From 48601b1bf789a8834830b870d7d6ab755bdee50c Mon Sep 17 00:00:00 2001 From: lukasmetzner Date: Thu, 7 May 2026 15:04:52 +0200 Subject: [PATCH 1/5] feat: github action pinning and min release age --- renovate/default.json | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/renovate/default.json b/renovate/default.json index 8e56cbf..9bf35ea 100644 --- a/renovate/default.json +++ b/renovate/default.json @@ -4,9 +4,25 @@ "config:recommended", ":semanticCommits", ":enablePreCommit", - ":enableVulnerabilityAlerts" + ":enableVulnerabilityAlerts", + "helpers:pinGitHubActionDigests" ], "packageRules": [ + { + "description": ["delay GitHub Actions updates and only update weekly"], + "matchManagers": ["github-actions"], + "minimumReleaseAge": "5 days", + "minimumReleaseAgeBehavior": "timestamp-optional", + "schedule": ["on monday"] + }, + { + "description": ["do not delay updates for our own GitHub Actions"], + "matchManagers": ["github-actions"], + "matchSourceUrls": ["https://github.com/hetznercloud/**"], + "minimumReleaseAge": "0 seconds", + "minimumReleaseAgeBehavior": "timestamp-optional", + "schedule": ["at any time"] + }, { "description": ["automerge pre-commit hooks minor and patch version"], "matchManagers": ["pre-commit"], From 1b55484e069c8fc971a0a11a625031fd23ab8561 Mon Sep 17 00:00:00 2001 From: lukasmetzner Date: Mon, 11 May 2026 12:48:57 +0200 Subject: [PATCH 2/5] feat: add hetzner org --- renovate/default.json | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/renovate/default.json b/renovate/default.json index 9bf35ea..c1a973d 100644 --- a/renovate/default.json +++ b/renovate/default.json @@ -18,7 +18,10 @@ { "description": ["do not delay updates for our own GitHub Actions"], "matchManagers": ["github-actions"], - "matchSourceUrls": ["https://github.com/hetznercloud/**"], + "matchSourceUrls": [ + "https://github.com/hetznercloud/**", + "https://github.com/hetzner/**" + ], "minimumReleaseAge": "0 seconds", "minimumReleaseAgeBehavior": "timestamp-optional", "schedule": ["at any time"] From 3b69f26718db7ca38988310daac70a0dced6fb50 Mon Sep 17 00:00:00 2001 From: lukasmetzner Date: Wed, 13 May 2026 07:43:00 +0200 Subject: [PATCH 3/5] feat: apply release delay to all updates Extend the 5-day minimum release age and weekly schedule to all managers (not just GitHub Actions), and drop the now-redundant cert-manager rule since its 2-day delay is shorter than the new global default. --- renovate/default.json | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/renovate/default.json b/renovate/default.json index c1a973d..8c68240 100644 --- a/renovate/default.json +++ b/renovate/default.json @@ -9,15 +9,13 @@ ], "packageRules": [ { - "description": ["delay GitHub Actions updates and only update weekly"], - "matchManagers": ["github-actions"], + "description": ["delay updates and only update weekly"], "minimumReleaseAge": "5 days", "minimumReleaseAgeBehavior": "timestamp-optional", "schedule": ["on monday"] }, { - "description": ["do not delay updates for our own GitHub Actions"], - "matchManagers": ["github-actions"], + "description": ["do not delay updates for our own packages"], "matchSourceUrls": [ "https://github.com/hetznercloud/**", "https://github.com/hetzner/**" @@ -42,11 +40,6 @@ "description": ["automerge patch version"], "updateTypes": ["patch"], "automerge": true - }, - { - "description": ["cert-manager releases are spread over a long time"], - "matchDepNames": ["cert-manager", "github.com/cert-manager/cert-manager"], - "minimumReleaseAge": "2 days" } ], "customManagers": [ From e4fda5c89752534d21384575d822524f53e012f0 Mon Sep 17 00:00:00 2001 From: lukasmetzner Date: Tue, 19 May 2026 14:41:22 +0200 Subject: [PATCH 4/5] fix: adjust deps update schedule --- renovate/default.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/renovate/default.json b/renovate/default.json index 8c68240..ea2572f 100644 --- a/renovate/default.json +++ b/renovate/default.json @@ -7,12 +7,13 @@ ":enableVulnerabilityAlerts", "helpers:pinGitHubActionDigests" ], + "minimumReleaseAge": "5 days", + "minimumReleaseAgeBehavior": "timestamp-optional", "packageRules": [ { - "description": ["delay updates and only update weekly"], - "minimumReleaseAge": "5 days", - "minimumReleaseAgeBehavior": "timestamp-optional", - "schedule": ["on monday"] + "description": ["update actions every monday"], + "matchManagers": ["github-actions"], + "schedule": ["on sunday"] }, { "description": ["do not delay updates for our own packages"], @@ -21,8 +22,7 @@ "https://github.com/hetzner/**" ], "minimumReleaseAge": "0 seconds", - "minimumReleaseAgeBehavior": "timestamp-optional", - "schedule": ["at any time"] + "minimumReleaseAgeBehavior": "timestamp-optional" }, { "description": ["automerge pre-commit hooks minor and patch version"], From c38501c9f2d22809f088ce1b7d0ac875a225a4c8 Mon Sep 17 00:00:00 2001 From: lukasmetzner Date: Tue, 19 May 2026 14:43:51 +0200 Subject: [PATCH 5/5] docs: fix wrong renovate description --- renovate/default.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate/default.json b/renovate/default.json index ea2572f..c202918 100644 --- a/renovate/default.json +++ b/renovate/default.json @@ -11,7 +11,7 @@ "minimumReleaseAgeBehavior": "timestamp-optional", "packageRules": [ { - "description": ["update actions every monday"], + "description": ["update actions weekly"], "matchManagers": ["github-actions"], "schedule": ["on sunday"] },