Message-ID: From: "vlsi (@vlsi)" To: "pgjdbc/pgjdbc" Date: Mon, 15 Jun 2026 13:29:19 +0000 Subject: [pgjdbc/pgjdbc] PR #4184: ci: group Renovate updates by Maven groupId List-Id: X-GitHub-Additions: 9 X-GitHub-Author-Id: 213894 X-GitHub-Author-Login: vlsi X-GitHub-Base: master X-GitHub-Changed-Files: 1 X-GitHub-Commits: 1 X-GitHub-Deletions: 28 X-GitHub-Head-Branch: claude/great-sinoussi-1e4b87 X-GitHub-Head-SHA: 8a5cedd7eff4d319609c10b8e470dd522c2e10a9 X-GitHub-Issue: 4184 X-GitHub-Labels: chore X-GitHub-Merge-SHA: 8ebeadf855d9fc9bd57da7bcc63c883c470a76f2 X-GitHub-Merged-By: vlsi X-GitHub-Repo: pgjdbc/pgjdbc X-GitHub-State: merged X-GitHub-Type: pull_request X-GitHub-Url: https://github.com/pgjdbc/pgjdbc/pull/4184 Content-Type: text/plain; charset=utf-8 ## What - Add a default `packageRule` that groups every Maven update by its `groupId` using `{{{replace ':.*' '' depName}}}`. - Apply the same grouping to security updates via `vulnerabilityAlerts`, since Renovate resets their `groupName` and would otherwise open one PR per artifact. - Remove redundant single-`groupId` rules now covered by the default (`logback`, `com.github.vlsi`, `jmh`, `com.gradleup.nmcp`, `pax-exam`). ## Why Previously each grouped dependency needed its own `packageRule` listing the package prefix. Grouping by `groupId` by default keeps related artifacts in a single PR automatically and trims the config. ## Kept on purpose Rules that do more than group remain: - `checkerframework`, `junit-bom` — pin `allowedVersions`. - `org.postgresql:postgresql`, `system-stubs-jupiter` — version-specific enable/disable. ## Notes Validated with `renovate-config-validator`. Approach mirrors apache/jmeter#6710. 🤖 Generated with [Claude Code](https://claude.com/claude-code) diff --git a/renovate.json b/renovate.json index 49a325d3f4..641088b4a4 100644 --- a/renovate.json +++ b/renovate.json @@ -9,18 +9,17 @@ "schedule": [ "every 3 weeks on Monday" ], + "vulnerabilityAlerts": { + "description": "Security updates bypass the packageRules grouping below (Renovate resets their groupName), so apply the same groupId grouping to them here.", + "groupName": "{{{replace ':.*' '' depName}}} security" + }, "packageRules": [ { - "groupName": "logback", - "matchPackageNames": [ - "ch.qos.logback{/,}**" - ] - }, - { - "groupName": "com.github.vlsi", - "matchPackageNames": [ - "com.github.vlsi{/,}**" - ] + "description": "Group every Maven update by its groupId by default. The more specific rules below run later and override this where a group must span several groupIds, pin a version, or stay disabled.", + "matchDatasources": [ + "maven" + ], + "groupName": "{{{replace ':.*' '' depName}}}" }, { "groupName": "checkerframework", @@ -29,12 +28,6 @@ ], "allowedVersions": "<4.0.0" }, - { - "groupName": "jmh", - "matchPackageNames": [ - "org.openjdk.jmh{/,}**" - ] - }, { "groupName": "junit-bom", "matchPackageNames": [ @@ -42,18 +35,6 @@ ], "allowedVersions": "<6.0.0" }, - { - "groupName": "com.gradleup.nmcp", - "matchPackageNames": [ - "com.gradleup.nmcp{/,}**" - ] - }, - { - "groupName": "pax-exam", - "matchPackageNames": [ - "org.ops4j.pax.exam{/,}**" - ] - }, { "matchPackageNames": [ "org.postgresql:postgresql"