config
Configuration
{
"name": "company/project",
"extra": {
"violinist": {
"rules": [
{
"name": "Symfony packages",
"slug": "symfony-group",
"matchRules": [
{
"type": "names",
"values": ["symfony/*"]
}
],
"config": {
"automerge": 1
}
}
]
}
}
}
An optional configuration object that overrides the base Violinist configuration for packages matching this rule.
Explanation
The config property allows you to specify different configuration settings for different groups of packages. Any Violinist configuration option can be set here, and it will override the base configuration (or default values) for packages that match the rule.
This is particularly useful for:
- Automerging certain packages but not others
- Applying different labels or assignees to different package groups
- Setting different update strategies for different package types
- Directing updates to different branches based on package importance
Available Configuration Options
Any configuration option that can be set at the root level can also be set in a rule's config. Some commonly used options include:
Update Behavior
automerge- Enable/disable automerge for matching packagesautomerge_security- Enable/disable automerge for security updatesautomerge_method- Set merge method (merge, rebase, squash)automerge_method_security- Set merge method for security updatescomposer_outdated_flag- Update level (major, minor, patch)update_dev_dependencies- Include/exclude dev dependenciessecurity_updates_only- Only update security vulnerabilities
Pull Request Settings
labels- Array of labels to add to pull requestslabels_security- Array of labels for security update pull requestsassignees- Array of usernames to assign to pull requestsdefault_branch- Target branch for pull requestsdefault_branch_security- Target branch for security update pull requestsone_pull_request_per_package- Create separate PRs per package
Filtering
allow_list- Explicitly allow specific packagesblocklist- Block specific packagescheck_only_direct_dependencies- Only check direct dependencies
Scheduling
timeframe_disallowed- Time window to avoid creating updatestimezone- Timezone for scheduling
Other Options
branch_prefix- Prefix for created branchescommit_message_convention- Commit message formatbundled_packages- Package bundling configuration
For a complete list of all configuration options, see the configuration documentation.
Examples
Example 1: Automerge with Labels
Automerge Symfony packages and add specific labels:
{
"name": "company/project",
"extra": {
"violinist": {
"rules": [
{
"name": "Symfony packages",
"matchRules": [
{
"type": "names",
"values": ["symfony/*"]
}
],
"config": {
"automerge": 1,
"labels": ["symfony", "dependencies", "automerge"]
}
}
]
}
}
}
Example 2: Different Branches for Different Packages
Send core package updates to a staging branch:
{
"name": "company/project",
"extra": {
"violinist": {
"rules": [
{
"name": "Core Framework Packages",
"matchRules": [
{
"type": "names",
"values": ["laravel/framework", "symfony/symfony"]
}
],
"config": {
"default_branch": "staging",
"assignees": ["tech-lead"]
}
}
]
}
}
}
Example 3: Patch-only Updates for Production
Only apply patch-level updates to Magento packages and automerge security fixes:
{
"name": "company/project",
"extra": {
"violinist": {
"rules": [
{
"name": "Magento Core",
"matchRules": [
{
"type": "names",
"values": ["magento/*"]
}
],
"config": {
"composer_outdated_flag": "patch",
"automerge_security": 1,
"labels": ["magento", "production"]
}
}
]
}
}
}
Example 4: Dev Dependencies Handling
Automerge dev dependencies but not production ones:
{
"name": "company/project",
"extra": {
"violinist": {
"automerge": 0,
"rules": [
{
"name": "Testing and Development Tools",
"matchRules": [
{
"type": "names",
"values": [
"phpunit/*",
"phpstan/*",
"laravel/telescope"
]
}
],
"config": {
"automerge": 1,
"labels": ["dev-dependencies"]
}
}
]
}
}
}
Example 5: Security Updates to Separate Branch
Direct all security updates for critical packages to a security branch:
{
"name": "company/project",
"extra": {
"violinist": {
"rules": [
{
"name": "Critical Security Packages",
"matchRules": [
{
"type": "names",
"values": [
"guzzlehttp/*",
"symfony/security-*",
"firebase/*"
]
}
],
"config": {
"default_branch_security": "security-patches",
"automerge_security": 1,
"labels_security": ["security", "high-priority"],
"assignees": ["security-team"]
}
}
]
}
}
}
Configuration Merging
When multiple rules match the same package, their configurations are merged. Later rules in the array will override settings from earlier rules if there are conflicts.
For example:
{
"rules": [
{
"name": "All Laravel Packages",
"matchRules": [{"type": "names", "values": ["laravel/*"]}],
"config": {
"labels": ["laravel"],
"automerge": 0
}
},
{
"name": "Laravel Development Packages",
"matchRules": [{"type": "names", "values": ["laravel/telescope", "laravel/horizon"]}],
"config": {
"labels": ["laravel-dev"],
"automerge": 1
}
}
]
}
In this example, laravel/telescope will match both rules. The final configuration will be:
labels:["laravel-dev"](overridden by second rule)automerge:1(overridden by second rule)