fix(renovate): resolve maven lookups and unnest misplaced config

- Add a packageRule routing the maven datasource through Google's Maven repo so androidx packages (androidx.tvprovider, androidx.core-ktx) in modules/tv-recommendations resolve instead of failing with no-result. - Move vulnerabilityAlerts and the GitHub-Actions grouping packageRule out of lockFileMaintenance (where they were dead) to the top level so they take effect. lockFileMaintenance stays enabled via the config:best-practices preset (:maintainLockFilesWeekly) — unchanged. Addresses the package-lookup warnings in the Dependency Dashboard (#724).
2026-06-10 07:50:30 +01:00 · 2026-06-10 01:14:38 +02:00
parent 168bf2e54e
commit 960563f66a
1 changed files with 23 additions and 17 deletions
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -44,22 +44,28 @@
      ]
    }
  },
-  "lockFileMaintenance": {
-    "vulnerabilityAlerts": {
-      "enabled": true,
-      "addLabels": ["security", "vulnerability"],
-      "assigneesFromCodeOwners": true,
-      "commitMessageSuffix": " [SECURITY]"
+  "vulnerabilityAlerts": {
+    "enabled": true,
+    "addLabels": ["security", "vulnerability"],
+    "assigneesFromCodeOwners": true,
+    "commitMessageSuffix": " [SECURITY]"
+  },
+  "packageRules": [
+    {
+      "description": "Group minor and patch GitHub Action updates into a single PR",
+      "matchManagers": ["github-actions"],
+      "groupName": "CI dependencies",
+      "groupSlug": "ci-deps",
+      "matchUpdateTypes": ["minor", "patch", "digest", "pin"],
+      "automerge": true
    },
-    "packageRules": [
-      {
-        "description": "Group minor and patch GitHub Action updates into a single PR",
-        "matchManagers": ["github-actions"],
-        "groupName": "CI dependencies",
-        "groupSlug": "ci-deps",
-        "matchUpdateTypes": ["minor", "patch", "digest", "pin"],
-        "automerge": true
-      }
-    ]
-  }
+    {
+      "description": "androidx and other Google-hosted Maven packages resolve from Google's Maven repository (not Maven Central)",
+      "matchDatasources": ["maven"],
+      "registryUrls": [
+        "https://dl.google.com/dl/android/maven2/",
+        "https://repo.maven.apache.org/maven2/"
+      ]
+    }
+  ]
 }