ci: activate renovateBot

[chickenandpork]

This PR activates the Renovate tool (a more capable Dependabot) to detect outdated dependencies and propose updates via PR; the PR then goes through standard build checks before being reviewed and accepted by a team member.

Renovate Overview for this repo would be at:

https://developer.mend.io/github/jqlang/bazel_rules_jq

[chickenandpork]

I think 6752b15 is sufficient to activate it -- bazel dependencies should get PRs by default, but I seem to have the config block this this fairly often:

  "packageRules": [
    {
      "enabled": true,
      "matchManagers": [ "bazel" ],
      ...
    }
  ],

Let's see if this activates. A later definition of "latest" to provide a default JQ version without a mutable tag behaviour might be next.

[chickenandpork]

OK. I've evolved this PR a bit:

Selective automerge has returned

  "packageRules": [
    {
      "enabled": true,
      "matchManagers": ["regex"],
      "matchUpdateTypes": ["patch", "minor"],
      "automerge": true
    }
  ],

For regex manager, after a PR builds/unittests cleanly, merge it on the next pass of Renovate if the update is a minor or patch revision.

Maintain a file

I've done this before to get some metadata written in duplicate when the project is maintained by renovate:

  "regexManagers": [
    {
      "fileMatch": ["renovate-regex.json$"],            <== maintain this file
      "matchStrings": [ ... some really whitespace-vulnerable regex  ... ],
      ...
    }
  ],

What this will do is cause the JSON-formatted content in .github/renovate-regex.json to be updated as Renovate detects a newer tag in GitHub of the form ^jq-[0-9]+(\.[0-9]+)?(\.[0-9]+)?$ -- so...jq-1.6, jq-1.7, jq-1.7.1, jq-1.8...

This ultimately means "allow renovateBot to merge a change detected in the regexManager, of which currently only one file is maintained". Essentially "update the version of JQ when the release tag bumps".

I intend to allow this to make a very deliberate update to a sane default value: when jq-1.7.1 or jq-1.8 is released, this will PR an update to change the default, and automerge it.

Currently unused, but I expect this to immediately suggest an update jq-1.6 --> jq-1.7; after confirming that this is cleanly managed, I can parse that file back in as a zero-effort maintained default value of 1.7 and move the parameter of jq_version to be optional with a sensible default.

HOLY MOLY this seems like a lot of effort

I love automation; I appreciate being able to position this and other slow changes on autopilot, even if the regex and data flows can be a puzzle. Thanks for allowing me to stitch these together.

[chickenandpork]

Flags me as reviewer. I see them faster and can click "yes, machine". Can still require clean checks at repo and org level.

[chickenandpork]

We can also flag a "team" within the "organization" as reviewers if we prefer. As well, Renovate will happily "choose 2 at random from this team" (I think I had that working at an employer a year ago)

[nicowilliams]

sure why not a team?

[chickenandpork]

89fe6e7 implements a suggestion: it's a more trivial "someone from this group" leveraging GitHub to map people rather than a list of people. I think Github can do this, but not Gitlab ?