Configure Renovate

[renovate]

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

---

Detected Package Files

• composer.json (composer)
• .github/workflows/ci.yml (github-actions)
• .github/workflows/release.yml (github-actions)
• .github/workflows/version-bump.yml (github-actions)

Configuration Summary

Based on the default config's presets, Renovate will:

• Start dependency updates only once this onboarding PR is merged
• Hopefully safe environment variables to allow users to configure.
• Show all Merge Confidence badges for pull requests.
• Enable Renovate Dependency Dashboard creation.
• Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
• Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
• Group known monorepo packages together.
• Use curated list of recommended non-monorepo package groupings.
• Show only the Age and Confidence Merge Confidence badges for pull requests.
• Apply crowd-sourced package replacement rules.
• Apply crowd-sourced workarounds for known problems with packages.
• Ensure that every dependency pinned by digest and sourced from GitHub.com contains a link to the commit-to-commit diff
• Correctly link to the source code for golang.org/x packages
• Link to pkg.go.dev/... for golang.org/x packages' title

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

---

What to Expect

With your current configuration, Renovate will create 7 Pull Requests:

Update shivammathur/setup-php action to v2.36.0

• Schedule: ["at any time"]
• Branch name: renovate/shivammathur-setup-php-2.x
• Merge into: main
• Upgrade shivammathur/setup-php to 44454db4f0199b8b9685a5d763dc37cbf79108e1

Update actions/cache action to v5

• Schedule: ["at any time"]
• Branch name: renovate/actions-cache-5.x
• Merge into: main
• Upgrade actions/cache to v5

Update actions/checkout action to v6

• Schedule: ["at any time"]
• Branch name: renovate/actions-checkout-6.x
• Merge into: main
• Upgrade actions/checkout to v6

Update actions/create-github-app-token action to v2

• Schedule: ["at any time"]
• Branch name: renovate/actions-create-github-app-token-2.x
• Merge into: main
• Upgrade actions/create-github-app-token to v2

Update dependency paragonie/halite to v5

• Schedule: ["at any time"]
• Branch name: renovate/paragonie-halite-5.x
• Merge into: main
• Upgrade paragonie/halite to ^5.0

Update dependency phpunit/phpunit to v12

• Schedule: ["at any time"]
• Branch name: renovate/phpunit-phpunit-12.x
• Merge into: main
• Upgrade phpunit/phpunit to ^12

Update peter-evans/create-pull-request action to v8

• Schedule: ["at any time"]
• Branch name: renovate/peter-evans-create-pull-request-8.x
• Merge into: main
• Upgrade peter-evans/create-pull-request to v8

🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for prhourlylimit for details.

---

Warning

Please correct - or verify that you can safely ignore - these dependency lookup failures before you merge this PR.

• Could not determine new digest for update (github-tags package shivammathur/setup-php)

Files affected: .github/workflows/ci.yml

---

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

---

This PR was generated by Mend Renovate. View the repository job log.

[greptile-apps]

Greptile Overview

Greptile Summary

This PR adds Renovate bot configuration to enable automated dependency management for the workos-php SDK. The configuration uses the minimal recommended preset (config:recommended), which will automatically create pull requests for updating PHP composer dependencies and GitHub Actions.

Key Points:

• Renovate will manage updates for composer.json dependencies (paragonie/halite, phpunit/phpunit) and GitHub Actions workflows
• Rate-limited to 2 PRs per hour to prevent CI resource exhaustion
• 7 initial PRs will be created for outdated dependencies once merged
• The config:recommended preset includes sensible defaults: semantic commits, monorepo grouping, and merge confidence badges
• Configuration is minimal and safe, with no custom overrides that could introduce security issues

Confidence Score: 5/5

• This PR is safe to merge with no identified risks
• The configuration is minimal and uses only the well-established config:recommended preset with no custom overrides. It adds automated dependency management without modifying any code or introducing security vulnerabilities. The rate limiting prevents CI overload.
• No files require special attention

Important Files Changed

Filename	Overview
renovate.json	Added minimal Renovate config with recommended preset to enable automated dependency updates

Sequence Diagram

sequenceDiagram
    participant R as Renovate Bot
    participant GH as GitHub Repository
    participant CI as CI Workflows
    participant D as Dependencies
    
    Note over R,GH: Initial Setup (This PR)
    R->>GH: Create onboarding PR with renovate.json
    GH->>CI: Trigger CI checks
    CI-->>GH: Validation complete
    
    Note over R,GH: After Merge - Ongoing Operations
    R->>D: Check for dependency updates
    D-->>R: Return available updates
    
    alt Updates Available
        R->>GH: Create PR for composer dependencies
        R->>GH: Create PR for GitHub Actions
        GH->>CI: Run tests on dependency PRs
        CI-->>GH: Report test results
        
        alt Tests Pass
            GH->>GH: Merge approved PRs
            Note over GH: Rate limited to 2 PRs/hour
        else Tests Fail
            R->>GH: Add failure comments
            Note over GH: PR remains open for review
        end
    end

Loading

[greptile-apps]

_{1 file reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}