renovate: leave bumping GitHub Actions to Dependabot

To avoid update noise. Renovate bumps everything instantly, meaning a major version a couple hours after release, then all minor bugfix releases throughout the next 1-2 days. Also putting major versions in a different group than the bugfix release, and there is no support for a cooldown period. After this patch GitHub's Dependabot remains the single tool responsible to bump GitHub Actions, once a month, grouped, with a cooldown period. In sync with most other curl repos. Both Renovate and Dependabot keep bumping pinned pips for now. Also Renovate keeps updating C dependencies and Dockerfile. Closes #19954
2026-01-18 17:21:26 +01:00 · 2025-12-12 23:30:45 +01:00
parent 1c8c34c88e
commit a9b1be555a
1 changed files with 0 additions and 10 deletions
--- a/renovate.json
+++ b/renovate.json
@@ -6,15 +6,6 @@
  ],
  "semanticCommitType": "ci",
  "packageRules": [
-    {
-      "matchManagers": [
-        "github-actions"
-      ],
-      "commitMessagePrefix": "GHA: ",
-      "labels": [
-        "CI"
-      ]
-    },
    {
      "matchUpdateTypes": [
        "pin",
@@ -47,7 +38,6 @@
    {
      "description": "Schedule package updates on the 10th of each month",
      "matchPackageNames": [
-        "/codeql/i",
        "/ruff/i"
      ],
      "groupName": "monthly updates by name",