From: Viktor Szakats <commit@vsz.me>
Date: Fri, 12 Dec 2025 22:30:45 +0000 (+0100)
Subject: renovate: leave bumping GitHub Actions to Dependabot
X-Git-Tag: rc-8_18_0-2~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a9b1be555a26aeca623721b0826ea66d6b8c0929;p=thirdparty%2Fcurl.git

renovate: leave bumping GitHub Actions to Dependabot

To avoid update noise. Renovate bumps everything instantly, meaning
a major version a couple hours after release, then all minor bugfix
releases throughout the next 1-2 days. Also putting major versions in
a different group than the bugfix release, and there is no support for
a cooldown period.

After this patch GitHub's Dependabot remains the single tool responsible
to bump GitHub Actions, once a month, grouped, with a cooldown period.
In sync with most other curl repos.

Both Renovate and Dependabot keep bumping pinned pips for now. Also
Renovate keeps updating C dependencies and Dockerfile.

Closes #19954
---

diff --git a/renovate.json b/renovate.json
index 3342181818..6a6947dd93 100644
--- a/renovate.json
+++ b/renovate.json
@@ -6,15 +6,6 @@
   ],
   "semanticCommitType": "ci",
   "packageRules": [
-    {
-      "matchManagers": [
-        "github-actions"
-      ],
-      "commitMessagePrefix": "GHA: ",
-      "labels": [
-        "CI"
-      ]
-    },
     {
       "matchUpdateTypes": [
         "pin",
@@ -47,7 +38,6 @@
     {
       "description": "Schedule package updates on the 10th of each month",
       "matchPackageNames": [
-        "/codeql/i",
         "/ruff/i"
       ],
       "groupName": "monthly updates by name",