Skip to content

feat(checks): Renovate checks#823

Draft
abkfenris wants to merge 2 commits into
scientific-python:mainfrom
abkfenris:renovate
Draft

feat(checks): Renovate checks#823
abkfenris wants to merge 2 commits into
scientific-python:mainfrom
abkfenris:renovate

Conversation

@abkfenris

@abkfenris abkfenris commented Jun 27, 2026
edited
Loading

Copy link
Copy Markdown

Adds an initial set of checks for Renovate equal to GH200 (REN200 is there a config) and GH210 (REN210 - basic management of GitHub Actions).

Made a choice that as long as there was either Renovate or Dependabot configured, repo review should pass out of the box. To do that added DEP200 that will pass if either a Renovate or Dependabot config exists, and made REN200 and GH200 return None to skip them and downstream checks.

Tries to read all non package.json locations (which is deprecated), but only supports configs that can be parsed by the built in json library.

Closes #463 #740

📚 Documentation preview 📚: https://scientific-python-cookie--823.org.readthedocs.build/

abkfenris and others added 2 commits June 27, 2026 15:30
@abkfenris
feat(checks): renovate support
6096d52 
Adds an initial set of checks for Renovate equal to GH200 (REN200 is there a config) and GH210 (REN210 - basic management of GitHub Actions). 

Made a choice that as long as there was either Renovate or Dependabot configured, repo review should pass out of the box. To do that added DEP200 that will pass if either a Renovate or Dependabot config exists, and made REN200 and GH200 return `None` to skip them and downstream checks.

Tries to read all non `package.json` locations (`package.json`), but only supports configs that can be parsed by the built in `json` library.

Closes scientific-python#463 scientific-python#740
@pre-commit-ci
style: pre-commit fixes
468b0c3
@abkfenris

abkfenris commented Jun 27, 2026

Copy link
Copy Markdown
Author

I manually tested against a range of repos with different renovate configs and locations, some from #463 and others randomly found by searching Github.

Here are roughly the ones per format that I tried:

SUPPORTED_RENOVATE_FILES = [
    "renovate.json",  # gulfofmaine/climatology_py_dash
    "renovate.jsonc",  # jumpstarter-dev/jumpstarter
    "renovate.json5",  # SonarSource/docker-sonarqube
    ".github/renovate.json",  # adobe/spectrum-css
    ".github/renovate.jsonc",
    ".github/renovate.json5",  # paddyroddy/.github
    ".gitlab/renovate.json",  # zammad/zammad
    ".gitlab/renovate.jsonc",
    ".gitlab/renovate.json5",
    ".renovaterc",  #     prettier/eslint-config-prettier
    ".renovaterc.json",  # Esri/calcite-design-system
    ".renovaterc.jsonc",
    ".renovaterc.json5",
    # "package.json"  # Deprecated, renovate is a field within the file
]

Also

There were some of the .jsonc and .json5 that didn't have anything special and were able to be parsed by the standard lib json module, so I didn't disable the formats. Any that throw an error opening are treated as empty configs.

It looks like json5 might be a relatively common config variant, but I didn't want to add a dependency for this first pass.

I also only checked for directly enabling GitHub actions, or that it's in two common presets. If there are other common presets that should be included those can be added, but for less common presets, REN210 might need to be disabled.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Recommend Renovate as an alternative to dependabot

1 participant

@abkfenris