Skip to content

chore: adopt Renovate for dependency updates#7292

Open
prabinoid wants to merge 1 commit into
developfrom
chore/renovate-dependency-upgrade
Open

chore: adopt Renovate for dependency updates#7292
prabinoid wants to merge 1 commit into
developfrom
chore/renovate-dependency-upgrade

Conversation

@prabinoid

Copy link
Copy Markdown
Collaborator

What type of PR is this? (check all applicable)

  • 🍕 Feature
  • 🐛 Bug Fix
  • 📝 Documentation
  • 🧑‍💻 Refactor
  • ✅ Test
  • 🤖 Build or CI
  • ❓ Other (please specify)

Related Issue

Fixes #7183

Describe this PR

Adds renovate.json to automate dependency updates with Renovate, per
docs 0012
(reduce GitHub vendor lock-in). Supersedes the Dependabot config in #7274.

  • Four ecosystems only: pep621, npm, dockerfile, docker-compose
    (GitHub Actions intentionally excluded)
  • Weekly batch (Mon, UTC), minor/patch grouped into consolidated PRs
  • Direct deps only; legacy requirements.txt skipped
  • No auto-merge; major updates held behind Dependency Dashboard approval
  • ignoreDeps for critical pins: postgis/postgis, python, node, and
    TM's own ghcr.io/hotosm/tasking-manager/* images

renovate.json validates against the Renovate schema. It does nothing until
the Renovate app has access to this repo.

I think Renovate is already installed on the org (it's active on
field-tm), so this probably just needs tasking-manager added to the app's
repo access rather than a fresh install.

Alternative Approaches Considered

Dependabot (#7274) — dropped in favour of Renovate per ADR 0012; this ports
that config's intent.

@prabinoid prabinoid requested a review from anilrajrimal1 July 9, 2026 08:49
@sonarqubecloud

sonarqubecloud Bot commented Jul 9, 2026

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Dependency & Framework Health Check

1 participant