From 738c82498e9d2494caef048d6c047add5ab7940f Mon Sep 17 00:00:00 2001 From: carole-lavillonniere Date: Tue, 30 Jun 2026 16:22:56 +0200 Subject: [PATCH] Enable Renovate automerge for non-major RIE dependency bumps Automerge non-major gomod bumps (minor/patch), Go-toolchain bumps, and non-major GitHub Actions updates so Go-dep/stdlib CVE fixes land without manual review. Security updates get their own ungrouped, automerged path via vulnerabilityAlerts so a CVE fix is never blocked behind the grouped batch. Majors stay manual (automerge explicitly set to false). Automerge still waits for green CI before merging. --- renovate.json | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/renovate.json b/renovate.json index 3bf539a..10e8a27 100644 --- a/renovate.json +++ b/renovate.json @@ -4,24 +4,43 @@ "config:recommended" ], "postUpdateOptions": ["gomodTidy"], + "platformAutomerge": true, "packageRules": [ { "matchManagers": ["gomod"], "matchDepTypes": ["golang"], "rangeStrategy": "bump", - "groupName": "Go toolchain" + "groupName": "Go toolchain", + "automerge": true }, { "matchManagers": ["gomod"], "excludePackageNames": ["go"], "matchUpdateTypes": ["minor", "patch"], - "groupName": "Go dependencies (non-major)" + "groupName": "Go dependencies (non-major)", + "automerge": true }, { "matchManagers": ["gomod"], "excludePackageNames": ["go"], "matchUpdateTypes": ["major"], - "enabled": false + "enabled": false, + "automerge": false + }, + { + "matchManagers": ["github-actions"], + "matchUpdateTypes": ["minor", "patch", "digest"], + "automerge": true + }, + { + "matchManagers": ["github-actions"], + "matchUpdateTypes": ["major"], + "automerge": false } - ] + ], + "vulnerabilityAlerts": { + "groupName": null, + "automerge": true, + "labels": ["security"] + } }