renovate-config/rules-python.json5 at main · bcgov/renovate-config · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  // Group boto3 and botocore dependencies for easier management
  "packageRules": [
    // Pin Python dependencies for security
    {
      "description": "Pin Python dependencies: Pin all digests/SHAs for supply chain security. This ensures reproducible builds and prevents dependency substitution attacks.",
      "matchManagers": [
        "pip_requirements",
        "pip_setup",
        "pipenv",
        "poetry",
        "uv",
        "pep621",
        "pip-compile"
      ],
      "pinDigests": true
    },
    // Group boto3 and botocore dependencies for easier management
    {
      "description": "Group boto",
      "groupName": "boto",
      "matchManagers": ["pip_requirements", "pip_setup", "pipenv", "poetry", "uv", "pep621", "pip-compile"],
      "matchPackageNames": ["/^boto3$/", "/^botocore$/"]
    },
    // Group all pytest-related dependencies for unified update PRs
    {
      "description": "Group pytest",
      "groupName": "pytest",
      "matchManagers": ["pip_requirements", "pip_setup", "pipenv", "poetry", "uv", "pep621", "pip-compile"],
      "matchPackageNames": [
        "/^pytest$/",
        "/^pytest-/",
        "/^coverage$/",
        "/^tox$/",
        "/^mock$/",
        "/^factory-boy$/",
        "/^freezegun$/"
      ]
    },
    // Group SQLAlchemy and related tools for easier upgrades
    {
      "description": "Group sqlalchemy",
      "groupName": "sqlalchemy",
      "matchManagers": ["pip_requirements", "pip_setup", "pipenv", "poetry", "uv", "pep621", "pip-compile"],
      "matchPackageNames": [
        "/^sqlalchemy$/",
        "/^sqlmodel$/",
        "/^sqlacodegen$/",
        "/^mock-alchemy$/",
        "/^alembic$/"
      ]
    },
    // Group linters and formatters
    {
      "description": "Group python linters",
      "groupName": "python linters",
      "matchManagers": ["pip_requirements", "pip_setup", "pipenv", "poetry", "uv", "pep621", "pip-compile"],
      "matchPackageNames": [
        "/^ruff$/",
        "/^black$/",
        "/^isort$/",
        "/^pylint$/",
        "/^flake8$/",
        "/^mypy$/",
        "/^bandit$/",
        "/^pre-commit$/"
      ]
    },
    // Group pydantic and its core components
    {
      "description": "Group pydantic",
      "groupName": "pydantic",
      "matchManagers": ["pip_requirements", "pip_setup", "pipenv", "poetry", "uv", "pep621", "pip-compile"],
      "matchPackageNames": [
        "/^pydantic$/",
        "/^pydantic-core$/",
        "/^annotated-types$/"
      ]
    },
    // Group FastAPI and related web stack components
    {
      "description": "Group fastapi stack",
      "groupName": "fastapi stack",
      "matchManagers": ["pip_requirements", "pip_setup", "pipenv", "poetry", "uv", "pep621", "pip-compile"],
      "matchPackageNames": [
        "/^fastapi$/",
        "/^starlette$/",
        "/^python-multipart$/",
        "/^uvicorn$/",
        "/^gunicorn$/",
        "/^httpx$/",
        "/^anyio$/"
      ]
    },
    // Group AI and Machine Learning dependencies
    {
      "description": "Group ai-ml",
      "groupName": "ai-ml",
      "matchManagers": ["pip_requirements", "pip_setup", "pipenv", "poetry", "uv", "pep621", "pip-compile"],
      "matchPackageNames": [
        "/^huggingface-hub$/",
        "/^tokenizers$/",
        "/^hf-xet$/",
        "/^onnxruntime$/",
        "/^openai$/",
        "/^langchain/",
        "/^llama-index/"
      ]
    },
    // Group core data science libraries
    {
      "description": "Group data science",
      "groupName": "data science",
      "matchManagers": ["pip_requirements", "pip_setup", "pipenv", "poetry", "uv", "pep621", "pip-compile"],
      "matchPackageNames": [
        "/^numpy$/",
        "/^pandas$/",
        "/^scipy$/",
        "/^matplotlib$/",
        "/^seaborn$/",
        "/^scikit-learn$/"
      ]
    },
    // Group python development tools
    {
      "description": "Group python tools",
      "groupName": "python tools",
      "matchManagers": ["pip_requirements", "pip_setup", "pipenv", "poetry", "uv", "pep621", "pip-compile"],
      "matchPackageNames": [
        "/^uv$/",
        "/^setuptools$/",
        "/^tomlkit$/",
        "/^orjson$/",
        "/^pip$/",
        "/^pip-tools$/"
      ]
    },
    {
      "description": "Group Python ecosystem: Combine updates from all Python managers (pip_requirements, pip_setup, pipenv, poetry, uv, pep621, pip-compile) into single PRs to maintain compatibility.",
      "matchManagers": [
        "pip_requirements",
        "pip_setup",
        "pipenv",
        "poetry",
        "uv",
        "pep621",
        "pip-compile"
      ],
      "matchUpdateTypes": [
        "minor",
        "patch"
      ],
      "groupName": "python dependencies",
      "groupSlug": "python"
    }
  ]
}