From 773772298e952e18b0b1c1411213eb9dc47a787b Mon Sep 17 00:00:00 2001 From: Ben Higham Date: Wed, 1 Apr 2026 13:51:46 +1100 Subject: [PATCH 1/6] chore: add .gitignore with worktrees exclusion --- .gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e458ed5 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.worktrees/ From c6ce6b785ce565fa147852e8442bdf8c07fb5cb5 Mon Sep 17 00:00:00 2001 From: Ben Higham Date: Wed, 1 Apr 2026 13:59:20 +1100 Subject: [PATCH 2/6] docs: update AGENTS.md for Dependabot-to-Renovate migration --- AGENTS.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index 9d63204..6bd2d7f 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -23,7 +23,6 @@ Centralized defaults and automation for all `benhigham` GitHub repositories: release-changesets.yml # Reusable: versioning and npm publishing via Changesets ISSUE_TEMPLATE/ # Issue form templates pull_request_template.md # Default PR template - dependabot.yml # Dependabot config (npm, github-actions, docker, terraform, etc.) FUNDING.yml .claude/ commands/ # Reference command files — copy to per-repo as needed @@ -52,6 +51,7 @@ lefthook.yml # Git hook config (pre-commit) .prettierignore # Prettier ignore patterns CODEOWNERS # GitHub code ownership rules GOVERNANCE.md # Project governance policy +renovate.json # Renovate dependency update config ``` ## Tech Stack @@ -63,6 +63,7 @@ GOVERNANCE.md # Project governance policy - **Conventional Commits** (`feat:`, `fix:`, `chore:`, `docs:`, etc.) - **mise** as the tool manager and task runner - **lefthook** for git hooks (pre-commit linting and formatting) +- **Renovate** for automated dependency updates (GitHub App, configured via `renovate.json`) ## Setup @@ -250,7 +251,7 @@ Types: `feat`, `fix`, `docs`, `chore`, `refactor`, `test`, `ci`, `perf` ### Files That Affect Other Repos -Community health files, templates, and `.github/dependabot.yml` are inherited by other repositories. Edit carefully — +Community health files and templates are inherited by other repositories. Edit carefully — breaking changes affect all repos without their own versions. ### Files Local to This Repo From b9e3765403953418ba64fd1547392d349052f848 Mon Sep 17 00:00:00 2001 From: Ben Higham Date: Wed, 1 Apr 2026 13:54:34 +1100 Subject: [PATCH 3/6] chore: add Renovate configuration --- renovate.json | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 renovate.json diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..68cff27 --- /dev/null +++ b/renovate.json @@ -0,0 +1,42 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": ["config:recommended"], + "assignees": ["benhigham"], + "labels": ["dependencies"], + "commitMessagePrefix": "chore(deps):", + "packageRules": [ + { + "matchManagers": ["github-actions"], + "addLabels": ["github-actions"] + }, + { + "matchManagers": ["npm"], + "addLabels": ["npm"] + }, + { + "matchManagers": ["dockerfile", "docker-compose"], + "addLabels": ["docker"] + }, + { + "matchManagers": ["terraform"], + "addLabels": ["terraform"] + }, + { + "matchManagers": ["devcontainer"], + "addLabels": ["devcontainers"] + }, + { + "matchManagers": ["git-submodules"], + "addLabels": ["git-submodules"] + }, + { + "matchManagers": ["gomod"], + "addLabels": ["go"] + }, + { + "matchUpdateTypes": ["minor", "patch"], + "groupName": "minor and patch dependencies", + "automerge": false + } + ] +} From e4ff9c27ec1f855d673bcac235532b32ef1d34ed Mon Sep 17 00:00:00 2001 From: Ben Higham Date: Wed, 1 Apr 2026 13:58:16 +1100 Subject: [PATCH 4/6] chore: remove Dependabot config (replaced by Renovate) --- .github/dependabot.yml | 122 ----------------------------------------- 1 file changed, 122 deletions(-) delete mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 372ed48..0000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,122 +0,0 @@ -version: 2 - -updates: - - package-ecosystem: "github-actions" - directories: - - "/" - - "/.github/actions/claude-invoke" - - "/.github/actions/setup-node-pnpm" - - "/.github/actions/setup-terraform" - schedule: - interval: "weekly" - assignees: - - "benhigham" - labels: - - "dependencies" - - "github-actions" - commit-message: - prefix: "chore" - include: "scope" - groups: - github-actions: - patterns: - - "*" - update-types: - - "minor" - - "patch" - - - package-ecosystem: "npm" - directory: "/" - schedule: - interval: "weekly" - assignees: - - "benhigham" - labels: - - "dependencies" - - "npm" - commit-message: - prefix: "chore" - include: "scope" - groups: - development-dependencies: - dependency-type: "development" - update-types: - - "minor" - - "patch" - production-dependencies: - dependency-type: "production" - update-types: - - "patch" - versioning-strategy: increase - - - package-ecosystem: "docker" - directory: "/" - schedule: - interval: "weekly" - assignees: - - "benhigham" - labels: - - "dependencies" - - "docker" - commit-message: - prefix: "chore" - include: "scope" - - - package-ecosystem: "terraform" - directory: "/" - schedule: - interval: "weekly" - assignees: - - "benhigham" - labels: - - "dependencies" - - "terraform" - commit-message: - prefix: "chore" - include: "scope" - - - package-ecosystem: "devcontainers" - directory: "/" - schedule: - interval: "weekly" - assignees: - - "benhigham" - labels: - - "dependencies" - - "devcontainers" - commit-message: - prefix: "chore" - include: "scope" - - - package-ecosystem: "gitsubmodule" - directory: "/" - schedule: - interval: "weekly" - assignees: - - "benhigham" - labels: - - "dependencies" - - "git-submodules" - commit-message: - prefix: "chore" - include: "scope" - - - package-ecosystem: "gomod" - directory: "/" - schedule: - interval: "weekly" - assignees: - - "benhigham" - labels: - - "dependencies" - - "go" - commit-message: - prefix: "chore" - include: "scope" - groups: - go-dependencies: - patterns: - - "*" - update-types: - - "minor" - - "patch" From 7bb8f900ebd9a786cc67b9fcdfb42f2c14c51843 Mon Sep 17 00:00:00 2001 From: Ben Higham Date: Wed, 1 Apr 2026 14:03:48 +1100 Subject: [PATCH 5/6] docs: update README.md for Dependabot-to-Renovate migration --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6d7a857..3b4e344 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ GitHub uses these as defaults for any public repository that doesn't have its ow - `CODE_OF_CONDUCT.md`, `SECURITY.md`, `SUPPORT.md`, `GOVERNANCE.md`, `LICENSE.md` - `.github/ISSUE_TEMPLATE/` — bug reports, feature requests, codebase improvements - `.github/pull_request_template.md` — default PR template -- `.github/dependabot.yml` — dependency updates with grouping and auto-assign +- `renovate.json` — Renovate dependency update config (grouping, labels, commit conventions) - `.github/FUNDING.yml` ## Reusable Workflows From cacb3eb227a80411d84030b5995cd9abbea5deff Mon Sep 17 00:00:00 2001 From: Ben Higham Date: Wed, 1 Apr 2026 14:49:34 +1100 Subject: [PATCH 6/6] fix: address PR review feedback for Renovate config - Remove commitMessagePrefix to let Renovate auto-detect semantic commits - Add weekly schedule preset to match previous Dependabot cadence - Replace blanket minor/patch grouping with per-manager rules (npm dev minor+patch, npm prod patch-only, github-actions, gomod) - Move renovate.json out of Community Health Files in README - Add renovate.json to Files Local to This Repo in AGENTS.md - Expand tech stack entry with GitHub App prerequisite note --- AGENTS.md | 4 ++-- README.md | 5 ++++- renovate.json | 26 ++++++++++++++++++-------- 3 files changed, 24 insertions(+), 11 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index 6bd2d7f..1e3dce5 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -63,7 +63,7 @@ renovate.json # Renovate dependency update config - **Conventional Commits** (`feat:`, `fix:`, `chore:`, `docs:`, etc.) - **mise** as the tool manager and task runner - **lefthook** for git hooks (pre-commit linting and formatting) -- **Renovate** for automated dependency updates (GitHub App, configured via `renovate.json`) +- **Renovate** for automated dependency updates (requires Renovate GitHub App; configured via `renovate.json` at repo root) ## Setup @@ -256,5 +256,5 @@ breaking changes affect all repos without their own versions. ### Files Local to This Repo -`README.md`, `AGENTS.md`, and workflow definitions. Other repos call workflows explicitly; +`README.md`, `AGENTS.md`, `renovate.json`, and workflow definitions. Other repos call workflows explicitly; changes here require consumers to update their references if inputs change. diff --git a/README.md b/README.md index 3b4e344..97b3825 100644 --- a/README.md +++ b/README.md @@ -11,9 +11,12 @@ GitHub uses these as defaults for any public repository that doesn't have its ow - `CODE_OF_CONDUCT.md`, `SECURITY.md`, `SUPPORT.md`, `GOVERNANCE.md`, `LICENSE.md` - `.github/ISSUE_TEMPLATE/` — bug reports, feature requests, codebase improvements - `.github/pull_request_template.md` — default PR template -- `renovate.json` — Renovate dependency update config (grouping, labels, commit conventions) - `.github/FUNDING.yml` +## Dependency Management + +- `renovate.json` — Renovate dependency update config (assignees, grouping, labels, schedule) + ## Reusable Workflows ### Release with Changesets diff --git a/renovate.json b/renovate.json index 68cff27..9fa6d18 100644 --- a/renovate.json +++ b/renovate.json @@ -1,18 +1,31 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": ["config:recommended"], + "extends": ["config:recommended", "schedule:weekly"], "assignees": ["benhigham"], "labels": ["dependencies"], - "commitMessagePrefix": "chore(deps):", "packageRules": [ { "matchManagers": ["github-actions"], - "addLabels": ["github-actions"] + "addLabels": ["github-actions"], + "matchUpdateTypes": ["minor", "patch"], + "groupName": "github-actions (minor and patch)" }, { "matchManagers": ["npm"], "addLabels": ["npm"] }, + { + "matchManagers": ["npm"], + "matchDepTypes": ["devDependencies"], + "matchUpdateTypes": ["minor", "patch"], + "groupName": "npm dev dependencies (minor and patch)" + }, + { + "matchManagers": ["npm"], + "matchDepTypes": ["dependencies"], + "matchUpdateTypes": ["patch"], + "groupName": "npm production dependencies (patch)" + }, { "matchManagers": ["dockerfile", "docker-compose"], "addLabels": ["docker"] @@ -31,12 +44,9 @@ }, { "matchManagers": ["gomod"], - "addLabels": ["go"] - }, - { + "addLabels": ["go"], "matchUpdateTypes": ["minor", "patch"], - "groupName": "minor and patch dependencies", - "automerge": false + "groupName": "go dependencies (minor and patch)" } ] }