Skip to content

feat: integrate Renovate for automated dependency updates #197

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
matrixise wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: integrate Renovate for automated dependency updates #197

matrixise wants to merge 1 commit into from

Conversation

@matrixise
Copy link
Contributor

@matrixise matrixise commented Feb 3, 2026

Overview

This PR integrates Renovate for automated dependency management, closing #187.

Following the migration to uv, Renovate will automate dependency updates while maintaining our current requirements/*.inrequirements/*.txt pip-compile workflow.

🔒 Configuration Highlights

Heroku-Safe Deployment Strategy

  • Explicit file patterns: Only matches main.txt, dev.txt, production.txt
  • Python 3.13 constraint: Matches our Heroku runtime
  • Smart automerge: Only dev dependencies patches, never production
  • Manual review required: All main.txt and production.txt updates need approval

Intelligent Grouping & Scheduling

  • 🐍 Django/Wagtail ecosystem: Grouped together, Monday mornings
  • 🔐 Security updates: Separate PRs with priority 10
  • 📦 Minor/patch updates: Grouped by type, Monday mornings
  • 🔄 Lock file maintenance: Monthly refresh, first Monday

Rate Limiting

  • Max 3 concurrent PRs
  • Max 2 PRs per hour
  • Prevents PR spam

Disabled Conflicting Managers

"pip_requirements": { "enabled": false },
"pip_setup": { "enabled": false }

Per Renovate documentation, this prevents duplicate runs.

📋 What Happens Next?

  1. Merge this PR with the renovate.json configuration
  2. 🤖 Renovate will create an "onboarding PR" automatically within minutes
  3. 📝 Review the onboarding PR to verify it detected all dependencies correctly
  4. Merge the onboarding PR to activate automated updates
  5. 🎉 Enjoy automated dependency management!

🔗 References

✨ Benefits

  • 🔐 Security: Automated vulnerability alerts with fix PRs
  • ⏱️ Time savings: No more manual task dependencies:upgrade
  • 🎯 Granular control: Group related updates, schedule by day
  • 👁️ Visibility: Track all dependency updates in one place

🤖 Generated with Claude Code

@matrixise @claude
feat: integrate Renovate for automated dependency updates
17c0049 
Add Renovate configuration with pip-compile support for automated
dependency management. Configuration includes:

- Explicit file patterns for main.txt, dev.txt, production.txt
- Python 3.13 constraint matching Heroku runtime
- Django/Wagtail ecosystem grouping with Monday scheduling
- Intelligent automerge: only dev.txt patches, never production
- Security updates prioritized with separate PRs
- Rate limiting to avoid PR spam
- Monthly lock file maintenance

This setup is optimized for safe Heroku deployments with manual
review required for production dependencies.

Closes #187

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@matrixise
Copy link
Contributor Author

matrixise commented Feb 3, 2026

Hi @ulgens

Could you comment/review this PR ?

Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@matrixise