Skip to content

Update Dependency Management using Renovate Best Practices #191

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
harryswift01 merged 2 commits into from
Nov 18, 2025
Merged

Update Dependency Management using Renovate Best Practices #191

harryswift01 merged 2 commits into from
Nov 18, 2025

Conversation

@harryswift01
Copy link
Contributor

@harryswift01 harryswift01 commented Nov 18, 2025

Summary

This PR will update the Renovate configuration and workflow to follow best practices for stability, security, and reproducibility.

Changes

Renovate Configuration

  • Replaced deprecated config:base with config:best-practices.
  • Added :pinAllExceptPeerDependencies to enforce full dependency pinning.
  • Enabled :dependencyDashboard for visibility.
  • Added grouping rules (group:monorepos, group:recommended) to reduce PR noise.
  • Set rangeStrategy to pin for deterministic builds.
  • Enabled lockfile maintenance.
  • Added package rule to prevent automerge for minor/patch updates until CI passes.

GitHub Actions Workflow

  • Added concurrency control to prevent overlapping runs.
  • Enabled debug logging for troubleshooting.

Impact

  • CI runs become deterministic and less prone to breakage from upstream changes.
  • Dependency updates are isolated, reviewed, and validated before merging.
  • Improves security by pinning digests and flagging abandoned packages.
  • Reduces manual maintenance effort through automated updates.

@harryswift01 harryswift01 self-assigned this Nov 18, 2025
@harryswift01 harryswift01 added the github_actions Pull requests that update GitHub Actions code label Nov 18, 2025
@harryswift01 harryswift01 linked an issue Nov 18, 2025 that may be closed by this pull request
Update Dependency Management Strategy to Use Renovate Best Practices #190
Closed
@harryswift01 harryswift01 changed the title 190 update dependency management Update Dependency Management using Renovate Best Practices Nov 18, 2025
@harryswift01 harryswift01 requested a review from jimboid November 18, 2025 12:10
jimboid
jimboid approved these changes Nov 18, 2025
View reviewed changes
Copy link
Member

@jimboid jimboid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a significant improvement to what was already a pretty decent start with renovate. The concurrency handling is a nice touch.

@harryswift01 harryswift01 merged commit f3d3920 into main Nov 18, 2025
19 of 43 checks passed
@harryswift01 harryswift01 deleted the 190-update-dependency-management branch November 18, 2025 13:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jimboid jimboid jimboid approved these changes

Assignees

@harryswift01 harryswift01

Labels

github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Update Dependency Management Strategy to Use Renovate Best Practices

3 participants

@harryswift01 @jimboid