From 111db226f44b8858c51b74dbf9124d990a4b3f24 Mon Sep 17 00:00:00 2001
From: NWarila <33955773+NWarila@users.noreply.github.com>
Date: Fri, 29 May 2026 00:05:28 +0000
Subject: [PATCH] chore(deps): adopt Renovate, remove Dependabot (ADR-0004)

python-template was the org's last dependency-management holdout still on
Dependabot. Replace .github/dependabot.yml with a standalone
.github/renovate.json5 (config:recommended) matching the org standard and the
sibling template repos (drift-gate, chiseled). Enables the github-actions and
pep621 managers for the repo's actual dependency files.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 .github/dependabot.yml | 11 -----------
 .github/renovate.json5 | 44 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+), 11 deletions(-)
 delete mode 100644 .github/dependabot.yml
 create mode 100644 .github/renovate.json5

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
deleted file mode 100644
index 5827c6d..0000000
--- a/.github/dependabot.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: github-actions
-    directory: /
-    schedule:
-      interval: weekly
-
-  - package-ecosystem: pip
-    directory: /
-    schedule:
-      interval: weekly
diff --git a/.github/renovate.json5 b/.github/renovate.json5
new file mode 100644
index 0000000..fa74ae4
--- /dev/null
+++ b/.github/renovate.json5
@@ -0,0 +1,44 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+
+  // Renovate config for NWarila/python-template. This template ships reusable
+  // Python quality-gate scripts plus GitHub Actions workflows and a composite
+  // action (.github/actions/setup-python/action.yml). Renovate keeps the
+  // Actions `uses:` SHA pins in `action.yml` and `.github/workflows/` current
+  // and tracks the Python dev dependencies declared in `pyproject.toml`.
+  "extends": [
+    "config:recommended",
+    ":dependencyDashboard",
+    ":semanticCommits"
+  ],
+
+  "schedule": ["before 6am on monday"],
+  "labels": ["dependencies"],
+  "prConcurrentLimit": 5,
+  "minimumReleaseAge": "7 days",
+  "internalChecksFilter": "strict",
+
+  // python-template has no requirements.txt; Python deps live in pyproject.toml
+  // (PEP 621, [project.optional-dependencies].dev), so the `pep621` manager
+  // handles them. github-actions covers both the composite action.yml and the
+  // workflows under .github/workflows/. There are no `# renovate:`-annotated
+  // pinned pip installs in the workflows, so no custom.regex manager is needed.
+  "enabledManagers": [
+    "github-actions",
+    "pep621"
+  ],
+
+  "packageRules": [
+    {
+      "matchManagers": ["github-actions"],
+      "pinDigests": true,
+      "semanticCommitType": "ci",
+      "semanticCommitScope": "deps"
+    },
+    {
+      "matchManagers": ["pep621"],
+      "semanticCommitType": "chore",
+      "semanticCommitScope": "deps"
+    }
+  ]
+}