chore: Configure Renovate

[renovate-bot]

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

---

Detected Package Files

• .github/workflows/autofix.yml (github-actions)
• .github/workflows/ci.yml (github-actions)
• .github/workflows/flakehub-publish-tagged.yml (github-actions)
• .github/workflows/update-flake-lock.yml (github-actions)
• pyproject.toml (pep621)
• pyproject.toml (poetry)

Configuration Summary

Based on the default config's presets, Renovate will:

• Start dependency updates only once this onboarding PR is merged
• Show all Merge Confidence badges for pull requests.
• Enable Renovate Dependency Dashboard creation.
• Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
• Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
• Group known monorepo packages together.
• Use curated list of recommended non-monorepo package groupings.
• Apply crowd-sourced package replacement rules.
• Apply crowd-sourced workarounds for known problems with packages.

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

---

What to Expect

With your current configuration, Renovate will create 1 Pull Request:

chore(deps): lock file maintenance

- Schedule: ["every 4 week on Monday"] - Branch name: `renovate/lock-file-maintenance` - Merge into: `master` - Regenerate lock files to use latest dependency versions

---

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section. If you need any further assistance then you can also request help here.

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 97.63%. Comparing base (b5ef194) to head (f484502). Report is 7 commits behind head on master.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #1823 +/- ## ========================================== + Coverage 97.62% 97.63% +0.01% ========================================== Files 49 49 Lines 5134 5164 +30 ========================================== + Hits 5012 5042 +30 Misses 122 122 ``` | [Flag](https://app.codecov.io/gh/copier-org/copier/pull/1823/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=copier-org) | Coverage Δ | | |---|---|---| | [unittests](https://app.codecov.io/gh/copier-org/copier/pull/1823/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=copier-org) | `97.63% <ø> (+0.01%)` | :arrow_up: | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=copier-org#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[sisp]

@yajo Sorry for disabling auto-merge. Just FYI: The preset config:recommended contains a preset :semanticPrefixFixDepsChoreOthers which uses the semantic commit type fix for runtime dependencies, e.g. when we bump the minimum version of Pydantic or Jinja. Currently, we're using build, so with Renovate's default preset, dependency updates would be included in the changelog. Is this something we'd want? :thinking:

[yajo]

So would you please fix it? I guess you can just edit the source of the PR like I did, right?

[sisp]

Yes, if you agree, I'd try to reconfigure Renovate to the same behavior as Dependabot – but better like also having lock file maintenance :wink:.

[sisp]

I mean, I guess there's a point to using fix when bumping a runtime dependency (not in the lock file but in the manifest) because it has a potential effect on our users. It just differs from our current practice.

[sisp]

I've enabled lock file maintenance, added PR labels, and enabled the Nix manager (because it is disabled by default). I'm not 100% sure whether Nix dependency updating works though. Renovate's dashboard doesn't show Nix dependencies.

[sisp]

I've kept the config:recommended preset because using fix for runtime dependency updates makes sense to me on second thought. The main difference between this configuration and Dependabot is that Renovate will use chore for other dependency updates while Dependabot has been using build. Reconfiguring Renovate to use fix + build instead of fix + chore would require mostly duplicating the :semanticPrefixFixDepsChoreOthers preset:

 {
   "packageRules": [
     {
       "matchPackageNames": [
         "*"
       ],
-       "semanticCommitType": "chore"
+       "semanticCommitType": "build"
     },
     {
       "matchDepTypes": [
         "dependencies",
         "require"
       ],
       "semanticCommitType": "fix"
     },
     {
       "matchDatasources": [
         "maven"
       ],
       "matchDepTypes": [
         "compile",
         "provided",
         "runtime",
         "system",
         "import",
         "parent"
       ],
       "semanticCommitType": "fix"
     }
   ]
 }

I think it's not worth the added technical debt on our end. WDYT, @yajo?

[yajo]

We follow conventional commits, which were invented by the AngularJS team, which at some point decided that chore and build are essentially the same, so they dropped chore. All of that happened before we adopted conventional commits, so chore really never landed here.

Can't you enable a preset and overwrite something on it?

If not, I think we can be practical and accept chore to avoid... chore. 🥁

[sisp]

I've added package rules to override the config:recommended preset (specifically, the :semanticPrefixFixDepsChoreOthers preset) to use the semantic type build instead of chore for non-runtime dependency updates. Since this is clearly a Python project, we can simplify the generic package rules of the preset a little, so technical debt is minimal. I've tested other variations (e.g., just using the first rule without the second rule), but this is the only rule set that works.

Would you also like to retain the semantic commit scope deps-dev for dev dependencies? Renovate always uses deps by default.

[yajo]

Would you also like to retain the semantic commit scope deps-dev for dev dependencies? Renovate always uses deps by default.

Not important to me.

[sisp]

Then, I think we're ready to give this a try. Would you like to merge?