Add Renovate for automated tool updates#62
Conversation
There was a problem hiding this comment.
Pull request overview
Adds Renovate-based automation so tool versions pinned in the build matrix (.github/workflows/build.yml) can be updated automatically, rather than by hand. A new daily workflow runs Renovate using a checked-in renovate.json5 configuration that defines two custom regex managers (cargo and Go tools) plus a 7-day age gate to avoid landing brand-new releases.
Changes:
- New
renovate.json5withconfig:recommended, aminimumReleaseAge: '7 days'gate, and tworegexcustom managers targeting cargo crates and Go tools inbuild.yml. - New
.github/workflows/renovate.ymlrunning daily on a schedule plusworkflow_dispatchandpull_request(dry-run on PRs), with minimal global permissions and job-scopedcontents: write/pull-requests: write. - Renovate is configured against the current repo/branch so configuration on the default branch is not required.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
renovate.json5 |
New Renovate config: recommended preset, 7-day age gate, and two custom regex managers for cargo (crate datasource) and Go (go datasource, strips leading v) entries in build.yml. |
.github/workflows/renovate.yml |
New workflow that runs renovatebot/github-action daily (and on workflow_dispatch / pull_request dry-run) with concurrency control, empty default permissions, and write permissions scoped to the job. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 380d2006ba
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
As codex points out this will not work. |
What
Add a daily Renovate GitHub Actions workflow that updates the versions of tools in the build workflow.
Why
The build matrix pins tool versions in workflow YAML, and those tool versions quickly go out of date and updating them is today a manual annoying process. Renovate can update them. Renovate's default managers do not understand the build.yml file. A custom regex is used to find versions. The 7-day age gate avoids landing brand-new releases.