{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "config:recommended",
    ":preserveSemverRanges",
    ":disableDependencyDashboard",
    ":prHourlyLimit2"
  ],

  "labels": ["dependencies", "alpine", "docker"],
  "commitMessagePrefix": "build",
  "rebaseWhen": "behind-base-branch",
  "assignees": ["r3bo0tbx1"],
  "reviewers": ["r3bo0tbx1"],

  "enabledManagers": ["dockerfile"],

  "packageRules": [
    {
      "matchDatasources": ["docker"],
      "matchPackageNames": ["alpine"],
      "groupName": "🐳 Alpine Base Image",
      "schedule": ["before 3am on monday"],
      "prPriority": 1,
      "automerge": false,
      "allowedVersions": "/^3\\.(2[2-9]|[3-9][0-9])\\./",
      "description": "Track Alpine 3.22+ versions for security updates"
    },
    {
      "matchManagers": ["dockerfile"],
      "excludePackageNames": ["alpine"],
      "groupName": "🐳 Other Docker Images",
      "schedule": ["before 3am on monday"],
      "prPriority": 2,
      "automerge": false
    }
  ],

  "vulnerabilityAlerts": {
    "enabled": true,
    "labels": ["security", "dependencies"],
    "assignees": ["r3bo0tbx1"],
    "schedule": ["at any time"]
  },

  "osvVulnerabilityAlerts": true,
  "timezone": "UTC",
  "prConcurrentLimit": 5,

  "customManagers": [],

  "description": "Renovate tracks only Docker base images. Alpine packages (tor, tini, lyrebird) are NOT pinned and update automatically via weekly rebuilds."
}