9aa26a449e
This commit implements the Cargo.lock policy for reproducible builds across all workspace members (pdftract-core, pdftract-cli, pdftract-py). Changes: - Add CONTRIBUTING.md with lockfile-update workflow documentation - Add .renovaterc.json for weekly lockfile-only PRs (human-gated) - Add crates/pdftract-core/README.md with rationale for checked-in lockfiles - Add notes/pdftract-49f8.md with verification note The Argo workflow updates (pdftract-ci.yaml) are committed separately in the declarative-config repo. Acceptance criteria: - PASS: Cargo.lock tracked by git, not in .gitignore - PASS: Argo workflow templates document --locked/--frozen requirements - WARN: Enforcement to be completed when placeholder templates are implemented - WARN: Binary reproducibility verification deferred to pdftract-build-binaries implementation Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
36 lines
992 B
JSON
36 lines
992 B
JSON
{
|
|
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
|
"extends": [
|
|
"config:base"
|
|
],
|
|
"lockFileMaintenance": {
|
|
"enabled": true,
|
|
"schedule": ["every weekday"],
|
|
"automerge": false,
|
|
"commitMessageAction": "Lockfile maintenance",
|
|
"commitMessageTopic": "{{{groupName}}}",
|
|
"labels": ["dependencies", "lockfile-only"]
|
|
},
|
|
"cargo": {
|
|
"lockFileMaintenance": {
|
|
"commitMessageExtra": "(weekly lockfile refresh)"
|
|
}
|
|
},
|
|
"packageRules": [
|
|
{
|
|
"description": "Separate lockfile-only PRs from dependency updates",
|
|
"matchUpdateTypes": ["lockFileMaintenance", "pin", "digest"],
|
|
"commitMessagePrefix": "chore(lockfile):",
|
|
"labels": ["lockfile-only"],
|
|
"automerge": false
|
|
},
|
|
{
|
|
"description": "Group Rust dependencies by update type",
|
|
"matchManagers": ["cargo"],
|
|
"groupName": "Rust dependencies",
|
|
"separateMinorPatch": true
|
|
}
|
|
],
|
|
"prConcurrentLimit": 2,
|
|
"prHourlyLimit": 1
|
|
}
|