Dependency-update bot — operator playbook¶
The fork uses Mend Renovate as a GitHub App, not self-hosted. The App reads the in-tree renovate.json and opens grouped dependency-update PRs continuously (no schedule throttling).
Quick start¶
- Visit https://github.com/apps/renovate and install the App on
VMAFx/vmafx. - The App posts a Dependency Dashboard issue (currently #749) listing pending / awaiting / errored updates.
- Tick a checkbox in the dashboard issue to force creation of any awaiting update; the App reacts within a minute or two.
Configuration¶
All configuration lives in renovate.json. The App reads it on every webhook. Top-level knobs:
| Setting | Value |
|---|---|
schedule | at any time |
prHourlyLimit | 0 (unlimited) |
prConcurrentLimit | 12 |
prCreation | immediate |
minimumReleaseAge | 3 days |
Disable / rollback to Dependabot¶
- Uninstall the App at
https://github.com/settings/installations. - Rename
.github/dependabot.yml.disabled→.github/dependabot.yml.
Migration from self-hosted (2026-05-10)¶
Removed .github/workflows/renovate.yml. The App's webhook-driven model replaces the cron-driven workflow. The RENOVATE_TOKEN secret is no longer needed and can be deleted from repo secrets after install.
See ADR-0387 for the decision record (supersedes the self-hosted half of ADR-0363).