SONARGO-60 Configure Renovate

[renovate]

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

---

Detected Package Files

• .gitmodules (git-submodules)
• .github/workflows/PullRequestClosed.yml (github-actions)
• .github/workflows/PullRequestCreated.yml (github-actions)
• .github/workflows/RequestReview.yml (github-actions)
• .github/workflows/SubmitReview.yml (github-actions)
• .github/workflows/ToggleLockBranch.yml (github-actions)
• .github/workflows/mark-prs-stale.yml (github-actions)
• .github/workflows/releasability.yaml (github-actions)
• .github/workflows/release.yml (github-actions)
• .github/workflows/slack_notify.yml (github-actions)
• sonar-go-to-slang/go.mod (gomod)
• gradle.properties (gradle)
• settings.gradle.kts (gradle)
• build.gradle (gradle)
• gradle/libs.versions.toml (gradle)
• its/plugin/build.gradle.kts (gradle)
• its/ruling/build.gradle.kts (gradle)
• sonar-go-plugin/build.gradle.kts (gradle)
• sonar-go-to-slang/build.gradle.kts (gradle)
• gradle/wrapper/gradle-wrapper.properties (gradle-wrapper)

Configuration Summary

Based on the default config's presets, Renovate will:

• Start dependency updates only once this onboarding PR is merged
• Show all Merge Confidence badges for pull requests.
• Enable Renovate Dependency Dashboard creation.
• Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
• Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
• Group known monorepo packages together.
• Use curated list of recommended non-monorepo package groupings.
• Apply crowd-sourced package replacement rules.
• Apply crowd-sourced workarounds for known problems with packages.
• Evaluate schedules according to timezone CET.
• Schedule during typical non-office hours on weekdays (i.e., 10 PM - 5 AM) and anytime on weekends.
• Remove hourly and concurrent rate limits.
• Disable Renovate Dependency Dashboard creation.
• Rebase existing PRs any time the base branch has been updated.
• Run Renovate on following schedule: before 4am on Monday

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

---

What to Expect

With your current configuration, Renovate will create 5 Pull Requests:

Update build-logic digest to 46a3607

• Schedule: ["before 4am on Monday"]
• Branch name: renovate/build-logic-digest
• Merge into: master
• Upgrade build-logic to 46a36072551574ab7aa1381081c031f58b3235da

Update all non-major dependencies

• Schedule: ["before 4am on Monday"]
• Branch name: renovate/all-minor-patch
• Merge into: master
• Upgrade com.github.johnrengelman.shadow to 7.1.2
• Upgrade de.thetaphi.forbiddenapis to 3.8
• Upgrade com.jfrog.artifactory to 4.33.1
• Upgrade org.slf4j:slf4j-api to 1.7.36
• Upgrade org.junit.jupiter:junit-jupiter-engine to 5.11.4
• Upgrade org.junit.jupiter:junit-jupiter-api to 5.11.4
• Upgrade org.mockito:mockito-core to 5.14.2
• Upgrade org.sonarsource.sonarlint.core:sonarlint-rpc-impl to 10.12.0.79820
• Upgrade org.sonarsource.sonarlint.core:sonarlint-rpc-java-client to 10.12.0.79820
• Upgrade org.sonarsource.sonarlint.core:sonarlint-core to 10.12.0.79820
• Upgrade org.sonarsource.api.plugin:sonar-plugin-api-test-fixtures to 10.14.0.2599
• Upgrade org.sonarsource.api.plugin:sonar-plugin-api to 10.14.0.2599
• Upgrade org.sonarsource.slang:slang-testing to 1.18.0.6375
• Upgrade org.sonarsource.slang:slang-antlr to 1.18.0.6375
• Upgrade org.sonarsource.slang:checkstyle-import to 1.18.0.6375
• Upgrade org.sonarsource.slang:slang-plugin to 1.18.0.6375
• Upgrade org.sonarsource.slang:slang-checks to 1.18.0.6375
• Upgrade org.sonarsource.slang:slang-api to 1.18.0.6375

Update dependency org.slf4j:slf4j-api to v2

• Schedule: ["before 4am on Monday"]
• Branch name: renovate/major-slf4j-monorepo
• Merge into: master
• Upgrade org.slf4j:slf4j-api to 2.0.16

Update plugin com.github.johnrengelman.shadow to v8

• Schedule: ["before 4am on Monday"]
• Branch name: renovate/com.github.johnrengelman.shadow-8.x
• Merge into: master
• Upgrade com.github.johnrengelman.shadow to 8.1.1

Update plugin com.jfrog.artifactory to v5

• Schedule: ["before 4am on Monday"]
• Branch name: renovate/com.jfrog.artifactory-5.x
• Merge into: master
• Upgrade com.jfrog.artifactory to 5.2.5

---

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

---

This PR was generated by Mend Renovate. View the repository job log.

[petertrr]

I want to be able to update Gradle modules automatically, however, it is not possible to enable git-submodules only for a single dependency, and exclusion doesn't support patterns.

Example on what Renovate shows when there are new commits:

Update build-logic digest to 46a3607
Schedule: ["before 4am on Monday"]
Branch name: renovate/build-logic-digest
Merge into: master
Upgrade build-logic to 46a36072551574ab7aa1381081c031f58b3235da

[sonarqube-next]

Quality Gate passed for 'Go'

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

[mstachniuk]

LGTM