From 01d190cd2bc604caf3302fc0e07921ebe0a323b1 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Tue, 17 Feb 2026 11:42:55 +0100 Subject: [PATCH 1/4] chore(renovate): set RPM lockfile updates to automerge This setting needs to be applied separately from other package managers because it is a MintMaker specific setting and is dealt with in a special way. --- .github/renovate.json5 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 83bec5e..4fce23a 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -61,6 +61,10 @@ "**/*konflux*.Containerfile", ], }, + // RPM lockfile updates need to be set explicitly to automerge, separately from other package managers. + "lockFileMaintanance": { + "automerge": true, + }, "enabledManagers": [ // Restrict Renovate focus on Konflux things since we rely on GitHub's dependabot for everything else. "tekton", From bcc6125059c8a73b1cabdfcff383f720840bdf39 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Tue, 17 Feb 2026 13:12:42 +0100 Subject: [PATCH 2/4] Add all automerge options to lockFileMaintanance and move rpmVulnerabilityAutomerge so they are together --- .github/renovate.json5 | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 4fce23a..0733abf 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -23,9 +23,6 @@ "branchConcurrentLimit": null, // The number of PRs MintMaker can open in one hour, effectively in one run. "prHourlyLimit": 6, - // Automerge all rpm-lockfile security updates. This is configured separately from other package managers. - // https://konflux-ci.dev/docs/mintmaker/rpm-lockfile/#how-to-enable-automerge-for-rpm-security-updates - "rpmVulnerabilityAutomerge": "ALL", "timezone": "Etc/UTC", "schedule": [ // Allowed syntax: https://docs.renovatebot.com/configuration-options/#schedule @@ -61,9 +58,21 @@ "**/*konflux*.Containerfile", ], }, + // Automerge all rpm-lockfile security updates. This is configured separately from other package managers. + // https://konflux-ci.dev/docs/mintmaker/rpm-lockfile/#how-to-enable-automerge-for-rpm-security-updates + "rpmVulnerabilityAutomerge": "ALL", // RPM lockfile updates need to be set explicitly to automerge, separately from other package managers. "lockFileMaintanance": { "automerge": true, + // A known issue is that some non-Konflux CI jobs currently fail, which may prevent successful auto-merging with a "branch" auto-merge setting. + // Therefore, we use PR merge type and have automation approve PRs. + "automergeType": "pr", + "automergeStrategy": "squash", + // Tell Renovate that it can automerge branches at any time of the day. + "automergeSchedule": [ + "at any time", + ], + "platformAutomerge": true, }, "enabledManagers": [ // Restrict Renovate focus on Konflux things since we rely on GitHub's dependabot for everything else. From 87fd5c4e98cf66b3b0af6868f87efd34bff755ae Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Wed, 18 Feb 2026 11:44:15 +0100 Subject: [PATCH 3/4] Rewrite some renovate comments Co-authored-by: Misha Sugakov <537715+msugakov@users.noreply.github.com> --- .github/renovate.json5 | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 0733abf..0c9d68f 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -58,17 +58,15 @@ "**/*konflux*.Containerfile", ], }, - // Automerge all rpm-lockfile security updates. This is configured separately from other package managers. + // Turns on automerge for the RPM updates coming with CVE fixes. // https://konflux-ci.dev/docs/mintmaker/rpm-lockfile/#how-to-enable-automerge-for-rpm-security-updates "rpmVulnerabilityAutomerge": "ALL", - // RPM lockfile updates need to be set explicitly to automerge, separately from other package managers. + // Turns on automerge for the RPM updates without CVE fixes. + // The same settings as in `packageRules` below. See comments/explanations there. "lockFileMaintanance": { "automerge": true, - // A known issue is that some non-Konflux CI jobs currently fail, which may prevent successful auto-merging with a "branch" auto-merge setting. - // Therefore, we use PR merge type and have automation approve PRs. "automergeType": "pr", "automergeStrategy": "squash", - // Tell Renovate that it can automerge branches at any time of the day. "automergeSchedule": [ "at any time", ], From 0533c8b2188c97e9bc266414a7c75181434f309b Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Wed, 18 Feb 2026 11:51:49 +0100 Subject: [PATCH 4/4] Fix typo --- .github/renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 0c9d68f..45086bc 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -63,7 +63,7 @@ "rpmVulnerabilityAutomerge": "ALL", // Turns on automerge for the RPM updates without CVE fixes. // The same settings as in `packageRules` below. See comments/explanations there. - "lockFileMaintanance": { + "lockFileMaintenance": { "automerge": true, "automergeType": "pr", "automergeStrategy": "squash",