Migrate dependabot to renovate

2025-12-19 22:24:17 +01:00 · 2024-11-23 11:15:56 +01:00
parent 0f98f0d1a3
commit 48e81bc3bc
3 changed files with 12 additions and 61 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,26 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: "pip"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-      day: "saturday"
-      time: "03:00"
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-      day: "saturday"
-      time: "03:00"
-  - package-ecosystem: "pip"
-    directory: "/example"
-    schedule:
-      interval: "weekly"
-      day: "saturday"
-      time: "03:00"
-  - package-ecosystem: "github-actions"
-    directory: "/.github/workflows/"
-    schedule:
-      interval: "weekly"
-      day: "saturday"
-      time: "03:00"
--- a/.github/workflows/autoupdate.yml
+++ b/.github/workflows/autoupdate.yml
@@ -1,35 +0,0 @@
-on: "pull_request_target"
-
-permissions:
-  pull-requests: "write"
-  contents: "write"
-
-jobs:
-  dependabot:
-    runs-on: "ubuntu-latest"
-    # Checking the actor will prevent your Action run failing on non-Dependabot
-    # PRs but also ensures that it only does work for Dependabot PRs.
-    if: "${{ github.actor == 'dependabot[bot]' }}"
-    steps:
-      # This first step will fail if there's no metadata and so the approval
-      # will not occur.
-      - name: "Dependabot metadata"
-        id: "dependabot-metadata"
-        uses: "dependabot/fetch-metadata@v2"
-        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
-      # Here the PR gets approved.
-      - uses: "actions/checkout@v4"
-      - name: "Approve a PR"
-        run: "gh pr review --approve $PR_URL"
-        env:
-          PR_URL: "${{ github.event.pull_request.html_url }}"
-          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-      # Finally, this sets the PR to allow auto-merging for patch and minor
-      # updates if all checks pass
-      - name: "Enable auto-merge for Dependabot PRs"
-        #if: "${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }}"
-        run: "gh pr merge --auto --squash $PR_URL"
-        env:
-          PR_URL: "${{ github.event.pull_request.html_url }}"
-          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
--- a/renovate.json
+++ b/renovate.json
@@ -0,0 +1,12 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": ["config:recommended", ":disableDependencyDashboard"],
+  "automerge": true,
+  "schedule": [
+    "before 9am on Saturday"
+  ],
+  "lockFileMaintenance": {
+    "enabled": true,
+    "schedule": ["before 9am on Saturday"]
+  }
+}