Skip to content

Commit 738c824

Browse files
Enable Renovate automerge for non-major RIE dependency bumps
Automerge non-major gomod bumps (minor/patch), Go-toolchain bumps, and non-major GitHub Actions updates so Go-dep/stdlib CVE fixes land without manual review. Security updates get their own ungrouped, automerged path via vulnerabilityAlerts so a CVE fix is never blocked behind the grouped batch. Majors stay manual (automerge explicitly set to false). Automerge still waits for green CI before merging.
1 parent 9b9acb3 commit 738c824

1 file changed

Lines changed: 23 additions & 4 deletions

File tree

renovate.json

Lines changed: 23 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,24 +4,43 @@
44
"config:recommended"
55
],
66
"postUpdateOptions": ["gomodTidy"],
7+
"platformAutomerge": true,
78
"packageRules": [
89
{
910
"matchManagers": ["gomod"],
1011
"matchDepTypes": ["golang"],
1112
"rangeStrategy": "bump",
12-
"groupName": "Go toolchain"
13+
"groupName": "Go toolchain",
14+
"automerge": true
1315
},
1416
{
1517
"matchManagers": ["gomod"],
1618
"excludePackageNames": ["go"],
1719
"matchUpdateTypes": ["minor", "patch"],
18-
"groupName": "Go dependencies (non-major)"
20+
"groupName": "Go dependencies (non-major)",
21+
"automerge": true
1922
},
2023
{
2124
"matchManagers": ["gomod"],
2225
"excludePackageNames": ["go"],
2326
"matchUpdateTypes": ["major"],
24-
"enabled": false
27+
"enabled": false,
28+
"automerge": false
29+
},
30+
{
31+
"matchManagers": ["github-actions"],
32+
"matchUpdateTypes": ["minor", "patch", "digest"],
33+
"automerge": true
34+
},
35+
{
36+
"matchManagers": ["github-actions"],
37+
"matchUpdateTypes": ["major"],
38+
"automerge": false
2539
}
26-
]
40+
],
41+
"vulnerabilityAlerts": {
42+
"groupName": null,
43+
"automerge": true,
44+
"labels": ["security"]
45+
}
2746
}

0 commit comments

Comments
 (0)