From 3d98a14e4541f5431ac04dfb2f6104f5bb7c7d50 Mon Sep 17 00:00:00 2001
From: Danijel Martinek <danijel@fraqtal.xyz>
Date: Thu, 14 May 2026 19:18:20 +0200
Subject: [PATCH] chore(work): finish 03-renovate-adoption

---
 .../03-renovate-adoption/_story.md                    |  4 ++--
 docs/work/_state.json                                 | 11 +++--------
 2 files changed, 5 insertions(+), 10 deletions(-)

diff --git a/docs/work/2026-05-14-ci-security-and-supply-chain/03-renovate-adoption/_story.md b/docs/work/2026-05-14-ci-security-and-supply-chain/03-renovate-adoption/_story.md
index 49413d0..e8ed542 100644
--- a/docs/work/2026-05-14-ci-security-and-supply-chain/03-renovate-adoption/_story.md
+++ b/docs/work/2026-05-14-ci-security-and-supply-chain/03-renovate-adoption/_story.md
@@ -3,7 +3,7 @@ id: 03-renovate-adoption
 epic: 2026-05-14-ci-security-and-supply-chain
 title: Renovate adoption
 type: technical-story
-status: todo
+status: done
 feature: tooling
 depends-on: []
 blocks: [09-ci-security-guide-and-docs]
@@ -37,4 +37,4 @@ Major-tag pinning for GitHub Actions is documented insecure — the 2025 `tj-act
 
 ## Tasks
 
-- [ ] Create `.github/renovate.json` extending presets `config:base`, `helpers:pinGitHubActionDigests`, `:separateMajorReleases`, `:automergeMinor`, `:automergePatch`; add `packageRules` grouping `@sentry/*`, `@opentelemetry/*`, `@trpc/*`, `payload*`, `inversify*` into weekly per-cluster PRs; enable Dockerfile manager for `.sandcastle/Dockerfile`; set `dependencyDashboard: true`; set `commitMessagePrefix` to enforce `chore(deps):` / `chore(deps-major):` per Conventional Commits; one commit, all gates pass.
+- [x] Create `.github/renovate.json` extending presets `config:base`, `helpers:pinGitHubActionDigests`, `:separateMajorReleases`, `:automergeMinor`, `:automergePatch`; add `packageRules` grouping `@sentry/*`, `@opentelemetry/*`, `@trpc/*`, `payload*`, `inversify*` into weekly per-cluster PRs; enable Dockerfile manager for `.sandcastle/Dockerfile`; set `dependencyDashboard: true`; set `commitMessagePrefix` to enforce `chore(deps):` / `chore(deps-major):` per Conventional Commits; one commit, all gates pass.
diff --git a/docs/work/_state.json b/docs/work/_state.json
index a446599..c830447 100644
--- a/docs/work/_state.json
+++ b/docs/work/_state.json
@@ -1,5 +1,5 @@
 {
-  "updated_at": "2026-05-14T17:16:32.410Z",
+  "updated_at": "2026-05-14T17:18:20.990Z",
   "epics": {
     "2026-05-13-binder-wrap-helper": {
       "status": "done",
@@ -65,10 +65,10 @@
           ]
         },
         "03-renovate-adoption": {
-          "status": "todo",
+          "status": "done",
           "title": "Renovate adoption",
           "ac_total": 1,
-          "ac_completed": 0,
+          "ac_completed": 1,
           "depends_on": [],
           "blocks": [
             "09-ci-security-guide-and-docs"
@@ -258,11 +258,6 @@
     }
   },
   "ready": [
-    {
-      "epic": "2026-05-14-ci-security-and-supply-chain",
-      "story": "03-renovate-adoption",
-      "title": "Renovate adoption"
-    },
     {
       "epic": "2026-05-14-ci-security-and-supply-chain",
       "story": "04-major-bump-reevaluation",