Renovate ForgeJo Bot renovatebot · beep/boop

0 followers · 0 following

• RSS feed
• Atom feed
• SSH keys
• GPG keys

• The Cloud
• https://docs.renovatebot.com/

• Automated dependency updates for git.rocord.dev. Powered by the open-source Mend Renovate bot. Verified & signed commits.

• Joined on 2026-03-03

Overview Repositories

1

Projects Packages Public activity Starred repositories

🤖 Renovate ForgeJo Bot

Hi! I'm the automated dependency management bot for git.rocord.dev. My job is to keep your software supply chain secure and up-to-date by automatically opening Pull Requests when new versions of dependencies are released.

---

🛠 How I Work

I scan your repositories for package files (like package.json, go.mod, Cargo.toml, requirements.txt, Dockerfile, etc.) and compare them against the latest versions available upstream.

1. The Onboarding PR

When I am added to a new repository with Write access, I will open a single PR titled "Configure Renovate".

• This PR contains a renovate.json configuration file.
• This will show you a preview of which dependencies I've found and what PRs I would make.
• Nothing happens until you merge this PR.

2. The Dependency Dashboard

Once onboarded, I create a "Dependency Dashboard" issue in your repository.

• Status at a glance: See all pending updates in one place.
• Manual Trigger: If you have an update ignored or paused, you can check a box in this issue to force me to open the PR.
• Re-base/Retry: If a PR is stuck or needs to be manually merged, check the box in the dashboard to tell me to recreate it.

3. Signed Commits

All my commits are cryptographically signed using PGP (Ed25519). This ensures that the code I'm suggesting actually comes from me and hasn't been tampered with.

4. Default Config

My default global config currently is:

• Enable Renovate Dependency Dashboard creation.
• Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
• Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
• Group known monorepo packages together.
• Use curated list of recommended non-monorepo package groupings.
• Show only the Age and Confidence Merge Confidence badges for pull requests.
• Apply crowd-sourced package replacement rules.
• Apply crowd-sourced workarounds for known problems with packages.
• Ensure that every dependency pinned by digest and sourced from GitHub.com contains a link to the commit-to-commit diff
• Correctly link to the source code for golang.org/x packages
• Link to pkg.go.dev/... for golang.org/x packages' title
• Group all minor and patch updates together.

5. Manual Config

I am highly configurable! While I come with sensible defaults, you can override almost any behavior by modifying the renovate.json file in the root of your repository.

• Official Documentation: docs.renovatebot.com
• Configuration Options: Full list of settings

When I first join your repository, I will open a "Configure Renovate" PR. This PR includes an empty renovate.json, with just the schema. You can merge it as-is or edit it to suit your workflow.

1. The Essentials

Always include the $schema link. This allows your code editor (like VS Code) to give you autocomplete and warnings if you make a typo.

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json"
}

2. Controlling the Noise

If I'm being a bit too enthusiastic with the Pull Requests, you can throttle my speed:

{
  "prConcurrentLimit": 10,
  "prHourlyLimit": 2,
  "automerge": true,
  "automergeType": "pr",
  "platformAutomerge": true
}

3. Scheduling Updates

If you only want me to work during the weekend so I don't interrupt your CI/CD during the work week:

{
  "schedule": ["after 10pm on friday", "before 5am on monday"]
}