renovate: leave bumping GitHub Actions to Dependabot

To avoid update noise. Renovate bumps everything instantly, meaning
a major version a couple hours after release, then all minor bugfix
releases throughout the next 1-2 days. Also putting major versions in
a different group than the bugfix release, and there is no support for
a cooldown period.

After this patch GitHub's Dependabot remains the single tool responsible
to bump GitHub Actions, once a month, grouped, with a cooldown period.
In sync with most other curl repos.

Both Renovate and Dependabot keep bumping pinned pips for now. Also
Renovate keeps updating C dependencies and Dockerfile.

Closes #19954

diff --git a/renovate.json b/renovate.json
index 33421818180fba3d2f842b4ec9aac52c2d2a4b7d..6a6947dd93e4ce13edf8a314df3624ca4001959e 100644 (file)
--- a/renovate.json
+++ b/renovate.json
@@ -6,15 +6,6 @@
   ],
   "semanticCommitType": "ci",
   "packageRules": [
-    {
-      "matchManagers": [
-        "github-actions"
-      ],
-      "commitMessagePrefix": "GHA: ",
-      "labels": [
-        "CI"
-      ]
-    },
     {
       "matchUpdateTypes": [
         "pin",
@@ -47,7 +38,6 @@
     {
       "description": "Schedule package updates on the 10th of each month",
       "matchPackageNames": [
-        "/codeql/i",
         "/ruff/i"
       ],
       "groupName": "monthly updates by name",