From 48601b1bf789a8834830b870d7d6ab755bdee50c Mon Sep 17 00:00:00 2001 From: lukasmetzner Date: Thu, 7 May 2026 15:04:52 +0200 Subject: [PATCH 1/3] feat: github action pinning and min release age --- renovate/default.json | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/renovate/default.json b/renovate/default.json index 8e56cbf..9bf35ea 100644 --- a/renovate/default.json +++ b/renovate/default.json @@ -4,9 +4,25 @@ "config:recommended", ":semanticCommits", ":enablePreCommit", - ":enableVulnerabilityAlerts" + ":enableVulnerabilityAlerts", + "helpers:pinGitHubActionDigests" ], "packageRules": [ + { + "description": ["delay GitHub Actions updates and only update weekly"], + "matchManagers": ["github-actions"], + "minimumReleaseAge": "5 days", + "minimumReleaseAgeBehavior": "timestamp-optional", + "schedule": ["on monday"] + }, + { + "description": ["do not delay updates for our own GitHub Actions"], + "matchManagers": ["github-actions"], + "matchSourceUrls": ["https://github.com/hetznercloud/**"], + "minimumReleaseAge": "0 seconds", + "minimumReleaseAgeBehavior": "timestamp-optional", + "schedule": ["at any time"] + }, { "description": ["automerge pre-commit hooks minor and patch version"], "matchManagers": ["pre-commit"], From 1b55484e069c8fc971a0a11a625031fd23ab8561 Mon Sep 17 00:00:00 2001 From: lukasmetzner Date: Mon, 11 May 2026 12:48:57 +0200 Subject: [PATCH 2/3] feat: add hetzner org --- renovate/default.json | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/renovate/default.json b/renovate/default.json index 9bf35ea..c1a973d 100644 --- a/renovate/default.json +++ b/renovate/default.json @@ -18,7 +18,10 @@ { "description": ["do not delay updates for our own GitHub Actions"], "matchManagers": ["github-actions"], - "matchSourceUrls": ["https://github.com/hetznercloud/**"], + "matchSourceUrls": [ + "https://github.com/hetznercloud/**", + "https://github.com/hetzner/**" + ], "minimumReleaseAge": "0 seconds", "minimumReleaseAgeBehavior": "timestamp-optional", "schedule": ["at any time"] From 3b69f26718db7ca38988310daac70a0dced6fb50 Mon Sep 17 00:00:00 2001 From: lukasmetzner Date: Wed, 13 May 2026 07:43:00 +0200 Subject: [PATCH 3/3] feat: apply release delay to all updates Extend the 5-day minimum release age and weekly schedule to all managers (not just GitHub Actions), and drop the now-redundant cert-manager rule since its 2-day delay is shorter than the new global default. --- renovate/default.json | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/renovate/default.json b/renovate/default.json index c1a973d..8c68240 100644 --- a/renovate/default.json +++ b/renovate/default.json @@ -9,15 +9,13 @@ ], "packageRules": [ { - "description": ["delay GitHub Actions updates and only update weekly"], - "matchManagers": ["github-actions"], + "description": ["delay updates and only update weekly"], "minimumReleaseAge": "5 days", "minimumReleaseAgeBehavior": "timestamp-optional", "schedule": ["on monday"] }, { - "description": ["do not delay updates for our own GitHub Actions"], - "matchManagers": ["github-actions"], + "description": ["do not delay updates for our own packages"], "matchSourceUrls": [ "https://github.com/hetznercloud/**", "https://github.com/hetzner/**" @@ -42,11 +40,6 @@ "description": ["automerge patch version"], "updateTypes": ["patch"], "automerge": true - }, - { - "description": ["cert-manager releases are spread over a long time"], - "matchDepNames": ["cert-manager", "github.com/cert-manager/cert-manager"], - "minimumReleaseAge": "2 days" } ], "customManagers": [