ci: migrate from Dependabot to Renovate#21
Conversation
|
Warning Review limit reached
More reviews will be available in 50 minutes and 8 seconds. Learn how PR review limits work. Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file). ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits. 🚦 How do rate limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly. Please see our Fair Usage Limits Policy for further information. 📝 WalkthroughWalkthroughThe PR removes the existing ChangesDependabot → Renovate Migration
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/renovate.json:
- Around line 1-24: The `minimumReleaseAge` property in the renovate
configuration is currently set to `"24 hours"`, but Renovate's documented format
convention requires human-readable duration strings like `"1 day"`, `"3 days"`,
etc. Change the `minimumReleaseAge` value from `"24 hours"` to `"1 day"` to
match Renovate's expected format.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 4c0d918c-7c58-4cb7-a41d-384b239dc0ee
📒 Files selected for processing (2)
.github/dependabot.yml.github/renovate.json
💤 Files with no reviewable changes (1)
- .github/dependabot.yml
1 participant
Why
Moving dependency automation from Dependabot to Renovate. Renovate groups non-major bumps into a single PR (far less noise than Dependabot's one-PR-per-dependency), waits a stability cooldown before opening PRs, and gives us a cleaner config to standardize on.
What
.github/dependabot.ymlwith.github/renovate.json.config:recommended, weekly schedule, all non-major updates grouped into a single PR, semanticfix:commits with scope disabled, and a 24hminimumReleaseAgeso freshly published versions settle before we get a PR.@types/nodestays off major bumps so it tracks the supported Node engine.Notes
markfluencein scope to start opening PRs. Handled separately.v*tags, not commit type, sofix:dependency bumps won't auto-trigger npm releases.