From db72da4fa4f2690706d9de96c874e17755f19e35 Mon Sep 17 00:00:00 2001 From: Joshua Fernandes Date: Fri, 27 Mar 2026 11:59:10 +1000 Subject: [PATCH 1/2] add renovate --- .github/workflows/renovatebot.yml | 23 +++++++++++++++++++++++ renovate.json | 23 +++++++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 .github/workflows/renovatebot.yml create mode 100644 renovate.json diff --git a/.github/workflows/renovatebot.yml b/.github/workflows/renovatebot.yml new file mode 100644 index 000000000..97d9352d7 --- /dev/null +++ b/.github/workflows/renovatebot.yml @@ -0,0 +1,23 @@ +name: renovatebot + +on: + push: + branches: + - master + paths: + - '.github/workflows/**' + workflow_dispatch: + +jobs: + renovatebot-check: + runs-on: ubuntu-24.04 + environment: security + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + + - name: Run renovatebot + uses: ConsenSys/github-actions/renovatebot@0dbddeeb180c249e624dc1681c67f22325daedd5 # main + with: + GH_APP_ID: ${{ secrets.GH_APP_ID }} + GH_PRIVATE_KEY: ${{ secrets.GH_PRIVATE_KEY }} + GH_REPOSITORY: ${{ github.repository }} diff --git a/renovate.json b/renovate.json new file mode 100644 index 000000000..4112e4335 --- /dev/null +++ b/renovate.json @@ -0,0 +1,23 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:recommended" + ], + "dependencyDashboard": false, + "packageRules": [ + { + "description": "1. Pin all GitHub Actions to sha256 digests by default", + "matchManagers": ["github-actions"], + "pinDigests": true + }, + { + "description": "2. For trusted actions, allow updates", + "matchManagers": ["github-actions"], + "matchPackageNames": [ + "actions/**", + "consensys/github-actions/**" + ], + "pinDigests": true + } + ] +} \ No newline at end of file From 3920e05b0add0460e8209ac517548e97d46d8cad Mon Sep 17 00:00:00 2001 From: Joshua Fernandes Date: Tue, 14 Apr 2026 13:32:52 +1000 Subject: [PATCH 2/2] updates --- .github/dependabot.yml | 13 +++++++++++++ .github/workflows/renovatebot.yml | 2 ++ CODEOWNERS | 3 +++ renovate.json | 12 ++---------- 4 files changed, 20 insertions(+), 10 deletions(-) create mode 100644 .github/dependabot.yml create mode 100644 CODEOWNERS diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..194b6b3c7 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,13 @@ +version: 2 + +updates: + # Java/Gradle deps + - package-ecosystem: "gradle" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + time: "09:00" + open-pull-requests-limit: 5 + labels: + - "dependencies" diff --git a/.github/workflows/renovatebot.yml b/.github/workflows/renovatebot.yml index 97d9352d7..f52b85af6 100644 --- a/.github/workflows/renovatebot.yml +++ b/.github/workflows/renovatebot.yml @@ -1,6 +1,8 @@ name: renovatebot on: + schedule: + - cron: "15 3 1 * *" push: branches: - master diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 000000000..743730bef --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1,3 @@ +* @consensys/protocols + +.github/workflows/ @consensys/protocols @consensys/protocol-galileo \ No newline at end of file diff --git a/renovate.json b/renovate.json index 4112e4335..cb2f205e4 100644 --- a/renovate.json +++ b/renovate.json @@ -3,21 +3,13 @@ "extends": [ "config:recommended" ], + "enabledManagers": ["github-actions"], "dependencyDashboard": false, "packageRules": [ { - "description": "1. Pin all GitHub Actions to sha256 digests by default", + "description": "Pin all GitHub Actions to SHA digests", "matchManagers": ["github-actions"], "pinDigests": true - }, - { - "description": "2. For trusted actions, allow updates", - "matchManagers": ["github-actions"], - "matchPackageNames": [ - "actions/**", - "consensys/github-actions/**" - ], - "pinDigests": true } ] } \ No newline at end of file