From 03c80f26acacdea6a8cfa9d480cefb3d613be29e Mon Sep 17 00:00:00 2001
From: Robin Lungwitz <robin.lungwitz@sap.com>
Date: Fri, 30 Jan 2026 15:56:12 +0100
Subject: [PATCH 1/3] docs: add README for renovate presets

**WHAT**
- add information about existing presets
- add usage instructions
- add contribition details
---
 renovate-presets/README.md | 112 +++++++++++++++++++++++++++++++++++++
 1 file changed, 112 insertions(+)
 create mode 100644 renovate-presets/README.md

diff --git a/renovate-presets/README.md b/renovate-presets/README.md
new file mode 100644
index 0000000..c295791
--- /dev/null
+++ b/renovate-presets/README.md
@@ -0,0 +1,112 @@
+# Renovate Presets
+
+This directory contains shareable Renovate configuration presets that can be used across multiple repositories in your organization.
+
+## Available Presets
+
+### branch-merge.json
+
+**Purpose**: Enables automatic branch merging for low-risk updates during business hours.
+
+**Features**:
+- Automatically merges minor, patch, and digest updates
+- Operates on Berlin timezone (Europe/Berlin)
+- Merge window: Monday-Friday, 9:00-13:00
+- Uses branch automerge strategy (merges without creating PRs)
+
+**Usage**:
+```json
+{
+  "extends": [
+    "github>leanix/.github//renovate-presets/branch-merge.json"
+  ]
+}
+```
+
+**When to use**:
+- Repositories with comprehensive test coverage
+- Projects where minor/patch updates are considered safe
+- Teams that want to reduce PR noise for routine updates
+
+### security.json5
+
+> [!NOTE]
+> This preset is part of the LeanIX renovate preset
+
+**Purpose**: Integrates OSV (Open Source Vulnerabilities) database to enhance security monitoring.
+
+**Features**:
+- Displays OSV vulnerability alerts in the Renovate dependency dashboard
+- Enables OSV vulnerability scanning for all dependencies (experimental feature)
+- Provides comprehensive vulnerability information from the [OSV database](https://osv.dev/)
+
+**Usage**:
+```json
+{
+  "extends": [
+    "github>leanix/.github//renovate-presets/security.json5"
+  ]
+}
+```
+
+**When to use**:
+- All repositories that want enhanced security vulnerability detection
+- Projects that need to comply with security standards
+- Teams that want proactive security alerts beyond standard vulnerability databases
+
+## Default Preset
+
+The main [default.json](../default.json) preset in the repository root provides organization-wide defaults:
+
+**Features**:
+- Best practices configuration from Renovate
+- Pin all dependencies except peer dependencies
+- 5-day minimum release age for stability (with timestamp-optional fallback)
+- Strict internal checks
+- Custom package rules:
+  - Excludes legacy Kubernetes client versions
+  - Restricts Liquibase to versions below 5.0
+  - Bypasses minimum release age for internal `@leanix/*` packages
+
+**Usage**:
+```json
+{
+  "extends": [
+    "github>leanix/.github"
+  ]
+}
+```
+
+This automatically applies the default configuration and security preset.
+
+## Combining Presets
+
+You can combine multiple presets to build your ideal configuration:
+
+```json
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "github>leanix/.github",
+    "github>leanix/.github//renovate-presets/branch-merge.json"
+  ]
+}
+```
+
+This example inherits the organization defaults and adds automatic branch merging for minor/patch updates.
+
+## Creating Custom Presets
+
+To add a new preset:
+
+1. Create a new `.json` or `.json5` file in this directory
+2. Define your Renovate configuration options
+3. Document the preset in this README
+4. Reference it using: `github>leanix/.github//renovate-presets/<filename>`
+
+## Resources
+
+- [Renovate Documentation](https://docs.renovatebot.com/)
+- [Config Presets](https://docs.renovatebot.com/config-presets/)
+- [OSV Database](https://osv.dev/)
+- [Shareable Config Presets](https://docs.renovatebot.com/config-presets/#github)

From d1e3cbb992c6bb7fdb9a68160d10d6942d7f0e51 Mon Sep 17 00:00:00 2001
From: Robin Lungwitz <robin.lungwitz@sap.com>
Date: Fri, 30 Jan 2026 16:48:29 +0100
Subject: [PATCH 2/3] docs: add clarifying information to the README

---
 renovate-presets/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/renovate-presets/README.md b/renovate-presets/README.md
index c295791..4b862ea 100644
--- a/renovate-presets/README.md
+++ b/renovate-presets/README.md
@@ -1,6 +1,6 @@
 # Renovate Presets
 
-This directory contains shareable Renovate configuration presets that can be used across multiple repositories in your organization.
+This directory contains shareable Renovate configuration presets that can be used across multiple repositories in your organization. The presets can be added to the `renovate.json` file in the `extends` block.
 
 ## Available Presets
 

From cbcc1680a4cddc0071463b60e31498ae8f45fd07 Mon Sep 17 00:00:00 2001
From: Robin Lungwitz <robin.lungwitz@sap.com>
Date: Fri, 30 Jan 2026 17:51:29 +0100
Subject: [PATCH 3/3] fix: renovate config file detection on validation
 workflow

**WHY**
- do not validate non config files like README.md in the renovate-presets directory
---
 .github/workflows/validate-renovate-config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/validate-renovate-config.yml b/.github/workflows/validate-renovate-config.yml
index f8be4ec..f8eb74a 100644
--- a/.github/workflows/validate-renovate-config.yml
+++ b/.github/workflows/validate-renovate-config.yml
@@ -21,7 +21,7 @@ jobs:
           files: |
             renovate.json
             default.json
-            renovate-presets/**
+            renovate-presets/**/*.{json,json5}
           matrix: true
 
   validate-renovate-configs: