Skip to content

chore(deps): restrict Phase 1 to minimal lockfile maintenance without proactive Gemfile bumps#34759

Open
torreypayne wants to merge 2 commits into
mainfrom
chore/restrict-renovate-lockfiles-only
Open

chore(deps): restrict Phase 1 to minimal lockfile maintenance without proactive Gemfile bumps#34759
torreypayne wants to merge 2 commits into
mainfrom
chore/restrict-renovate-lockfiles-only

Conversation

@torreypayne

@torreypayne torreypayne commented Jul 13, 2026

Copy link
Copy Markdown
Member

Overview

Restricts Renovate Phase 1 (core handwritten gems lockfiles) so that it prioritizes scheduled Gemfile.lock maintenance (bundle lock --update) while disabling proactive Gemfile dependency upgrades across the board (matchDatasources: ["rubygems"] -> enabled: false).

Details

  • Minimal Lockfile Maintenance Mode: By setting matchDatasources: ["rubygems"], enabled: false across the 9 Phase 1 gems (google-cloud-core, google-cloud-storage, google-cloud-pubsub, google-cloud-bigquery, google-cloud-errors, google-cloud-resource_manager, google-cloud-bigtable, google-cloud-logging, google-cloud-monitoring), Renovate will not open proactive version bump PRs (major, minor, patch) on a daily basis.
  • Scheduled Maintenance (lockFileMaintenance): Runs once every morning before 5am (schedule: ["before 5am"]) under rangeStrategy: "update-lockfile" to refresh Gemfile.lock files across Phase 1 (core handwritten gems lockfiles).
  • Synchronizing Necessary Constraints: When bundle lock --update runs under Renovate's Bundler manager, Renovate does the absolute minimum necessary to maintain lockfiles without breaking builds—automatically keeping internal monorepo package bounds (connection-v1) and stale test/style utilities (minitest-reporters) synchronized inside Gemfile if they drift from the refreshed lockfile.
  • Phase 2 Ready: When the team is ready to allow proactive Gemfile dependency bumps across Phase 1, simply delete the matchDatasources exclusion rule from .github/renovate.json5.

@torreypayne torreypayne requested review from a team and yoshi-approver as code owners July 13, 2026 23:39
@torreypayne torreypayne added the do not merge Indicates a pull request not ready for merge, due to either quality or timing. label Jul 14, 2026
@torreypayne torreypayne removed the do not merge Indicates a pull request not ready for merge, due to either quality or timing. label Jul 14, 2026
@torreypayne torreypayne changed the title chore(deps): restrict Phase 1 to strictly Gemfile.lock maintenance and disable Gemfile bumps chore(deps): restrict Phase 1 to minimal lockfile maintenance without proactive Gemfile bumps Jul 14, 2026
Comment thread .github/renovate.json5

@quartzmo quartzmo left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving, pending rebase on #34787

… proactive Gemfile bumps

Restricts Renovate Phase 1 (`core handwritten gems lockfiles`) so that it prioritizes scheduled `Gemfile.lock` maintenance (`bundle lock --update`) while disabling proactive `Gemfile` dependency upgrades across the board (`matchDatasources: ["rubygems"] -> enabled: false`).

Note: Even though proactive package updates (`rubygems`) are disabled, when `lockFileMaintenance` runs under Renovate's bundler manager, it can still trigger `Gemfile` constraint updates to synchronize out-of-date bounds (e.g., internal monorepo gems or dev utilities) with the refreshed `Gemfile.lock`.
@torreypayne torreypayne force-pushed the chore/restrict-renovate-lockfiles-only branch from af31b0c to b48376c Compare July 14, 2026 22:36
Comment thread .github/renovate.json5 Outdated
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants