Renovate configuration to avoid the update of Go or Python versions used

[joselsegura]

Description

Currently mintmaker, when checking our workflows, is updating the Go version used in the setup-go action, which is breaking some of the workflows as we expect a version number equal to the one used in our deployed images.

To avoid this and other cases, like Python versions, this commit disable what kind of updates.

Fix #CCXDEV-16402

Type of change

• Configuration update

Testing steps

Checked the validity of the file with pre-commit hook

[coderabbitai]

Summary by CodeRabbit

• Chores
  • Modified automated dependency management configuration to adjust handling of GitHub Actions dependencies.

Walkthrough

A new Renovate package rule is added to disable automatic updates for GitHub Actions dependencies with uses-with dependency type, preventing certain GitHub Actions configuration changes from being auto-updated.

Changes

Renovate GitHub Actions Update Configuration

Layer / File(s)	Summary
Disable uses-with GitHub Actions updates renovate.json	Added a package rule targeting github-actions manager with uses-with dependency type and enabled: false to suppress automatic Renovate updates for this dependency pattern.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title mentions avoiding updates of Go or Python versions, but the actual change only disables updates for 'uses-with' dependencies in github-actions. The connection between the title and implementation is unclear and potentially misleading.	Clarify whether the title accurately describes the specific mechanism being disabled (uses-with dependencies) or if it should be more precise about what type of updates are being prevented.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description explains the problem (Go version updates breaking workflows) and the solution (disabling certain updates), which aligns with the changeset modifying renovate.json to disable specific dependency updates.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@renovate.json`:
- Around line 37-40: The rule currently disables all GitHub Actions "uses-with"
updates by setting "matchManagers": ["github-actions"] and "matchDepTypes":
["uses-with"] with "enabled": false; narrow this by adding a "matchPackageNames"
filter targeting only the actions you want to suppress (e.g., "actions/setup-go"
and "actions/setup-python" or their package name patterns) so only those package
updates are disabled; update the rule object containing
matchManagers/matchDepTypes/enabled (the renovate.json rule) to include the
appropriate matchPackageNames array and keep enabled:false.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: d1573f84-7b1f-494c-b3a0-8044c985d779

📥 Commits

Reviewing files that changed from the base of the PR and between 9671673 and 0b8f684.

📒 Files selected for processing (1)

• renovate.json

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

In Renovate docs for the github-actions manager, what is the recommended way to disable only setup-go/setup-python with-value version updates (not all uses-with updates)?

💡 Result:

Recommended approach: use a packageRule that matches the relevant GitHub Actions “with” dependency (depType: "uses-with") for actions/setup-go and actions/setup-python, and disable only those updates via enabled:false. In the github-actions manager, the “with” version inputs (e.g., node-version for actions/setup-node) are represented as depType = uses-with [1]. Renovate supports updating the “with” version for actions/setup-go and actions/setup-python [1]. Therefore, you can selectively turn off only those uses-with entries. Example Renovate config: { "packageRules": [ { "description": "Disable setup-go/setup-python with-version updates", "matchManagers": ["github-actions"], "matchDepTypes": ["uses-with"], "matchPackageNames": ["actions/setup-go", "actions/setup-python"], "enabled": false } ] } Notes: - matchDepTypes="uses-with" targets only the extracted “with” input versions, not the action reference in the uses: field [1]. - Limit with matchManagers=["github-actions"] so other managers’ dependencies aren’t affected [2].

Citations:

• 1: https://docs.renovatebot.com/modules/manager/github-actions/
• 2: https://docs.renovatebot.com/configuration-options

---

Scope is broader than the PR objective—this rule disables all uses-with updates, not just Go/Python versions.

The current configuration will suppress every uses-with update in GitHub Actions workflows, including other important runtime updates. To disable only setup-go and setup-python version bumps, add matchPackageNames:

Narrowed rule

     {
       "matchManagers": ["github-actions"],
+      "matchPackageNames": ["actions/setup-go", "actions/setup-python"],
       "matchDepTypes": ["uses-with"],
       "enabled": false
     },

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	{
	"matchManagers": ["github-actions"],
	"matchDepTypes": ["uses-with"],
	"enabled": false
	{
	"matchManagers": ["github-actions"],
	"matchPackageNames": ["actions/setup-go", "actions/setup-python"],
	"matchDepTypes": ["uses-with"],
	"enabled": false

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@renovate.json` around lines 37 - 40, The rule currently disables all GitHub
Actions "uses-with" updates by setting "matchManagers": ["github-actions"] and
"matchDepTypes": ["uses-with"] with "enabled": false; narrow this by adding a
"matchPackageNames" filter targeting only the actions you want to suppress
(e.g., "actions/setup-go" and "actions/setup-python" or their package name
patterns) so only those package updates are disabled; update the rule object
containing matchManagers/matchDepTypes/enabled (the renovate.json rule) to
include the appropriate matchPackageNames array and keep enabled:false.