## Summary This PR tightens repository quality enforcement around markdown and documentation. It adds `markdownlint` to the `cicd-checks` workflow, expands pre-commit coverage so markdown files are checked repo-wide, and cleans up the PP-58 documentation set to keep it aligned with the new policy. ## What changed - Added a `Markdownlint Check` entry to `.gitea/workflows/cicd-checks.yaml` - Added `markdownlint` to pre-commit and widened prettier coverage to include markdown files across the repo - Updated `README.md` to satisfy markdownlint line-length rules - Normalized the PP-58 documentation set: - `docs/DEPLOYABLE_RUNTIME_CONTRACT.md` - `docs/adr/ADR003-deployable_runtime_image_contract.md` - `docs/DEVELOPMENT.md` - `docs/CICD_MULTI_STAGE_BUILD.md` - `docs/CICD_TROUBLESHOOTING_GUIDE.md` - `docs/SECURE_DOCKER_CICD.md` ## Validation - `pre-commit run markdownlint --files README.md docs/DEPLOYABLE_RUNTIME_CONTRACT.md` - `pre-commit run prettier --files README.md docs/DEPLOYABLE_RUNTIME_CONTRACT.md` - Workflow YAML validation returned no errors ## Notes This change does not alter application runtime behavior. It only strengthens CI and documentation quality enforcement. Co-authored-by: copilotcoder <copilotcoder@darkhelm.org> Reviewed-on: #68
116 lines
4.7 KiB
JSON
116 lines
4.7 KiB
JSON
{
|
|
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
|
"extends": [
|
|
"config:recommended",
|
|
":dependencyDashboard",
|
|
":semanticCommits",
|
|
":separatePatchReleases"
|
|
],
|
|
"timezone": "America/New_York",
|
|
"schedule": ["before 9am every weekday"],
|
|
"prConcurrentLimit": 5,
|
|
"branchConcurrentLimit": 10,
|
|
"prHourlyLimit": 2,
|
|
|
|
"packageRules": [
|
|
{
|
|
"description": "Automerge non-major updates for high-confidence packages",
|
|
"matchUpdateTypes": ["minor", "patch", "pin", "digest"],
|
|
"matchPackagePatterns": [
|
|
"^@types/",
|
|
"^eslint",
|
|
"^prettier",
|
|
"^ruff",
|
|
"^pytest"
|
|
],
|
|
"automerge": true,
|
|
"automergeType": "branch"
|
|
},
|
|
{
|
|
"description": "Group Python dev tools updates",
|
|
"matchManagers": ["uv"],
|
|
"matchCategories": ["python"],
|
|
"matchDepTypes": ["dev-dependencies"],
|
|
"groupName": "Python dev tools",
|
|
"schedule": ["before 9am on monday"]
|
|
},
|
|
{
|
|
"description": "Group Frontend dev tools updates",
|
|
"matchManagers": ["npm"],
|
|
"matchDepTypes": ["devDependencies"],
|
|
"matchPackagePatterns": [
|
|
"^@typescript-eslint/",
|
|
"^eslint",
|
|
"^prettier",
|
|
"^vite",
|
|
"^vitest",
|
|
"^playwright"
|
|
],
|
|
"groupName": "Frontend dev tools",
|
|
"schedule": ["before 9am on monday"]
|
|
},
|
|
{
|
|
"description": "Group Docker base image updates",
|
|
"matchManagers": ["dockerfile"],
|
|
"matchPackageNames": ["ubuntu", "node", "python"],
|
|
"groupName": "Docker base images",
|
|
"schedule": ["before 9am on monday"],
|
|
"automerge": false,
|
|
"reviewersFromCodeOwners": true
|
|
},
|
|
{
|
|
"description": "Security updates - high priority",
|
|
"matchPackagePatterns": [".*"],
|
|
"vulnerabilityAlerts": true,
|
|
"prPriority": 10,
|
|
"automerge": false,
|
|
"labels": ["security"],
|
|
"reviewersFromCodeOwners": true
|
|
},
|
|
{
|
|
"description": "Major updates - require manual review",
|
|
"matchUpdateTypes": ["major"],
|
|
"automerge": false,
|
|
"labels": ["major-update"],
|
|
"prPriority": 5,
|
|
"reviewersFromCodeOwners": true
|
|
}
|
|
],
|
|
|
|
"customManagers": [
|
|
{
|
|
"description": "Update Python version in Dockerfiles",
|
|
"customType": "regex",
|
|
"fileMatch": ["^Dockerfile.*$"],
|
|
"matchStrings": ["FROM python:(?<currentValue>\\d+\\.\\d+)"],
|
|
"datasourceTemplate": "docker",
|
|
"depNameTemplate": "python",
|
|
"versioningTemplate": "loose"
|
|
},
|
|
{
|
|
"description": "Update Node.js version in Dockerfiles",
|
|
"customType": "regex",
|
|
"fileMatch": ["^Dockerfile.*$"],
|
|
"matchStrings": ["FROM node:(?<currentValue>\\d+)"],
|
|
"datasourceTemplate": "docker",
|
|
"depNameTemplate": "node",
|
|
"versioningTemplate": "node"
|
|
}
|
|
],
|
|
|
|
"osvVulnerabilityAlerts": true,
|
|
"vulnerabilityAlerts": {
|
|
"enabled": true,
|
|
"schedule": ["at any time"]
|
|
},
|
|
|
|
"labels": ["dependencies"],
|
|
"commitMessagePrefix": "chore:",
|
|
"commitMessageTopic": "{{depName}}",
|
|
"commitMessageExtra": "to {{newVersion}}",
|
|
"commitMessageSuffix": "",
|
|
|
|
"prTitle": "{{commitMessagePrefix}} {{commitMessageAction}} {{commitMessageTopic}} {{commitMessageExtra}}",
|
|
"prBodyTemplate": "This PR contains the following updates:\n\n| Package | Change | Age | Adoption | Passing | Confidence |\n|---|---|---|---|---|---|\n{{#each upgrades}}\n|{{depName}}|{{#if displayFrom}}`{{{displayFrom}}}` -> `{{{displayTo}}}`{{else}}`{{{newVersion}}}`{{/if}}|[](https://docs.renovatebot.com/merge-confidence/)|[](https://docs.renovatebot.com/merge-confidence/)|[](https://docs.renovatebot.com/merge-confidence/)|[](https://docs.renovatebot.com/merge-confidence/)|\n{{/each}}\n\n---\n\n### Release Notes\n\n{{#each upgrades}}\n{{#if hasReleaseNotes}}\n<details>\n<summary>{{depName}}</summary>\n\n{{#each releases}}\n#### {{title}}\n\n{{#if body}}\n{{body}}\n{{/if}}\n{{/each}}\n\n</details>\n{{/if}}\n{{/each}}\n\n### Configuration\n\n📅 **Schedule**: {{schedule}}\n\n🚦 **Automerge**: {{#if isAutomerge}}Enabled{{else}}Disabled{{/if}}\n\n♻ **Rebasing**: {{#if isRebasing}}Rebasing{{else}}Not rebasing{{/if}}\n\n👥 **Reviewers**: {{#if reviewers}}{{reviewers}}{{else}}None{{/if}}\n\n---\n\n*This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).*"
|
|
}
|