-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathrenovate-lockdown.json
More file actions
41 lines (41 loc) · 1.34 KB
/
Copy pathrenovate-lockdown.json
File metadata and controls
41 lines (41 loc) · 1.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"description": "🔒 LOCKDOWN MODE: Maximum security during active supply chain attacks. No automerge, extended stability period, manual approval required.",
"extends": [
"github>miccy/renovate-config"
],
"schedule": ["before 06:00 on monday"],
"stabilityDays": 14,
"minimumReleaseAge": "14 days",
"prConcurrentLimit": 2,
"dependencyDashboardApproval": true,
"packageRules": [
{
"description": "LOCKDOWN: Disable ALL automerge",
"matchPackagePatterns": ["*"],
"automerge": false,
"dependencyDashboardApproval": true
},
{
"description": "LOCKDOWN: Production deps require manual approval",
"matchDepTypes": ["dependencies", "peerDependencies"],
"prPriority": -50,
"prBodyNotes": [
"🔒 **LOCKDOWN MODE ACTIVE**",
"",
"This repository is in security lockdown due to active supply chain threats.",
"",
"Before approving:",
"- [ ] Verify package source and maintainer",
"- [ ] Check for security advisories",
"- [ ] Review changelog for suspicious changes",
"- [ ] Run detection scripts after merge"
]
},
{
"description": "LOCKDOWN: Block all major updates",
"matchUpdateTypes": ["major"],
"enabled": false
}
]
}