Skip to content

feat(NEXUS-1447): adopt shared renovate-config preset (slim extends-only)#285

Merged
corinnesollows merged 1 commit into
masterfrom
feat/NEXUS-1447/joy-slim-renovate
Jul 8, 2026
Merged

feat(NEXUS-1447): adopt shared renovate-config preset (slim extends-only)#285
corinnesollows merged 1 commit into
masterfrom
feat/NEXUS-1447/joy-slim-renovate

Conversation

@corinnesollows

@corinnesollows corinnesollows commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Adopt shared Renovate config preset (NEXUS-1447)

This repo is part of the org-wide rollout of nestoca/renovate-config — a shared Renovate preset that standardises dependency update behaviour across all nestoca/* repos.

What the shared preset provides

Preset What it does
github>nestoca/renovate-config Security-only baseline: all updates disabled by default; vulnerability alerts on
:internal-docker Internal nesto docker images (Artifact Registry) bumped weekly on Mondays
:monthly-internal-gomod-bumps github.com/nestoca/** Go deps bumped monthly in one grouped PR
:self-exclusion(<repo>) Prevents self-bump PRs when this repo tags a new release

Repo-specific notes

Previously disabled all updates. The shared preset's security-only baseline plus the two required presets gives the right behaviour.

Behaviour change summary

  • External Go deps: security-only (no proactive PRs) — same as before
  • Internal nestoca/* Go deps: monthly grouped PR via shared preset
  • Internal docker images: weekly via shared preset
  • Vulnerability alerts: on (unchanged)

Part of NEXUS-959 · Batch 7 NEXUS-1447


Note

Low Risk
Config-only change to Renovate automation; no application runtime or security logic is modified, only which dependency update PRs Renovate may open.

Overview
Renovate config is relocated and replaced with the org shared preset instead of the old root renovate.json that disabled all package updates while leaving vulnerability alerts on.

The new .github/renovate.json only extends nestoca/renovate-config (security-only baseline), plus internal Docker weekly bumps, monthly grouped internal Go module bumps for github.com/nestoca/**, and self-exclusion for this repo (joy) so Renovate does not open self-bump PRs on its own releases.

Behaviour shift vs the previous file: external deps stay security-only; internal nesto Go deps and internal docker images now get scheduled proactive PRs from the shared presets.

Reviewed by Cursor Bugbot for commit f78aea0. Bugbot is set up for automated code reviews on this repo. Configure here.

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown

Review Change Stack

Caution

Review failed

An error occurred during the review process. Please try again later.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/NEXUS-1447/joy-slim-renovate

Comment @coderabbitai help to get the list of available commands.

@corinnesollows corinnesollows marked this pull request as ready for review July 8, 2026 13:09
@corinnesollows corinnesollows merged commit 198a9bf into master Jul 8, 2026
8 checks passed
@corinnesollows corinnesollows deleted the feat/NEXUS-1447/joy-slim-renovate branch July 8, 2026 14:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants