Add renovate workflow and config

pguyot · pguyot · commit b0a249f6cfed · 2026-04-15T06:31:57.000+02:00
Signed-off-by: Paul Guyot &lt;pguyot@kallisys.net&gt;
diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml
@@ -0,0 +1,39 @@
+#
+#  Copyright 2026 Paul Guyot <pguyot@kallisys.net>
+#
+#  SPDX-License-Identifier: Apache-2.0 OR LGPL-2.1-or-later
+#
+
+name: Renovate
+
+on:
+  push:
+    paths:
+      - 'renovate.json'
+    branches:
+      - main
+  schedule:
+    # Run every Monday at 06:00 UTC
+    - cron: '0 6 * * 1'
+  workflow_dispatch:
+    inputs:
+      dry_run:
+        description: 'Dry run (log only, no PRs created)'
+        type: boolean
+        default: false
+
+jobs:
+  renovate:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Run Renovate
+        uses: renovatebot/github-action@v41
+        with:
+          configurationFile: renovate.json
+        env:
+          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
+          LOG_LEVEL: ${{ inputs.dry_run == true && 'debug' || 'info' }}
+          RENOVATE_DRY_RUN: ${{ inputs.dry_run == true && 'full' || '' }}
diff --git a/renovate.json b/renovate.json
@@ -0,0 +1,123 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": ["config:recommended"],
+  "labels": ["dependencies"],
+
+  "customManagers": [
+    {
+      "description": "mbedtls fetched via FetchContent",
+      "customType": "regex",
+      "fileMatch": ["^CMakeModules/FetchMbedTLS\\.cmake$"],
+      "matchStrings": ["GIT_TAG\\s+v(?<currentValue>[^\\s\\n]+)"],
+      "depNameTemplate": "mbed-TLS/mbedtls",
+      "datasourceTemplate": "github-tags",
+      "versioningTemplate": "semver"
+    },
+    {
+      "description": "Unity test framework fetched via FetchContent",
+      "customType": "regex",
+      "fileMatch": ["^CMakeModules/FetchUnity\\.cmake$"],
+      "matchStrings": ["GIT_TAG\\s+v(?<currentValue>[^\\s\\n]+)"],
+      "depNameTemplate": "ThrowTheSwitch/Unity",
+      "datasourceTemplate": "github-tags",
+      "versioningTemplate": "semver"
+    },
+    {
+      "description": "ARM CMSIS Core fetched via FetchContent",
+      "customType": "regex",
+      "fileMatch": ["^src/platforms/stm32/cmake/stm32_sdk\\.cmake$"],
+      "matchStrings": ["cmsis_core\\.git\\s+GIT_TAG\\s+v(?<currentValue>[^\\s\\n]+)"],
+      "depNameTemplate": "STMicroelectronics/cmsis_core",
+      "datasourceTemplate": "github-tags",
+      "versioningTemplate": "semver"
+    },
+    {
+      "description": "STM32 family CMSIS device headers (first version in each _SDK_<family> pair). The dep name is derived from the family key: STMicroelectronics/cmsis_device_<family>. Exception: u3 uses hyphens (cmsis-device-u3) — overridden in packageRules.",
+      "customType": "regex",
+      "fileMatch": ["^src/platforms/stm32/cmake/stm32_sdk\\.cmake$"],
+      "matchStrings": [
+        "set\\(_SDK_(?<family>[a-z0-9]+)\\s+\"v(?<currentValue>[^;\"]+);[^\"]+\"\\)"
+      ],
+      "depNameTemplate": "STMicroelectronics/cmsis_device_{{{family}}}",
+      "datasourceTemplate": "github-tags",
+      "versioningTemplate": "semver"
+    },
+    {
+      "description": "STM32 family HAL drivers (second version in each _SDK_<family> pair). The dep name is derived from the family key: STMicroelectronics/stm32<family>xx_hal_driver. Exception: u3 uses hyphens (stm32u3xx-hal-driver) — overridden in packageRules.",
+      "customType": "regex",
+      "fileMatch": ["^src/platforms/stm32/cmake/stm32_sdk\\.cmake$"],
+      "matchStrings": [
+        "set\\(_SDK_(?<family>[a-z0-9]+)\\s+\"[^;]+;v(?<currentValue>[^\"]+)\"\\)"
+      ],
+      "depNameTemplate": "STMicroelectronics/stm32{{{family}}}xx_hal_driver",
+      "datasourceTemplate": "github-tags",
+      "versioningTemplate": "semver"
+    },
+    {
+      "description": "picolibc built from a release tarball by ExternalProject_Add",
+      "customType": "regex",
+      "fileMatch": ["^src/platforms/stm32/cmake/picolibc\\.cmake$"],
+      "matchStrings": ["set\\(PICOLIBC_VERSION \"(?<currentValue>[^\"]+)\"\\)"],
+      "depNameTemplate": "picolibc/picolibc",
+      "datasourceTemplate": "github-releases",
+      "versioningTemplate": "semver"
+    },
+    {
+      "description": "esp-idf Docker image versions in esp32-build.yaml (semver-pinned entries only; release-v5.4 is intentionally left as a floating branch reference)",
+      "customType": "regex",
+      "fileMatch": ["^\\.github/workflows/esp32-build\\.yaml$"],
+      "matchStrings": ["idf-version: 'v(?<currentValue>[0-9]+\\.[0-9]+\\.[0-9]+)'"],
+      "depNameTemplate": "espressif/idf",
+      "datasourceTemplate": "docker",
+      "versioningTemplate": "semver"
+    },
+    {
+      "description": "esp-idf Docker image version in esp32-mkimage.yaml (uses bare semver without v prefix)",
+      "customType": "regex",
+      "fileMatch": ["^\\.github/workflows/esp32-mkimage\\.yaml$"],
+      "matchStrings": ["idf-version: \\[\"(?<currentValue>[0-9]+\\.[0-9]+\\.[0-9]+)\"\\]"],
+      "depNameTemplate": "espressif/idf",
+      "datasourceTemplate": "docker",
+      "versioningTemplate": "semver"
+    },
+    {
+      "description": "esp-idf Docker image versions in esp32-simtest.yaml (only the explicit idf-version entries in include/exclude blocks; the inline fromJSON array on the conditional line must be updated manually)",
+      "customType": "regex",
+      "fileMatch": ["^\\.github/workflows/esp32-simtest\\.yaml$"],
+      "matchStrings": ["idf-version: \"v(?<currentValue>[0-9]+\\.[0-9]+\\.[0-9]+)\""],
+      "depNameTemplate": "espressif/idf",
+      "datasourceTemplate": "docker",
+      "versioningTemplate": "semver"
+    }
+  ],
+
+  "packageRules": [
+    {
+      "description": "Group all esp-idf updates into one PR so versions stay in sync across workflows",
+      "matchPackageNames": ["espressif/idf"],
+      "groupName": "esp-idf",
+      "groupSlug": "esp-idf"
+    },
+    {
+      "description": "Group all STM32 CMSIS device + HAL driver updates together",
+      "matchPackagePatterns": ["^STMicroelectronics/(cmsis_device_|cmsis-device-|stm32.*_hal_driver|stm32.*-hal-driver)"],
+      "groupName": "STM32 SDK (CMSIS device + HAL drivers)",
+      "groupSlug": "stm32-sdk"
+    },
+    {
+      "description": "u3 CMSIS device uses hyphens in the actual GitHub repo name",
+      "matchPackageNames": ["STMicroelectronics/cmsis_device_u3"],
+      "packageName": "STMicroelectronics/cmsis-device-u3"
+    },
+    {
+      "description": "u3 HAL driver uses hyphens in the actual GitHub repo name",
+      "matchPackageNames": ["STMicroelectronics/stm32u3xx_hal_driver"],
+      "packageName": "STMicroelectronics/stm32u3xx-hal-driver"
+    },
+    {
+      "description": "mbedtls is a security dependency — label prominently",
+      "matchPackageNames": ["mbed-TLS/mbedtls"],
+      "labels": ["security", "dependencies"]
+    }
+  ]
+}
diff --git a/renovate.json.license b/renovate.json.license
@@ -0,0 +1,2 @@
+SPDX-License-Identifier: Apache-2.0 OR LGPL-2.1-or-later
+SPDX-FileCopyrightText: AtomVM Contributors

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+SPDX-License-Identifier: Apache-2.0 OR LGPL-2.1-or-later`
	`2`	`+SPDX-FileCopyrightText: AtomVM Contributors`