Skip to content

Allow traffic analytics Docker updates to automerge #27196

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ErisDS merged 1 commit into from
Apr 7, 2026
Merged

Allow traffic analytics Docker updates to automerge #27196

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions .github/renovate.json5
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,19 @@
"automerge": true
},

// Allow patch updates to the internal traffic analytics image to
// automerge once CI has gone green.
{
"matchDatasources": [
"docker"
],
"matchPackageNames": [
"ghost/traffic-analytics"
],
"automerge": true,
"automergeType": "pr"
},
Comment on lines +99 to +110
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot Apr 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

In Renovate packageRules, if a rule has matchDatasources + matchPackageNames + automerge=true but no matchUpdateTypes, does it apply to all update types (major/minor/patch/digest/pin) for that dependency? Also, when another matching rule sets dependencyDashboardApproval=true for major updates, how are these rules combined?

💡 Result:

Yes. If a packageRules entry only has matchDatasources + matchPackageNames (and no matchUpdateTypes), then it matches that dependency regardless of update type—i.e., it’s not restricted to major/minor/patch/pin/digest unless you add a matcher like matchUpdateTypes. Renovate evaluates all rules, and a rule only “filters” on the match... fields you actually specify. [1] matchUpdateTypes is just an optional matcher (default is an empty list). [2]

When multiple packageRules match the same dependency update, Renovate merges the resulting config, and later rules can override earlier ones if they set the same option. [1]
So if one matching rule sets automerge: true (without matchUpdateTypes), and another matching rule sets dependencyDashboardApproval: true for matchUpdateTypes: ["major"], then for major updates you effectively get both: automerge=true and dependencyDashboardApproval=true (unless one of the rules explicitly overrides the other setting). [1][3]

Practical implication: major updates would still be subject to dashboard approval (Renovate “waits for your approval … before PRs are created”). [3] If your intent is “automerge everything except major”, then you typically either (a) scope the automerge rule to non-major update types, or (b) add a later major-only rule that sets automerge: false. [1][2]

Sources
[1] Renovate docs – packageRules are all evaluated; matching rules are merged; order matters/overrides; matcher logic (“all matchers must match”). (docs.renovatebot.com)
[2] Renovate docs – packageRules.matchUpdateTypes (matcher; default []; allowed update types). (docs.renovatebot.com)
[3] Renovate docs – dependencyDashboardApproval meaning (“wait for your approval … before PRs are created”; can be set in packageRules). (docs.renovatebot.com)

Citations:

Add matchUpdateTypes constraint to scope automerge to patch updates only

The rule at lines 99–110 lacks matchUpdateTypes, which means it applies to all Docker update types (major, minor, patch, etc.) for ghost/traffic-analytics, not just patches as the comment states. Without this constraint, the rule will automerge major and minor updates in addition to patches.

Suggested fix 
        {
            "matchDatasources": [
                "docker"
            ],
            "matchPackageNames": [
                "ghost/traffic-analytics"
            ],
+           "matchUpdateTypes": [
+               "patch"
+           ],
            "automerge": true,
            "automergeType": "pr"
        },
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
// Allow patch updates to the internal traffic analytics image to
// automerge once CI has gone green.
{
"matchDatasources": [
"docker"
],
"matchPackageNames": [
"ghost/traffic-analytics"
],
"automerge": true,
"automergeType": "pr"
},
// Allow patch updates to the internal traffic analytics image to
// automerge once CI has gone green.
{
"matchDatasources": [
"docker"
],
"matchPackageNames": [
"ghost/traffic-analytics"
],
"matchUpdateTypes": [
"patch"
],
"automerge": true,
"automergeType": "pr"
},
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/renovate.json5 around lines 99 - 110, The automerge rule for the
Docker package "ghost/traffic-analytics" currently matches all update types; add
a matchUpdateTypes constraint to limit it to patches only by adding
matchUpdateTypes: ["patch"] alongside the existing matchDatasources and
matchPackageNames so that the automerge and automergeType settings only apply to
patch updates (refer to the rule using matchDatasources, matchPackageNames,
automerge, and automergeType).


// Ignore all ember-related packages in admin
// Our ember codebase is being replaced with react and
// Most of the dependencies have breaking changes and it's too hard to update
Expand Down
Loading