chore(deps): expand Renovate config + add version policy (Step 9)

[Lemkinator]

Summary

• renovate.json: expand from minimal config to full package-grouped policy — adds kotlin, androidx-test, kotest, ktor, screenshot-testing, static-analysis groups; tightens minor automerge to safe packages only (patch+digest still automerge for all); adds oneui-design to ignoreDeps
• CLAUDE.md: new Version Policy section documenting the lockstep rules (Kotlin/KSP), known exception classes, and the manual lintDebug-before-push reminder

Test Plan

• Renovate opens grouped PRs within 24h of merge
• No existing functionality affected (config-only change)

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated CI workflow to use latest artifact upload tooling for improved reliability.
  • Enhanced automated dependency management with platform-wide automerging and refined update grouping rules.
  • Updated development documentation with dependency management guidelines.

[coderabbitai]

Warning

Review limit reached

@Lemkinator, we couldn't start this review because you've used your available PR reviews for now.

Your plan currently allows 1 review/hour. Refill in 54 minutes and 16 seconds.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more review capacity refills, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than trial, open-source, and free plans. In all cases, review capacity refills continuously over time.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 779e52ab-b433-4601-8887-71a8847ba802

📥 Commits

Reviewing files that changed from the base of the PR and between 67c2815 and 3d7b2a5.

📒 Files selected for processing (1)

• renovate.json

Walkthrough

This PR updates build configuration and dependency management across four files. The Gradle version catalog is refactored to rename the Android Gradle Plugin version key from gradle to agp, developer documentation is extended with a Version Policy describing the required lintDebug lint run after gradle changes, Renovate configuration is substantially updated to enable platform automerging and refine update grouping and automerge rules, and the CI workflow upgrades the artifact upload action from v4 to v7.

Changes

Build and dependency management updates

Layer / File(s)	Summary
Gradle version catalog refactoring and version policy gradle/libs.versions.toml, CLAUDE.md	Android Gradle Plugin version key renamed from gradle to agp (value remains 9.2.1), the android-application plugin reference updated to use the new key, and a new Version Policy section documents the requirement to run ./gradlew lintDebug after modifying libs.versions.toml or build.gradle.kts dependency blocks.
Renovate dependency automation and automerge configuration renovate.json	Platform-wide automerging enabled with platformAutomerge: true. Automerge rules reorganized to handle patch/digest updates separately from minor updates; new minor-update rule targeting specific Kotlin/testing/DI/coroutines packages added. Dependency grouping expanded with targeted rules for kotlin, hilt, androidx-test, kotest, screenshot-testing, github-actions, and static-analysis packages. Previously excluded io.github.lemkinator:common-utils removed from ignoreDeps.
CI artifact upload action version bump .github/workflows/ci.yml	Static-analysis job artifact upload step upgraded from actions/upload-artifact@v4 to actions/upload-artifact@v7.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 Gradle keys now shine with clarity,
Renovate hops with automaticity,
Build tools leap from v4 to v7's might,
Dependencies managed, the future's bright!
~The CodeRabbit

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: expanding Renovate configuration and adding a version policy section to documentation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch step/9-renovate-version-policy

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request introduces a comprehensive version policy in CLAUDE.md and refines the Renovate configuration by organizing dependencies into logical groups and defining specific automerge rules. Review feedback suggests moving platform-native automerge settings to the top level for better consistency and expanding the list of packages eligible for minor automerge to ensure that grouped updates are not blocked.

[Lemkinator]

/gemini review

[gemini-code-assist]

Code Review

This pull request updates the project's version policy in CLAUDE.md, renames the Gradle version reference to 'agp' for clarity in the libs.versions.toml file, and significantly restructures the Renovate configuration. The Renovate changes include enabling platform automerge and defining specific package groups and automerge rules for various dependencies. Feedback was provided regarding the accidental removal of the 'ignoreDeps' block in renovate.json, which is necessary to prevent Renovate from failing when attempting to fetch private dependencies from public registries.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

renovate.json (1)

1-88: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add missing ignoreDeps for io.github.tribalfs:oneui-design.

renovate.json has no ignoreDeps entry, so Renovate will keep proposing updates for io.github.tribalfs:oneui-design.

Proposed fix

 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "extends": [
     "config:recommended",
     ":disableDependencyDashboard",
     ":renovatePrefix",
     ":configMigration"
   ],
   "platformAutomerge": true,
+  "ignoreDeps": [
+    "io.github.tribalfs:oneui-design"
+  ],
   "packageRules": [

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@renovate.json` around lines 1 - 88, Add a top-level ignoreDeps entry for the
package so Renovate stops proposing updates for io.github.tribalfs:oneui-design;
specifically, in renovate.json add "ignoreDeps":
["io.github.tribalfs:oneui-design"] (using the exact group:artifact string)
alongside the existing keys (e.g., next to "$schema" / "extends" /
"packageRules") so the resolver will skip that dependency.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/ci.yml:
- Line 35: Replace the loose tag reference "uses: actions/upload-artifact@v7"
with the exact commit SHA that v7 currently resolves to (use "uses:
actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a") in every
occurrence (the two places where "actions/upload-artifact@v7" appears) to pin
the action to that specific commit and improve supply-chain integrity.

---

Outside diff comments:
In `@renovate.json`:
- Around line 1-88: Add a top-level ignoreDeps entry for the package so Renovate
stops proposing updates for io.github.tribalfs:oneui-design; specifically, in
renovate.json add "ignoreDeps": ["io.github.tribalfs:oneui-design"] (using the
exact group:artifact string) alongside the existing keys (e.g., next to
"$schema" / "extends" / "packageRules") so the resolver will skip that
dependency.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 948d9868-c556-45ef-bc90-ff9716dbb9c8

📥 Commits

Reviewing files that changed from the base of the PR and between 5a62d97 and 67c2815.

📒 Files selected for processing (4)

• .github/workflows/ci.yml
• CLAUDE.md
• gradle/libs.versions.toml
• renovate.json