Skip to content

Update renovate config #155

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
AlexSkrypnyk wants to merge 1 commit into from
Closed

Update renovate config #155

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
197 changes: 15 additions & 182 deletions renovate.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,197 +1,30 @@
{
"extends": [
"config:recommended"
],
"branchPrefix": "deps/",
"labels": [
"Dependencies"
],
"assignees": [],
"ignorePresets": [
":prHourlyLimit2"
],
"extends": ["config:recommended"],
"automerge": true,
"rangeStrategy": "bump",
"timezone": "Australia/Melbourne",
"configMigration": true,
"enabledManagers": [
"composer",
"npm",
"dockerfile",
"docker-compose",
"github-actions",
"custom.regex"
],
"dependencyDashboard": true,
"pinDigests": true,
"branchPrefix": "deps/",
"packageRules": [
{
"groupName": "PHP - Language version - Skipped to update manually",
"groupSlug": "php-language-version",
"matchDepNames": [
"php"
],
"matchManagers": [
"composer"
],
"matchDepNames": ["php"],
"matchManagers": ["composer"],
Comment on lines +10 to +11
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Mar 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick | 🔵 Trivial

🧩 Analysis chain

🌐 Web query:

Renovate matchPackageNames vs matchDepNames deprecation

💡 Result:

matchDepNames is not deprecated in Renovate. It’s a supported matcher, and it’s documented as behaving like matchPackageNames but matching against depName instead of packageName. [1]

How to choose:

  • Use matchPackageNames when you want to match Renovate’s canonical packageName (the exact identifier Renovate uses to look up the dependency in a registry). [2]
  • Use matchDepNames when you want to match the user-facing depName (often the “pretty”/short name used in PR titles/branch names). [1][3]

Why this matters: depName and packageName are often the same, but not always (e.g., some ecosystems/managers expand packageName to a more specific identifier), so switching between the two can change what your rule matches. [3]

Sources:
[1] https://docs.renovatebot.com/configuration-options/ (packageRules.matchDepNames)
[2] https://docs.renovatebot.com/configuration-options/ (packageRules.matchPackageNames)
[3] https://docs.renovatebot.com/faq/ (depName vs packageName)

Use matchDepNames consistently throughout the configuration.

Both matchDepNames and matchPackageNames are supported matchers in Renovate, but they serve different purposes: matchDepNames matches user-facing dependency names, while matchPackageNames matches canonical package identifiers. The configuration mixes both—using matchDepNames for ["php"] and ["node"] (lines 10, 15) but matchPackageNames for ["*"] (line 25). For clarity and consistency with the existing rules, use matchDepNames throughout.

♻️ Proposed fix for consistency 
         {
-            "matchPackageNames": ["*"],
+            "matchDepNames": ["*"],
             "groupName": "all dependencies",
             "groupSlug": "all"
         }
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@renovate.json` around lines 10 - 11, The config mixes Renovate matchers—use
matchDepNames consistently instead of matchPackageNames; replace occurrences of
"matchPackageNames": ["*"] with "matchDepNames": ["*"] (and ensure other rules
using "matchPackageNames" are updated similarly), keeping existing rule values
like ["php"] and ["node"] unchanged so all rules uniformly use matchDepNames.

"enabled": false
},
{
"groupName": "JavaScript - Language versions - Skipped to update manually",
"groupSlug": "js-language-versions",
"matchDepNames": [
"node",
"yarn"
],
"matchManagers": [
"npm"
],
"matchDepNames": ["node", "yarn"],
"matchManagers": ["npm"],
"enabled": false
},
{
"groupName": "PHP - All packages - Major - Skipped to update manually",
"groupSlug": "php-all-major",
"matchDatasources": [
"packagist"
],
"matchFileNames": [
"composer.json"
],
"matchUpdateTypes": [
"major"
],
"enabled": false,
"matchPackageNames": [
"/.*/"
]
},
{
"groupName": "PHP - All packages except core - Minor and patch",
"groupSlug": "php-all-except-core-minor-patch",
"matchDatasources": [
"packagist"
],
"matchFileNames": [
"composer.json"
],
"separateMinorPatch": false,
"schedule": [
"before 2am on Sunday"
],
"matchPackageNames": [
"/.*/",
"!drupal/core-composer-scaffold",
"!drupal/core-project-message",
"!drupal/core-recommended",
"!drupal/core-dev"
]
},
{
"groupName": "PHP - Drupal core - Minor and patch",
"groupSlug": "php-drupal-core-minor-patch",
"matchFileNames": [
"composer.json"
],
"schedule": [
"before 2am"
],
"matchDatasources": [
"packagist"
],
"matchUpdateTypes": [
"patch",
"minor"
],
"matchDepNames": [
"drupal/core-composer-scaffold",
"drupal/core-project-message",
"drupal/core-recommended",
"drupal/core-dev"
]
},
{
"groupName": "JavaScript - Non-root packages - Skipped to update manually",
"groupSlug": "js-non-root",
"matchDatasources": [
"npm"
],
"matchFileNames": [
"!package.json"
],
"enabled": false,
"matchPackageNames": [
"/.*/"
]
},
{
"groupName": "JavaScript - All packages - Major - Skipped to update manually",
"groupSlug": "js-all-major",
"matchDatasources": [
"npm"
],
"matchFileNames": [
"package.json"
],
"matchUpdateTypes": [
"major"
],
"enabled": false,
"matchPackageNames": [
"/.*/"
]
},
{
"groupName": "JavaScript - All packages - Minor and patch",
"groupSlug": "js-all-minor-patch",
"matchDatasources": [
"npm"
],
"matchFileNames": [
"package.json"
],
"separateMinorPatch": false,
"schedule": [
"before 2am on Sunday"
],
"matchPackageNames": [
"/.*/"
]
},
{
"groupName": "Container images - All - Major, minor and patch",
"groupSlug": "container-images-all-major-minor-patch",
"matchFileNames": [
".docker/**"
],
"schedule": [
"before 3am"
],
"matchManagers": [
"dockerfile",
"docker-compose",
"custom.regex"
]
"matchManagers": ["npm", "composer"],
"matchUpdateTypes": ["major"],
"enabled": false
},
{
"groupName": "GitHub Actions - All - Major, minor and patch",
"groupSlug": "github-actions-all-major-minor-patch",
"schedule": [
"before 3am"
],
"matchManagers": [
"github-actions"
],
"pinDigests": true
}
],
"customManagers": [
{
"customType": "regex",
"managerFilePatterns": [
"/^docker-compose\\.yml$/"
],
"matchStrings": [
"IMAGE:\\s*\"?\\${(?:.*):-(?<depName>.*?):(?<currentValue>.*?)(?:\\@sha256:.*)?}\"?"
],
"datasourceTemplate": "docker",
"versioningTemplate": "docker"
"matchPackageNames": ["*"],
"groupName": "all dependencies",
"groupSlug": "all"
}
Comment on lines 24 to 28
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Mar 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick | 🔵 Trivial

Consider the implications of grouping all dependencies.

Grouping all dependencies into a single PR (matchPackageNames: ["*"]) with automerge enabled means all minor/patch updates will be merged together. This simplifies management but:

  1. A single failing dependency could block all other updates.
  2. If issues arise post-merge, it's harder to identify which dependency caused the problem.

If this is the intended workflow for this repository, this is acceptable. Otherwise, consider grouping by ecosystem or update type.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@renovate.json` around lines 24 - 28, Summary: current group rule uses
matchPackageNames: ["*"] (groupName: "all", groupSlug: "all") which groups every
dependency into one PR; change it to safer grouping. Replace the wildcard group
by creating targeted groups instead (e.g., group by ecosystem or update type) by
adding multiple objects that use matchPackagePatterns or
matchDepTypes/matchUpdateTypes (or matchPackageNames with specific lists) so
that runtime, dev, and ecosystem-specific deps are split; ensure automerge/pr
settings are applied per-group as desired and remove or narrow the global "*"
group to avoid blocking all updates on a single failure.

]
}
Loading