Migrate from dependabot to renovatebot
Opened this issue · 0 comments
Now that we have pinned versions for all our gh actions it's hard to make sense of them. Renovate bot supports a feature that keep the vesions up to date (and pinned to sha), but also put a comment with human readable sem-ver triplet as a comment.
Other handy feature that would be great for us is grouping the dependency updates together (either based on non-major updates or framework-wise).
Last but not least it would be nice to have some throttling mechanism in place so that only N pull requests could be opened simultaneously. I think this is supported also in dependabot, however the previous features are not atm.
Some example renovate config that could work also for k8gb: https://github.com/jkremser/log2rbac-operator/blob/master/renovate.json