chore: add Renovate configuration for automated dependency updates#29
Conversation
narutiga
commented
Jun 9, 2026
- Configure Renovate with best-practices and js-app presets
- Auto-merge minor updates, linters, testers, and type definitions
- Enable vulnerability alerts with automatic merging (security label)
- Set timezone to Asia/Tokyo for predictable update timing
- Allow unlimited concurrent PR creation for responsive updates
- Configure Renovate with best-practices and js-app presets - Auto-merge minor updates, linters, testers, and type definitions - Enable vulnerability alerts with automatic merging (security label) - Set timezone to Asia/Tokyo for predictable update timing - Allow unlimited concurrent PR creation for responsive updates Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c3fb18dce2
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Add TypeScript type checking workflow for pull requests: - Runs on PR to main and merge_group - Validates TypeScript compilation with tsc --noEmit - Uses pnpm with frozen lockfile for reproducibility - Caches dependencies for faster CI execution Update Renovate configuration for safe automerge: - Set platformAutomerge: false to delegate merge control to Renovate - Renovate will now wait for CI status checks before automerging - Prevents merging before tests complete or after failures IMPORTANT: Branch protection rule must be configured on GitHub: - Require status checks to pass before merging - Select "TypeScript Type Check" as required check See: https://docs.renovatebot.com/key-concepts/automerge/#platform-automerge Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Add TypeScript type checking workflow for pull requests: - Runs on PR to main and merge_group - Validates TypeScript compilation with tsc --noEmit - Uses pnpm with frozen lockfile for reproducibility - Caches dependencies for faster CI execution Update Renovate configuration for safe automerge: - Set platformAutomerge: false to delegate merge control to Renovate - Renovate will now wait for CI status checks before automerging - Prevents merging before tests complete or after failures IMPORTANT: Branch protection rule must be configured on GitHub: - Require status checks to pass before merging - Select "TypeScript Type Check" as required check See: https://docs.renovatebot.com/key-concepts/automerge/#platform-automerge Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Resolve merge conflict: keep pnpm setup before Node.js setup
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 4000df2583
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
pnpm/action-setup@v2 is no longer compatible with newer Node.js versions used by GitHub-hosted runners. Upgrade to v4 to ensure CI passes. This prevents CI from blocking Renovate PRs and merge-queue entries at the pnpm install step.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 426665e951
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Disable automerge for 0.x versions (@libsql/client, drizzle-orm) where minor updates can legally contain breaking API/runtime changes. Since CI only runs tsc --noEmit (no runtime tests), a 0.x minor update like 0.17→0.18 or 0.45→0.46 could introduce breaking database/client changes that pass type checking but fail at runtime. This rule requires manual review for 0.x updates before merging, while keeping automerge enabled for stable 1.0.0+ dependencies and tooling. See: https://docs.renovatebot.com/config-presets/#prevent-0x-dependency-minors-from-automerging
|
Codex Review: Didn't find any major issues. Breezy! ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |