diff --git a/.github/renovate.json5 b/.github/renovate.json5 index b0545e4c2..91c18fba2 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -1,29 +1,29 @@ { "extends": [ - "config:base", + "config:recommended", "docker:enableMajor", ":disableRateLimiting", ":dependencyDashboard", ":semanticCommits", - ":enablePreCommit", + ":automergeDigest", + ":automergeBranch", "github>auricom/home-ops//.github/renovate/allowedVersions.json5", "github>auricom/home-ops//.github/renovate/autoMerge.json5", "github>auricom/home-ops//.github/renovate/commitMessage.json5", + "github>auricom/home-ops//.github/renovate/customDatasources.json5", + "github>auricom/home-ops//.github/renovate/customManagers.json5", "github>auricom/home-ops//.github/renovate/groups.json5", - "github>auricom/home-ops//.github/renovate/labels.json5" + "github>auricom/home-ops//.github/renovate/labels.json5", + "github>auricom/home-ops//.github/renovate/packageRules.json5", + "helpers:pinGitHubActionDigests" ], "platform": "github", - "username": "feisar-bot[bot]", - "repositories": ["auricom/home-ops"], - "assignees": ["auricom"], + "platformCommit": true, "onboarding": false, "requireConfig": "optional", - "gitAuthor": "feisar-bot ", "dependencyDashboardTitle": "Renovate Dashboard 🤖", "suppressNotifications": ["prIgnoreNotification"], - "rebaseWhen": "conflicted", - "commitBodyTable": true, - "commitMessagePrefix": "⬆️", + "ignorePaths": ["**/archive/**"], "flux": { "fileMatch": ["(^|/)kubernetes/.+\\.ya?ml(\\.j2)?$"] }, @@ -36,62 +36,5 @@ "(^|/)ansible/.+\\.ya?ml(\\.j2)?$", "(^|/)kubernetes/.+\\.ya?ml(\\.j2)?$" ] - }, - "regexManagers": [ - { - "description": "Process custom dependencies", - "fileMatch": [ - "(^|/)ansible/.+\\.ya?ml(\\.j2)?$", - "(^|/)kubernetes/.+\\.ya?ml(\\.j2)?$" - ], - "matchStrings": [ - // Example: `k3s_release_version: "v1.27.3+k3s1"` - "datasource=(?\\S+) depName=(?\\S+)( versioning=(?\\S+))?\n.*?\"(?.*)\"\n", - // Example: `- https://github.com/rancher/system-upgrade-controller/releases/download/v0.11.0/crd.yaml` - // `- https://github.com/argoproj/argo-cd/raw/v2.7.10/manifests/install.yaml` - // `- https://github.com/argoproj/argo-cd/raw/v2.7.10/manifests/ha/install.yaml` - // `- https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/21.1.1/kubernetes/kubernetes.yml` - "datasource=(?\\S+) depName=(?\\S+)( versioning=(?\\S+))?\n.*?-\\s(.*?)\/(?(v|\\d)[^/]+)\/\\S+\n", - // Example: apiVersion=helm.cattle.io/v1 kind=HelmChart - "datasource=(?\\S+)\n.*?repo: (?\\S+)\n.*?chart: (?\\S+)\n.*?version: (?\\S+)\n" - ], - "datasourceTemplate": "{{#if datasource}}{{{datasource}}}{{else}}github-releases{{/if}}", - "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}" - }, - { - "description": "Process CloudnativePG Postgresql version", - "fileMatch": [ - "(^|/)kubernetes/.+\\.ya?ml(\\.j2)?$" - ], - "matchStrings": [ - "imageName: (?\\S+):(?.*\\-.*)" - ], - "datasourceTemplate": "docker", - "versioningTemplate": "redhat" - } - ], - "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "packageRules": [ - // setup datasources - { - "matchDatasources": ["helm"], - "ignoreDeprecated": true - }, - { - "matchDatasources": ["docker"], - "matchUpdateTypes": ["major", "minor", "patch"], - "commitMessageExtra": "to {{newVersion}}" - }, - // custom versioning - { - "matchDatasources": ["docker"], - "versioning": "loose", - "matchPackagePatterns": ["changedetection", "qbittorrent"] - }, - { - "matchDatasources": ["docker"], - "matchPackageNames": ["ghcr.io/linuxserver/calibre"], - "versioning": "regex:^version-v?(?\\d+)\\.(?\\d+)\\.(?\\d+)$" - } - ] + } } diff --git a/.github/renovate/commitMessage.json5 b/.github/renovate/commitMessage.json5 index 3fea62872..08fbaa84c 100644 --- a/.github/renovate/commitMessage.json5 +++ b/.github/renovate/commitMessage.json5 @@ -2,6 +2,7 @@ "$schema": "https://docs.renovatebot.com/renovate-schema.json", "commitMessageTopic": "{{depName}}", "commitMessageExtra": "to {{newVersion}}", + "commitMessagePrefix": "⬆️", "commitMessageSuffix": "", "packageRules": [ { @@ -11,6 +12,11 @@ { "matchDatasources": ["docker"], "commitMessageTopic": "image {{depName}}" + }, + { + "matchDatasources": ["custom.grafana-dashboards"], + "commitMessageTopic": "dashboard {{depName}}", + "commitMessageExtra": "to revision {{newVersion}}" } ] } diff --git a/.github/renovate/customDatasources.json5 b/.github/renovate/customDatasources.json5 new file mode 100644 index 000000000..0c15007fd --- /dev/null +++ b/.github/renovate/customDatasources.json5 @@ -0,0 +1,12 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "customDatasources": { + "grafana-dashboards": { + "defaultRegistryUrlTemplate": "https://grafana.com/api/dashboards/{{packageName}}", + "format": "json", + "transformTemplates": [ + "{\"releases\":[{\"version\": $string(revision)}]}" + ] + } + } +} diff --git a/.github/renovate/customManagers.json5 b/.github/renovate/customManagers.json5 new file mode 100644 index 000000000..e816a1061 --- /dev/null +++ b/.github/renovate/customManagers.json5 @@ -0,0 +1,50 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "customManagers": [ + { + "customType": "regex", + "description": "Process custom dependencies", + "fileMatch": [ + "(^|/)ansible/.+\\.ya?ml(\\.j2)?$", + "(^|/)kubernetes/.+\\.ya?ml(\\.j2)?$" + ], + "matchStrings": [ + // Example: `k3s_release_version: "v1.27.3+k3s1"` + "datasource=(?\\S+) depName=(?\\S+)( versioning=(?\\S+))?\n.*?\"(?.*)\"\n", + // Example: `- https://github.com/rancher/system-upgrade-controller/releases/download/v0.11.0/crd.yaml` + // `- https://github.com/argoproj/argo-cd/raw/v2.7.10/manifests/install.yaml` + // `- https://github.com/argoproj/argo-cd/raw/v2.7.10/manifests/ha/install.yaml` + // `- https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/21.1.1/kubernetes/kubernetes.yml` + "datasource=(?\\S+) depName=(?\\S+)( versioning=(?\\S+))?\n.*?-\\s(.*?)\/(?(v|\\d)[^/]+)\/\\S+\n", + // Example: apiVersion=helm.cattle.io/v1 kind=HelmChart + "datasource=(?\\S+)\n.*?repo: (?\\S+)\n.*?chart: (?\\S+)\n.*?version: (?\\S+)\n" + ], + "datasourceTemplate": "{{#if datasource}}{{{datasource}}}{{else}}github-releases{{/if}}", + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}" + }, + { + "customType": "regex", + "description": "Process CloudnativePG Postgresql version", + "fileMatch": [ + "(^|/)kubernetes/.+\\.ya?ml(\\.j2)?$" + ], + "matchStrings": [ + "imageName: (?\\S+):(?.*\\-.*)" + ], + "datasourceTemplate": "docker", + "versioningTemplate": "redhat" + }, + { + "customType": "regex", + "description": "Process Grafana dashboards", + "fileMatch": [ + "(^|/)kubernetes/.+\\.ya?ml(\\.j2)?$" + ], + "matchStrings": [ + "depName=\"(?.*)\"\\n\\s+gnetId:\\s+(?.*?)\\n\\s+revision:\\s+(?.*)" + ], + "datasourceTemplate": "custom.grafana-dashboards", + "versioningTemplate": "regex:^(?\\d+)$" + } + ] +} diff --git a/.github/renovate/packageRules.json5 b/.github/renovate/packageRules.json5 new file mode 100644 index 000000000..534383ecf --- /dev/null +++ b/.github/renovate/packageRules.json5 @@ -0,0 +1,16 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "packageRules": [ + { + "description": "Loose versioning for non-semver packages", + "matchDatasources": ["docker"], + "versioning": "loose", + "matchPackagePatterns": ["qbittorrent"] + }, + { + "matchDatasources": ["docker"], + "matchPackageNames": ["ghcr.io/linuxserver/calibre"], + "versioning": "regex:^version-v?(?\\d+)\\.(?\\d+)\\.(?\\d+)$" + } + ] +} diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 35794f7dc..d7ab271c7 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -1,50 +1,60 @@ +--- name: "Renovate" on: workflow_dispatch: inputs: dryRun: - description: "Dry-Run" + description: Dry Run default: "false" required: false logLevel: - description: "Log-Level" - default: "debug" + description: Log Level + default: debug required: false schedule: - cron: "0 * * * *" push: branches: ["main"] paths: - - ".github/renovate.json5" - - ".github/renovate/**.json5" + - .github/renovate.json5 + - .github/renovate/**.json5 +# Retrieve BOT_USER_ID via `curl -s "https://api.github.com/users/${BOT_USERNAME}%5Bbot%5D" | jq .id` env: + DRY_RUN: false LOG_LEVEL: debug - RENOVATE_DRY_RUN: false - RENOVATE_CONFIG_FILE: .github/renovate.json5 + RENOVATE_ONBOARDING_CONFIG_FILE_NAME: .github/renovate.json5 + RENOVATE_AUTODISCOVER: true + RENOVATE_AUTODISCOVER_FILTER: "${{ github.repository }}" + RENOVATE_USERNAME: "${{ secrets.BOT_USERNAME }}[bot]" + RENOVATE_GIT_AUTHOR: "${{ secrets.BOT_USERNAME }} <${{ secrets.BOT_USER_ID }}+${{ secrets.BOT_USERNAME }}[bot]@users.noreply.github.com>" jobs: renovate: name: Renovate runs-on: ubuntu-latest steps: + - name: Generate Token + uses: actions/create-github-app-token@e995b4e40ace2eb5bf13137d9abe242c98f3aab6 # v1.6.0 + id: app-token + with: + app-id: "${{ secrets.BOT_APP_ID }}" + private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Generate Token - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 - id: generate-token with: - app_id: "${{ secrets.BOT_APP_ID }}" - private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + token: "${{ steps.app-token.outputs.token }}" - name: Override default config from dispatch variables + shell: bash run: | - echo "RENOVATE_DRY_RUN=${{ github.event.inputs.dryRun || env.RENOVATE_DRY_RUN }}" >> "${GITHUB_ENV}" + echo "RENOVATE_DRY_RUN=${{ github.event.inputs.dryRun || env.DRY_RUN }}" >> "${GITHUB_ENV}" echo "LOG_LEVEL=${{ github.event.inputs.logLevel || env.LOG_LEVEL }}" >> "${GITHUB_ENV}" + - name: Renovate uses: renovatebot/github-action@5d3fbef92a76cbf78f5732d17c07a2e76e6f7555 # v39.1.4 with: - configurationFile: "${{ env.RENOVATE_CONFIG_FILE }}" - token: "${{ steps.generate-token.outputs.token }}" + configurationFile: "${{ env.RENOVATE_ONBOARDING_CONFIG_FILE_NAME }}" + token: "${{ steps.app-token.outputs.token }}"