Do you recommend pinning organizational presets?

[sheldonhull]

What would you like help with?

I would like help with my configuration

How are you running Renovate?

Self-hosted

If you're self-hosting Renovate, tell us which platform (GitHub, GitLab, etc) and which version of Renovate.

No response

Please tell us more about your question or problem

• Can renovate submit PR's to update its own preset pinned version?
• If I want to have explicit control on the presets so I don't have to branch and can continue to iterate and then just tag on main... should I consider all repos adopting renovate use tag pinning?

I couldn't find much discussion on if this is a good idea, if renovate creates PR's for this, or if it's more hassle than it's worth. Any general tips would be appreciated.

example:

  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": ["local>myproject/renovate-config#1.0.3"]

I publish a new version then it would create a new PR with

  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": ["local>myproject/renovate-config#1.0.4"]

Logs (if relevant)

No response

[rarkins]

I don't think most people would need to do this, because the "noise" it creates (a PR/commit in every repo each time there's a change to the central preset) likely isn't worth it for the "safety" it provides. Also if you set it to automatically merge the upgrades you probably break yourself anyway.

On the other hand, the more pinned your dependencies are (and this is in theory a dependency too), the more reproducible your software is, so I wouldn't call it a bad idea.

This could perhaps be done with a custom regex manager, although "first class" support with its own manager would be nice too.