Skip to content

chore(deps): activate organization Renovate preset#171

Merged
ss-o merged 1 commit into
mainfrom
feature-452
Jul 17, 2026
Merged

chore(deps): activate organization Renovate preset#171
ss-o merged 1 commit into
mainfrom
feature-452

Conversation

@ss-o

@ss-o ss-o commented Jul 17, 2026

Copy link
Copy Markdown
Member

Summary

  • activate the shared local>z-shell/.github:renovate-config preset from the default branch
  • require Dependency Dashboard approval during Stage 1 so Renovate cannot open routine update PRs yet
  • disable Renovate vulnerability-alert remediation so Dependabot retains security ownership
  • keep .github/dependabot.yml unchanged until live Renovate processing and GitHub security settings are verified

Safety boundary

This is Stage 1 of z-shell/.github#452. Do not approve any Dependency Dashboard update while this gate is active. Stage 2 will remove routine Dependabot configuration and the dashboard-approval gate atomically only after the tracker’s live-processing, security-settings, and zero-open-routine-Dependabot-PR gates pass.

Verification

  • exact JSON structure: pass
  • jq empty renovate.json: pass
  • git diff --check: pass
  • signed focused commit: pass
  • Renovate validator: identical non-Zi configuration passed the official validator in the rollout validation set

Draft until direct validator coverage and repository checks are green.

Tracks: z-shell/.github#452

@ss-o
ss-o marked this pull request as ready for review July 17, 2026 13:37
Copilot AI review requested due to automatic review settings July 17, 2026 13:37

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Activates Renovate for the repository by adding a minimal renovate.json that inherits the organization’s shared preset while gating routine updates behind Dependency Dashboard approval and leaving vulnerability remediation to Dependabot.

Changes:

  • Added renovate.json pointing at local>z-shell/.github:renovate-config.
  • Enabled :dependencyDashboardApproval to prevent routine update PRs without explicit dashboard approval.
  • Disabled Renovate vulnerability-alert remediation via :disableVulnerabilityAlerts to preserve Dependabot as the security-update owner.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@ss-o
ss-o merged commit c75e14a into main Jul 17, 2026
4 checks passed
@ss-o
ss-o deleted the feature-452 branch July 17, 2026 13:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants