canonical · lengau · Aug 16, 2024 · Aug 8, 2024 · Aug 9, 2024 · Aug 14, 2024
diff --git a/.github/renovate.json5 b/.github/renovate.json5
@@ -1,26 +1,28 @@
 {
   // Configuration file for RenovateBot: https://docs.renovatebot.com/configuration-options
-  extends: ["config:base"],
+  extends: ["config:recommended", ":semanticCommitTypeAll(build)"],
   ignoreDeps: [
     // Each ignore is probably connected with an ignore in pyproject.toml.
     // Ensure you change this and those simultaneously.
     "urllib3",
     "windows",  // We'll update Windows versions manually.
   ],
   labels: ["dependencies"],  // For convenient searching in GitHub
+  baseBranches: ["$default", "/^hotfix\\/.*/"],
   pip_requirements: {
     fileMatch: ["^tox.ini$", "(^|/)requirements([\\w-]*)\\.txt$", "^.pre-commit-config.yaml$"]
   },
    packageRules: [
     {
       // Internal package minor patch updates get top priority, with auto-merging
-      groupName: "internal package patch releases",
+      groupName: "internal package minor releases",
       matchPackagePatterns: ["^craft-.*"],
       matchUpdateTypes: ["minor", "patch", "pin", "digest"],
       prPriority: 10,
       automerge: true,
       minimumReleaseAge: "0 seconds",
       schedule: ["at any time"],
+      matchBaseBranches: ["$default"],  // Only do minor releases on main
     },
     {
       // Same as above, but for hotfix branches, only for patch, and without auto-merging.
@@ -30,23 +32,24 @@
       prPriority: 10,
       minimumReleaseAge: "0 seconds",
       schedule: ["at any time"],
-      matchBaseBranches: ["/^hotfix/.*/"],  // All hotfix branches
+      matchBaseBranches: ["/^hotfix\\/.*/"],  // All hotfix branches
     },
     {
       // Automerge patches, pin changes and digest changes.
       // Also groups these changes together.
       groupName: "bugfixes",
-      excludePackagePrefixes: ["lint", "types"],
+      excludeDepPatterns: ["lint/.*", "types/.*"],
       matchUpdateTypes: ["patch", "pin", "digest"],
       prPriority: 3, // Patches should go first!
       automerge: true
     },
     {
       // Update all internal packages in one higher-priority PR
       groupName: "internal packages",
-      matchPackagePrefixes: ["craft-", "snap-"],
-      matchLanguages: ["python"],
-      prPriority: 2
+      matchDepPatterns: ["craft-.*", "snap-.*"],
+      matchCategories: ["python"],
+      prPriority: 2,
+      matchBaseBranches: ["$default"],  // Not for hotfix branches
     },
     {
       // GitHub Actions are higher priority to update than most dependencies since they don't tend to break things.
@@ -65,26 +68,32 @@
       // Minor changes can be grouped and automerged for dev dependencies, but are also deprioritised.
       groupName: "development dependencies (non-major)",
       groupSlug: "dev-dependencies",
-      matchPackagePrefixes: [
-        "dev",
-        "lint",
-        "types"
+      matchDepPatterns: [
+        "dev/.*",
+        "lint/.*",
+        "types/.*"
       ],
       matchPackagePatterns: [
-        // Generated from the dependency dashboard, may not be complete.
+        // Brought from charmcraft. May not be complete.
+        // This helps group dependencies in requirements-dev.txt files.
         "^(.*/)?autoflake$",
         "^(.*/)?black$",
+        "^(.*/)?codespell$",
+        "^(.*/)?coverage$",
         "^(.*/)?flake8$",
         "^(.*/)?hypothesis$",
+        "^(.*/)?mypy$",
         "^(.*/)?pycodestyle$",
+        "^(.*/)?docstyle$",
         "^(.*/)?pyfakefs$",
         "^(.*/)?pyflakes$",
         "^(.*/)?pylint$",
         "^(.*/)?pytest",
         "^(.*/)?responses$",
         "^(.*/)?ruff$",
         "^(.*/)?twine$",
-        "^(.*/)?types-"
+        "^(.*/)?tox$",
+        "^(.*/)?types-",
       ],
       matchUpdateTypes: ["minor", "patch", "pin", "digest"],
       prPriority: -1,
@@ -96,12 +105,14 @@
       groupSlug: "doc-dependencies",
       matchPackageNames: ["Sphinx", "furo"],
       matchPackagePatterns: ["[Ss]phinx.*$"],
-      matchPackagePrefixes: ["docs"],
+      matchDepPatterns: ["docs/.*"],
+      matchBaseBranches: ["$default"],  // Not for hotfix branches
     },
     {
-          // Other major dependencies get deprioritised below minor dev dependencies.
+      // Other major dependencies get deprioritised below minor dev dependencies.
       matchUpdateTypes: ["major"],
-      prPriority: -2
+      prPriority: -2,
+      matchBaseBranches: ["$default"],  // Not for hotfix branches
     },
     {
       // Major dev dependencies are stone last, but grouped.
@@ -110,6 +121,7 @@
       matchDepTypes: ["devDependencies"],
       matchUpdateTypes: ["major"],
       prPriority: -3,
+      matchBaseBranches: ["$default"],  // Not for hotfix branches
       matchPackagePatterns: [
         // Generated from the dependency dashboard, may not be complete.
         "^(.*/)?autoflake$",
@@ -125,19 +137,21 @@
         "^(.*/)?ruff$",
         "^(.*/)?twine$",
         "^(.*/)?types-"
-      ]
+      ],
     },
     {
       // Pyright makes regular breaking changes in patch releases, so we separate these
       // and do them independently.
-      matchPackageNames: ["pyright"],
-      prPriority: -4
+      matchPackageNames: ["pyright", "types/pyright"],
+      prPriority: -4,
+      matchBaseBranches: ["$default"],  // Not for hotfix branches
     }
   ],
-  regexManagers: [
+  customManagers: [
     {
       // tox.ini can get updates too if we specify for each package.
       fileMatch: ["tox.ini"],
+      customType: "regex",
       depTypeTemplate: "devDependencies",
       matchStrings: [
         "# renovate: datasource=(?<datasource>\\S+)\n\\s+(?<depName>.*?)(\\[[\\w]*\\])*[=><]=?(?<currentValue>.*?)\n"
@@ -146,9 +160,11 @@
     {
       // .pre-commit-config.yaml version updates
       fileMatch: [".pre-commit-config.yaml"],
-      depTypeTemplate: "devDependencies",
+      customType: "regex",
+      datasourceTemplate: "pypi",
+      depTypeTemplate: "lint",
       matchStrings: [
-        "# renovate: datasource=(?<datasource>\\S+);\\s*depName=(?<depName>.*?)\n\s+rev: \"v?(?<currentValue>.*?)\""
+        "- repo: .*/<(?<depName>\\S+)\\s*\\n\\s*rev:\s+\"?v?(?<currentValue>\\S*)\"?",
       ]
     }
   ],
@@ -159,7 +175,7 @@
   prCreation: "not-pending", // Wait until status checks have completed before raising the PR
   prNotPendingHours: 4, // ...unless the status checks have been running for 4+ hours.
   prHourlyLimit: 1, // No more than 1 PR per hour.
-  stabilityDays: 2, // Wait 2 days from release before updating.
+  minimumReleaseAge: "2 days",
   automergeStrategy: "squash", // Squash & rebase when auto-merging.
   semanticCommitType: "build"  // use `build` as commit header type (i.e. `build(deps): <description>`)
 }
diff --git a/.github/workflows/check-renovate.yaml b/.github/workflows/check-renovate.yaml
@@ -0,0 +1,40 @@
+name: Renovate check
+on:
+  pull_request:
+    paths:
+      - ".github/workflows/check-renovate.yaml"
+      - ".github/renovate.json5"
+
+  # Allows triggering the workflow manually from the Actions tab
+  workflow_dispatch:
+    inputs:
+      enable_ssh_access:
+        type: boolean
+        description: 'Enable ssh access'
+        required: false
+        default: false
+
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Install node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+      - name: Install renovate
+        run: npm install --global renovate
+      - name: Enable ssh access
+        uses: mxschmitt/action-tmate@v3
+        if: ${{ inputs.enable_ssh_access }}
+        with:
+          limit-access-to-actor: true
+      - name: Check renovate config
+        run: renovate-config-validator .github/renovate.json5
+      - name: Renovate dry-run
+        run: renovate --dry-run --autodiscover
+        env:
+          RENOVATE_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          RENOVATE_USE_BASE_BRANCH_CONFIG: ${{ github.ref }}