build: migrate from Dependabot to Renovate for dependency updates

2026-01-30 22:24:58 -06:00 · 2025-12-29 16:51:54 -06:00
parent 16fba6aabc
commit 1c333c83fc
2 changed files with 199 additions and 86 deletions
@@ -1,86 +0,0 @@
-# Dependabot Configuration
-# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-#
-# Strategy:
-# - Weekly checks for faster vulnerability detection
-# - Separate patch/minor/major updates to prevent blocking
-# - Auto-merge patches via GitHub branch protection rules
-# - Limit concurrent PRs to avoid spam
-
-version: 2
-updates:
-  # Cargo workspace (all Rust crates)
-  - package-ecosystem: "cargo"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-      day: "monday"
-    open-pull-requests-limit: 5
-    ignore:
-      # Bevy ECS 0.17+ requires API migration
-      - dependency-name: "bevy_ecs"
-        versions: ["0.17.x", "0.18.x", "0.19.x"]
-      # jsonwebtoken 10+ requires crypto backend feature flag
-      - dependency-name: "jsonwebtoken"
-        versions: ["10.x", "11.x"]
-    groups:
-      rust-patches:
-        applies-to: "version-updates"
-        update-types: ["patch"]
-      rust-minor:
-        applies-to: "version-updates"
-        update-types: ["minor"]
-      rust-major:
-        applies-to: "version-updates"
-        update-types: ["major"]
-    labels:
-      - "dependencies"
-      - "rust"
-
-  # Frontend (web/) - Uses bun, but npm ecosystem for Dependabot compatibility
-  - package-ecosystem: "npm"
-    directory: "/web"
-    schedule:
-      interval: "weekly"
-      day: "monday"
-    open-pull-requests-limit: 5
-    groups:
-      frontend-patches:
-        applies-to: "version-updates"
-        update-types: ["patch"]
-      frontend-minor:
-        applies-to: "version-updates"
-        update-types: ["minor"]
-      frontend-major-framework:
-        applies-to: "version-updates"
-        update-types: ["major"]
-        patterns:
-          - "react"
-          - "react-dom"
-          - "vike"
-          - "vite"
-      frontend-major-other:
-        applies-to: "version-updates"
-        update-types: ["major"]
-        exclude-patterns:
-          - "react"
-          - "react-dom"
-          - "vike"
-          - "vite"
-    labels:
-      - "dependencies"
-      - "frontend"
-
-  # GitHub Actions
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-      day: "monday"
-    open-pull-requests-limit: 5
-    groups:
-      github-actions:
-        patterns: ["*"]
-    labels:
-      - "dependencies"
-      - "github-actions"
@@ -0,0 +1,199 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended",
+    "helpers:pinGitHubActionDigests",
+    ":semanticCommits"
+  ],
+  "description": "Renovate configuration for Pac-Man project with logical dependency grouping",
+  "schedule": ["at any time"],
+  "timezone": "America/Chicago",
+  "prConcurrentLimit": 10,
+  "prHourlyLimit": 4,
+  "separateMajorMinor": true,
+  "separateMultipleMajor": true,
+  "labels": ["dependencies"],
+  "minimumReleaseAge": "3 days",
+  "packageRules": [
+    {
+      "description": "Game core dependencies from pacman crate",
+      "groupName": "game-core",
+      "matchManagers": ["cargo"],
+      "matchPackageNames": [
+        "bevy*",
+        "glam",
+        "sdl2",
+        "pathfinding",
+        "rand",
+        "smallvec",
+        "bitflags",
+        "phf",
+        "micromap",
+        "strum*",
+        "thousands",
+        "num-width",
+        "circular-buffer"
+      ],
+      "matchUpdateTypes": ["patch", "minor"],
+      "labels": ["dependencies", "rust", "game"]
+    },
+    {
+      "description": "Server core dependencies from pacman-server crate",
+      "groupName": "server-core",
+      "matchManagers": ["cargo"],
+      "matchPackageNames": [
+        "axum*",
+        "tower-http",
+        "oauth2",
+        "sqlx",
+        "reqwest",
+        "jsonwebtoken",
+        "s3-tokio",
+        "rustls",
+        "dashmap",
+        "figment",
+        "dotenvy",
+        "chrono",
+        "async-trait",
+        "yansi",
+        "mockall",
+        "image",
+        "sha2"
+      ],
+      "matchUpdateTypes": ["patch", "minor"],
+      "labels": ["dependencies", "rust", "server"]
+    },
+    {
+      "description": "Tokio async runtime ecosystem",
+      "groupName": "tokio-ecosystem",
+      "matchManagers": ["cargo"],
+      "matchPackageNames": ["tokio", "hyper*", "http", "bytes"],
+      "matchUpdateTypes": ["patch", "minor"],
+      "labels": ["dependencies", "rust", "tokio"]
+    },
+    {
+      "description": "Serde serialization ecosystem",
+      "groupName": "serde-ecosystem",
+      "matchManagers": ["cargo"],
+      "matchPackageNames": ["serde*"],
+      "matchUpdateTypes": ["patch", "minor"],
+      "labels": ["dependencies", "rust", "serde"]
+    },
+    {
+      "description": "Tracing and logging infrastructure",
+      "groupName": "tracing",
+      "matchManagers": ["cargo"],
+      "matchPackageNames": ["tracing*"],
+      "matchUpdateTypes": ["patch", "minor"],
+      "labels": ["dependencies", "rust", "tracing"]
+    },
+    {
+      "description": "Error handling libraries",
+      "groupName": "error-handling",
+      "matchManagers": ["cargo"],
+      "matchPackageNames": ["thiserror", "anyhow", "tracing-error"],
+      "matchUpdateTypes": ["patch", "minor"],
+      "labels": ["dependencies", "rust"]
+    },
+    {
+      "description": "Platform and system-level dependencies",
+      "groupName": "platform-deps",
+      "matchManagers": ["cargo"],
+      "matchPackageNames": ["windows*", "libc", "parking_lot", "time"],
+      "matchUpdateTypes": ["patch", "minor"],
+      "labels": ["dependencies", "rust", "platform"]
+    },
+    {
+      "description": "Rust dev and test dependencies",
+      "groupName": "rust-dev-deps",
+      "matchManagers": ["cargo"],
+      "matchDepTypes": ["dev-dependencies"],
+      "matchUpdateTypes": ["patch", "minor"],
+      "labels": ["dependencies", "rust", "dev"]
+    },
+    {
+      "description": "Rust major version updates - create individual PRs without automerge",
+      "matchManagers": ["cargo"],
+      "matchUpdateTypes": ["major"],
+      "labels": ["dependencies", "rust", "major"]
+    },
+    {
+      "description": "Block bevy_ecs 0.17+ until API migration is done",
+      "matchManagers": ["cargo"],
+      "matchPackageNames": ["bevy_ecs"],
+      "allowedVersions": "<0.17.0"
+    },
+    {
+      "description": "Block jsonwebtoken 10+ until crypto backend feature flag is configured",
+      "matchManagers": ["cargo"],
+      "matchPackageNames": ["jsonwebtoken"],
+      "allowedVersions": "<10.0.0"
+    },
+    {
+      "description": "Frontend framework dependencies",
+      "groupName": "frontend-framework",
+      "matchManagers": ["npm"],
+      "matchPackageNames": ["react*", "vike*", "vite", "@vitejs/*"],
+      "matchUpdateTypes": ["patch", "minor"],
+      "labels": ["dependencies", "frontend", "framework"]
+    },
+    {
+      "description": "Frontend styling and CSS tooling",
+      "groupName": "frontend-styling",
+      "matchManagers": ["npm"],
+      "matchPackageNames": ["tailwindcss", "postcss*", "@tailwindcss/*"],
+      "matchUpdateTypes": ["patch", "minor"],
+      "labels": ["dependencies", "frontend", "styling"]
+    },
+    {
+      "description": "Frontend fonts",
+      "groupName": "frontend-fonts",
+      "matchManagers": ["npm"],
+      "matchPackageNames": ["@fontsource/*"],
+      "matchUpdateTypes": ["patch", "minor"],
+      "labels": ["dependencies", "frontend"]
+    },
+    {
+      "description": "ESLint and code quality tools",
+      "groupName": "frontend-linting",
+      "matchManagers": ["npm"],
+      "matchPackageNames": ["eslint*", "prettier", "@eslint/*"],
+      "matchUpdateTypes": ["patch", "minor"],
+      "labels": ["dependencies", "frontend", "dev"]
+    },
+    {
+      "description": "TypeScript and type definitions",
+      "groupName": "frontend-types",
+      "matchManagers": ["npm"],
+      "matchPackageNames": ["typescript", "@types/*", "typescript-eslint"],
+      "matchUpdateTypes": ["patch", "minor"],
+      "labels": ["dependencies", "frontend", "types"]
+    },
+    {
+      "description": "Frontend major version updates - create individual PRs without automerge",
+      "matchManagers": ["npm"],
+      "matchUpdateTypes": ["major"],
+      "labels": ["dependencies", "frontend", "major"]
+    },
+    {
+      "description": "GitHub Actions updates - automerge patch and minor",
+      "groupName": "github-actions",
+      "matchManagers": ["github-actions"],
+      "matchUpdateTypes": ["patch", "minor"],
+      "labels": ["dependencies", "github-actions"],
+      "automerge": true
+    },
+    {
+      "description": "GitHub Actions major updates - individual PRs without automerge",
+      "matchManagers": ["github-actions"],
+      "matchUpdateTypes": ["major"],
+      "labels": ["dependencies", "github-actions", "major"]
+    },
+    {
+      "description": "Enable bun package manager support",
+      "matchManagers": ["bun"],
+      "enabled": true,
+      "labels": ["dependencies", "bun"]
+    }
+  ]
+}