Skip to content

chore: inline self-contained house Renovate config #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bakerboy448 merged 1 commit into from
Jun 21, 2026
Merged

chore: inline self-contained house Renovate config #8

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 17 additions & 3 deletions renovate.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,20 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:recommended"
]
"description": "Inlined house Renovate config — self-contained, public presets only.",
"extends": ["config:best-practices", ":dependencyDashboard", ":semanticCommits", ":enableVulnerabilityAlertsWithLabel(security)"],

@coderabbitai coderabbitai Bot Jun 21, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Check Renovate documentation for the enableVulnerabilityAlertsWithLabel preset

# Search for any local documentation or comments about vulnerability alert configuration
rg -i -C3 'vulnerabilityAlerts|enableVulnerabilityAlerts' --glob '*.md'

Repository: baker-scripts/Scripts

Length of output: 47

🌐 Web query:

What does the Renovate preset :enableVulnerabilityAlertsWithLabel(security) configure by default?

💡 Result:

The Renovate preset:enableVulnerabilityAlertsWithLabel(security) enables vulnerability alerts and configures Renovate to add a PR label list containing exactly "security" (i.e., it replaces any existing list of PR labels with ["security"]). [1] Concretely, the preset sets vulnerabilityAlerts.enabled = true and vulnerabilityAlerts.labels = ["{{arg0}}"], so with arg0 = security it becomes vulnerabilityAlerts.labels = ["security"]. [1]

Citations:

🏁 Script executed:

cat -n renovate.json | head -20

Repository: baker-scripts/Scripts

Length of output: 1777

Remove redundant "labels": ["security"] from line 12.

The preset :enableVulnerabilityAlertsWithLabel(security) on line 4 already configures vulnerability alerts with the "security" label. The explicit vulnerabilityAlerts configuration on line 12 redundantly specifies "labels": ["security"] again. Keep the schedule and automerge settings, but remove the redundant labels property.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@renovate.json` at line 4, The renovate.json configuration has redundant label
configuration due to the `:enableVulnerabilityAlertsWithLabel(security)` preset
on line 4 already setting the "security" label for vulnerability alerts. Locate
the `vulnerabilityAlerts` object in the configuration and remove the `"labels":
["security"]` property from it, while preserving the `schedule` and `automerge`
properties that should remain in that object.

"schedule": ["before 6am on sunday"],
"timezone": "America/Chicago",
"prHourlyLimit": 2, "prConcurrentLimit": 4,
"labels": ["dependencies", "renovate"],
"rangeStrategy": "bump", "separateMajorMinor": true, "separateMinorPatch": false,
"automerge": false, "platformAutomerge": false, "rebaseWhen": "behind-base-branch",
"branchPrefix": "renovate/", "ignoreDeps": [],

@coderabbitai coderabbitai Bot Jun 21, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick | 🔵 Trivial | 💤 Low value

Remove redundant empty ignoreDeps array.

The ignoreDeps: [] declaration is redundant since an empty array is the default value. Unless this is included explicitly for documentation purposes or to facilitate future modifications, consider removing it to reduce configuration noise.

♻️ Proposed cleanup 
-  "branchPrefix": "renovate/", "ignoreDeps": [],
+  "branchPrefix": "renovate/",
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@renovate.json` at line 11, Remove the redundant empty ignoreDeps array from
the renovate.json configuration file. The ignoreDeps property with an empty
array is the default behavior in Renovate, so including it explicitly only adds
configuration noise without providing functional value. Simply delete the
"ignoreDeps": [] entry from the configuration object to clean up the
configuration file.

"vulnerabilityAlerts": {"labels": ["security"], "schedule": ["at any time"], "automerge": true},
"packageRules": [
{"description": "Group GHA minor/patch/digest — automerge when CI green", "matchManagers": ["github-actions"], "matchUpdateTypes": ["minor","patch","digest","pin","pinDigest"], "groupName": "github-actions", "groupSlug": "github-actions", "semanticCommitType": "chore", "automerge": true},
{"description": "GitHub Actions major — hold for review", "matchManagers": ["github-actions"], "matchUpdateTypes": ["major"], "automerge": false, "addLabels": ["review-required"]},
{"description": "Any major — hold for review", "matchUpdateTypes": ["major"], "automerge": false, "addLabels": ["major","review-required"]}
],
"lockFileMaintenance": {"enabled": true, "schedule": ["before 6am on sunday"], "automerge": true, "automergeType": "branch"},
"recreateWhen": "auto"
}
Loading