renovate-config/rules-java.json5 at main · bcgov/renovate-config · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  // Group Java dependencies for unified update PRs and easier management
  "packageRules": [
    // Pin Java dependencies for security
    {
      "description": "Pin Java dependencies: Pin all digests/SHAs for supply chain security. This ensures reproducible builds and prevents dependency substitution attacks.",
      "matchManagers": [
        "maven",
        "gradle"
      ],
      "pinDigests": true
    },
    // Example: Group all springframework dependencies
    {
      "description": "Group springframework",
      "groupName": "springframework",
      "matchPackageNames": ["/^org\\.springframework/", "/^spring-/"]
    },
    // Group all non-major Maven dependencies
    {
      "groupName": "maven all non-major dependencies",
      "groupSlug": "maven all-minor-patch",
      "matchManagers": [
        "maven"
      ],
      "matchUpdateTypes": [
        "minor",
        "patch"
      ],
      "minimumReleaseAge": "7 days"
    },
    {
      "description": "Group Java ecosystem: Combine Maven and Gradle updates into single PRs. Java dependencies should be updated together to maintain compatibility and avoid version conflicts.",
      "matchManagers": [
        "maven",
        "gradle"
      ],
      "matchUpdateTypes": [
        "minor",
        "patch"
      ],
      "groupName": "java dependencies",
      "groupSlug": "java"
    }
    // Add more grouping rules as needed for your Java ecosystem
  ]
}