renovate.json5

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "assigneesFromCodeOwners": true,
  "extends": [
    // Custom Manager Presets (https://docs.renovatebot.com/presets-customManagers/)
    "customManagers:dockerfileVersions", // manages _VERSION variables in Dockerfile
    "customManagers:githubActionsVersions", // manages _VERSION variables in GitHub Action workflows
    "customManagers:mavenPropertyVersions", // updates versions defined in maven properties ending with .version

    // Default Presets (https://docs.renovatebot.com/presets-default/)
    ":approveMajorUpdates", // major dependency updates need to be approved via dashboard before PR is created
    ":disableRateLimiting", // allows unlimited creation of PRs
    ":docker", // updating Dockerfile and docker-compose files
    ":label(Type: Dependency)", // custom label for PRs created by Renovatebot
    ":enableVulnerabilityAlertsWithLabel(Type: Security)", // custom label for security PRs created by Renovatebot
    ":npm", // updating package.json and package-lock.json
    ":pinAllExceptPeerDependencies", // do version pinning except for peer dependencies
    ":rebaseStalePrs", // rebase Renovate PR branched when base branch is updated
    ":semanticCommits", // enabled semantic commits in PR titles
    ":separateMultipleMajorReleases", // separate major updates of dependencies into separate PRs
    ":timezone(Europe/Berlin)", // sets correct timezone for schedule based operations

    // Docker Presets (https://docs.renovatebot.com/presets-docker/)
    "docker:enableMajor", // enables updading of major versions for docker images

    // Full Config Presets (https://docs.renovatebot.com/presets-config/)
    "config:best-practices", // enables best practices by the Renovate team

    // Helper Presets (https://docs.renovatebot.com/presets-helpers/)
    "helpers:pinGitHubActionDigestsToSemver", // enabled pinning the action digest with a semantic version comment

    // npm Presets (https://docs.renovatebot.com/presets-npm/)
    "npm:unpublishSafe", // used to make sure updates are only done after the npm package is "stable" (at least for 3 days)

    // Schedule presets (https://docs.renovatebot.com/presets-schedule/)
    "schedule:weekly", // renovatebot will search weekly for available dependency updates

    // Security presets (https://docs.renovatebot.com/presets-security/)
    "security:openssf-scorecard", // showw OpenSSF badge on pull requests to evaluate security health metrics for dependencies
  ],
  "packageRules": [
    {
      "description": "Ignore spring-boot-parent updates in EAI template because Camel version specifies compatible Spring version",
      "matchDatasources": ["maven"],
      "matchPackageNames": ["org.springframework.boot:spring-boot-starter-parent"],
      "matchFileNames": ["refarch-eai/pom.xml"],
      "enabled": false
    },
    {
      "description": "Limit Camel updates to current LTS version (needs to be updated manually when new LTS release is out)",
      "matchDatasources": ["maven"],
      "matchPackageNames": ["org.apache.camel.springboot:camel-spring-boot-dependencies"],
      "allowedVersions": "<=4.8"
    },
    {
      "description": "Limit dependencies directly related to Node to versions on company machines (needs to be updated manually when new versions are rolled out)",
      "matchDatasources": ["npm"],
      "matchPackageNames": ["@types/node"],
      "allowedVersions": "<=20.14.0"
    },
    {
      "description": "Limit Keycloak version in docker stack to versions in company infrastructure, might slighty differ due to some RedHat KeyCloak versions not available as Docker image (needs to be updated manually when new versions are rolled out)",
      "matchDatasources": ["docker"],
      "matchPackageNames": ["quay.io/keycloak/keycloak"],
      "allowedVersions": "<=20.0.5"
    },
    {
      "description": "Limit Postgres version in docker stack to versions in company infrastructure (needs to be updated manually when new versions are rolled out)",
      "matchDatasources": ["docker"],
      "matchPackageNames": ["postgres"],
      "allowedVersions": "<=16.4"
    }
  ],
  "additionalBranchPrefix": "{{parentDir}}-"
}