10n_main'
types: [synchronize]
M .github/workflows/test-js.yml => .github/workflows/test-js.yml +1 -0
@@ 3,6 3,7 @@ on:
push:
branches-ignore:
- 'dependabot/**'
+ - 'renovate/**'
paths:
- 'package.json'
- 'yarn.lock'
M .github/workflows/test-migrations-one-step.yml => .github/workflows/test-migrations-one-step.yml +1 -0
@@ 3,6 3,7 @@ on:
push:
branches-ignore:
- 'dependabot/**'
+ - 'renovate/**'
pull_request:
jobs:
M .github/workflows/test-migrations-two-step.yml => .github/workflows/test-migrations-two-step.yml +1 -0
@@ 3,6 3,7 @@ on:
push:
branches-ignore:
- 'dependabot/**'
+ - 'renovate/**'
pull_request:
jobs:
M .github/workflows/test-ruby.yml => .github/workflows/test-ruby.yml +1 -0
@@ 4,6 4,7 @@ on:
push:
branches-ignore:
- 'dependabot/**'
+ - 'renovate/**'
pull_request:
env: