diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..73bbb7a9c --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,69 @@ +version: 2 +updates: + - package-ecosystem: npm + directory: / + schedule: + interval: weekly + day: monday + time: "09:00" + timezone: Asia/Tokyo + open-pull-requests-limit: 5 + labels: + - dependencies + versioning-strategy: increase + commit-message: + prefix: chore + include: scope + cooldown: + default-days: 2 + groups: + production-non-major: + dependency-type: production + update-types: + - patch + - minor + development-non-major: + dependency-type: development + update-types: + - patch + - minor + + - package-ecosystem: github-actions + directory: / + schedule: + interval: weekly + day: monday + time: "09:00" + timezone: Asia/Tokyo + open-pull-requests-limit: 5 + labels: + - dependencies + commit-message: + prefix: chore + cooldown: + default-days: 2 + groups: + github-actions: + patterns: + - "*" + + - package-ecosystem: docker-compose + directory: / + schedule: + interval: weekly + day: monday + time: "09:00" + timezone: Asia/Tokyo + open-pull-requests-limit: 5 + labels: + - dependencies + commit-message: + prefix: chore + cooldown: + default-days: 2 + ignore: + - dependency-name: s0hirano/embedding-api + groups: + docker-compose: + patterns: + - "*" diff --git a/.github/renovate.json5 b/.github/renovate.json5 index bb5a0a548..b7f46d3c5 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -14,20 +14,22 @@ reviewers: [ 's-hirano-ist', ], + // Dependabot がサポートしない範囲のみ Renovate で扱う: + // - mise / nvm: ツールバージョン管理 + // - biome customManager: extends の customManagers:biomeVersions が拾う + // - lockFileMaintenance: 四半期に pnpm-lock 全リフレッシュ + // npm / github-actions / docker-compose は .github/dependabot.yml に移行済み。 enabledManagers: [ - 'npm', - 'github-actions', - 'docker-compose', 'mise', 'nvm', ], - // Mend Cloud で pnpm install の lifecycle scripts (sharp / @prisma/engines / - // @sentry/cli / esbuild) がメモリを使い切り OOM kill される問題への対処。 + // Mend Cloud / self-host いずれでも pnpm install の lifecycle scripts (sharp / + // @prisma/engines / @sentry/cli / esbuild) によるメモリ消費を抑える保険。 // CI (--frozen-lockfile) と本番 deploy 側の install では通常通りバイナリを取得する。 ignoreScripts: true, dependencyDashboard: true, - branchConcurrentLimit: 3, - prConcurrentLimit: 5, + branchConcurrentLimit: 2, + prConcurrentLimit: 2, separateMultipleMajor: false, schedule: [ 'before 11am on monday', @@ -49,52 +51,6 @@ ], }, packageRules: [ - { - matchManagers: [ - 'npm', - ], - matchUpdateTypes: [ - 'patch', - 'minor', - ], - matchPackageNames: [ - '*', - ], - matchDepTypes: [ - 'dependencies', - 'peerDependencies', - ], - groupName: 'non-major', - minimumReleaseAge: '2 days', - }, - { - matchManagers: [ - 'npm', - ], - matchUpdateTypes: [ - 'patch', - 'minor', - ], - matchPackageNames: [ - '*', - ], - matchDepTypes: [ - 'devDependencies', - ], - groupName: 'non-major (devDependencies)', - groupSlug: 'non-major-dev', - minimumReleaseAge: '2 days', - automerge: true, - }, - { - matchManagers: [ - 'github-actions', - ], - groupName: 'GitHub Actions', - groupSlug: 'github-actions', - minimumReleaseAge: '2 days', - automerge: true, - }, { matchManagers: [ 'mise', @@ -111,7 +67,6 @@ ], matchManagers: [ 'mise', - 'npm', 'nvm', ], groupName: 'node and pnpm', @@ -119,21 +74,5 @@ minimumReleaseAge: '2 days', automerge: false, }, - { - matchManagers: [ - 'docker-compose', - ], - minimumReleaseAge: '2 days', - automerge: true, - }, - { - matchManagers: [ - 'docker-compose', - ], - matchPackageNames: [ - 's0hirano/embedding-api', - ], - enabled: false, - }, ], } diff --git a/.github/workflows/dependabot-auto-merge.yaml b/.github/workflows/dependabot-auto-merge.yaml new file mode 100644 index 000000000..1a6d3519b --- /dev/null +++ b/.github/workflows/dependabot-auto-merge.yaml @@ -0,0 +1,38 @@ +name: dependabot-auto-merge + +on: + pull_request: + types: [opened, reopened, synchronize, ready_for_review] + +permissions: {} + +jobs: + auto-merge: + if: github.actor == 'dependabot[bot]' + runs-on: ubuntu-24.04 + timeout-minutes: 5 + permissions: + contents: write + pull-requests: write + steps: + - name: Fetch Dependabot metadata + id: meta + uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 # v3.1.0 + + - name: Enable auto-merge for low-risk updates + # Renovate 旧設定相当: + # - devDependencies (npm) の patch/minor: automerge + # - github-actions の patch/minor: automerge + # - docker-compose の patch/minor: automerge + # production deps と major は手動レビュー (auto-merge しない)。 + if: | + steps.meta.outputs.update-type != 'version-update:semver-major' && ( + (steps.meta.outputs.package-ecosystem == 'npm' && + steps.meta.outputs.dependency-type == 'direct:development') || + steps.meta.outputs.package-ecosystem == 'github_actions' || + steps.meta.outputs.package-ecosystem == 'docker_compose' + ) + run: gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml deleted file mode 100644 index 90ee272e0..000000000 --- a/.github/workflows/renovate.yaml +++ /dev/null @@ -1,54 +0,0 @@ -name: renovate - -permissions: {} - -on: - schedule: - # 00:00 UTC Mon = 09:00 JST Mon。renovate.json5 内の - # `before 11am on monday` 設定で PR 生成ウィンドウは Renovate 側でゲートされる。 - - cron: "0 0 * * 1" - workflow_dispatch: - inputs: - logLevel: - description: ログレベル - type: choice - default: info - options: [info, debug] - dryRun: - description: dry-run (書き込みなしでログ出力のみ) - type: boolean - default: false - # NOTE: `issues: edited` トリガーは外している。Renovate 自身が - # Dependency Dashboard issue の body を毎回更新するため、トリガーを残すと - # 「Renovate run が dashboard を更新 → issues:edited が発火 → 別の run が起動」 - # の自走ループになり大量の `repository-changed` abort を生む。 - # PAT 所有者と人間ユーザが同一なので sender フィルタも効かない。 - # Dashboard checkbox を toggle しても次の scheduled / workflow_dispatch run で - # 読み取られるので機能は失われない (即時反応しなくなるだけ)。 - -jobs: - renovate: - runs-on: ubuntu-24.04 - timeout-minutes: 60 - concurrency: - group: renovate - cancel-in-progress: false - steps: - - name: Self-hosted Renovate - uses: renovatebot/github-action@79dc0ba74dc3de28db0a7aeb1d0b95d5bf5fde2a # v46.1.13 - with: - token: ${{ secrets.RENOVATE_TOKEN }} - env: - # Mend Cloud は 3GB cap で OOM kill されていたため self-host へ移行。 - # ubuntu-24.04 runner は ~7GB メモリを持つので Node ヒープに 6GB 割り当てる。 - NODE_OPTIONS: --max-old-space-size=6144 - LOG_LEVEL: ${{ inputs.logLevel || 'info' }} - RENOVATE_DRY_RUN: ${{ inputs.dryRun && 'full' || '' }} - RENOVATE_REPOSITORIES: ${{ github.repository }} - RENOVATE_PLATFORM: github - # PAT 所有者 (s-hirano-ist) を commit author に固定。 - # 既定値の renovate@whitesourcesoftware.com は Mend 所有アドレスのため警告が出る。 - RENOVATE_GIT_AUTHOR: "s-hirano-ist " - # schedule trigger 以外 (workflow_dispatch / issues / pull_request) は - # ユーザの能動的なアクションなので renovate.json5 の schedule を無視して即時実行する。 - RENOVATE_FORCE: ${{ github.event_name != 'schedule' && '{"schedule":[]}' || '' }}