diff --git a/.github/renovate.json5 b/.github/renovate.json5
new file mode 100644
index 00000000000..ccde026cc22
--- /dev/null
+++ b/.github/renovate.json5
@@ -0,0 +1,35 @@
+{
+  schedule: [
+    'before 3am on the first day of the month',
+  ],
+  semanticCommits: 'enabled',
+  configMigration: true,
+  dependencyDashboard: false,
+  packageRules: [
+    // Goals:
+    // - Rollup safe upgrades to reduce CI runner load
+    // - Have lockfile and manifest in-sync (implicit rules)
+    {
+      matchManagers: [
+        'cargo',
+      ],
+      matchCurrentVersion: '>=0.1.0',
+      matchUpdateTypes: [
+        'patch',
+      ],
+      automerge: false,
+      groupName: 'compatible',
+    },
+    {
+      matchManagers: [
+        'cargo',
+      ],
+      matchCurrentVersion: '>=1.0.0',
+      matchUpdateTypes: [
+        'minor',
+      ],
+      automerge: false,
+      groupName: 'compatible',
+    },
+  ],
+}