Merge pull request #75 from SovereignCloudStack/syself/add-renovate

✨ add renovate for bumping dependencies
SovereignCloudStack · Apr 24, 2024 · d1e9e1a · d1e9e1a
2 parents d7a944d + 25047ab
commit d1e9e1a
Show file tree

Hide file tree

Showing 13 changed files with 313 additions and 6 deletions.
diff --git a/.github/renovate.json5 b/.github/renovate.json5
@@ -0,0 +1,47 @@
+{
+  extends: [
+    ":dependencyDashboard",
+    ":semanticPrefixFixDepsChoreOthers",
+    ":autodetectRangeStrategy",
+    ":disableRateLimiting",
+    ":semanticCommits",
+    "helpers:pinGitHubActionDigests",
+    "github>whitesource/merge-confidence:beta",
+    "github>SovereignCloudStack/cluster-stack-operator//.github/renovate/commitMessage.json5",
+    "github>SovereignCloudStack/cluster-stack-operator//.github/renovate/approval.json5",
+    "github>SovereignCloudStack/cluster-stack-operator//.github/renovate/golang.json5",
+    "github>SovereignCloudStack/cluster-stack-operator//.github/renovate/groups.json5",
+    "github>SovereignCloudStack/cluster-stack-operator//.github/renovate/labels.json5",
+    "github>SovereignCloudStack/cluster-stack-operator//.github/renovate/regexManagers.json5"
+  ],
+  platform: "github",
+  baseBranches: ["main"],
+  onboarding: false,
+  requireConfig: "ignored",
+  timezone: "Europe/Berlin",
+  // repo config
+  repositories: ["SovereignCloudStack/cluster-stack-operator"],
+  ignorePaths: [
+    "**/vendor/**",
+    "**/test/**",
+    "**/tests/**"
+  ],
+  username: "cluster-stack-bot[bot]",
+  gitAuthor: "cluster-stack-bot[bot] <143188378+cluster-stack-bot[bot]@users.noreply.github.com>",
+  // PR config
+  dependencyDashboardTitle: "Dependency Dashboard 🤖",
+  dependencyDashboardHeader: "",
+  prFooter: "",
+  suppressNotifications: ["prIgnoreNotification"],
+  rebaseWhen: "conflicted",
+  commitBodyTable: true,
+  prHourlyLimit: 1,
+  printConfig: true,
+  pruneStaleBranches: true,
+  allowPostUpgradeCommandTemplating: true,
+  separateMajorMinor: true,
+  separateMultipleMajor: true,
+  separateMinorPatch: true,
+  enabledManagers: ["dockerfile", "gomod", "github-actions", "regex"],
+  recreateClosed: true,
+}
diff --git a/.github/renovate/approval.json5 b/.github/renovate/approval.json5
@@ -0,0 +1,11 @@
+{
+  packageRules: [
+    {
+      matchUpdateTypes: ["major", "minor"],
+      matchManagers: ["gomod"],
+      matchDepTypes: ["golang"],
+      description: "Ask for approval for golang updates",
+      dependencyDashboardApproval: true,
+    },
+  ],
+}
diff --git a/.github/renovate/commitMessage.json5 b/.github/renovate/commitMessage.json5
@@ -0,0 +1,18 @@
+{
+  "commitMessagePrefix": ":seedling: ",
+  "commitMessageTopic": "{{depName}}",
+  "commitMessageExtra": "to {{newVersion}}",
+  "commitMessageSuffix": "",
+  "group": { commitMessageTopic: "{{{groupName}}} group" },
+  "packageRules": [
+    {
+      "matchDatasources": ["helm"],
+      "commitMessageTopic": "chart {{depName}}"
+    },
+    {
+      "matchDatasources": ["docker"],
+      "commitMessageTopic": "image {{depName}}",
+      "commitMessageExtra": "to {{#if isSingleVersion}}v{{{newVersion}}}{{else}}{{{newValue}}}{{/if}}"
+    }
+  ]
+}
diff --git a/.github/renovate/golang.json5 b/.github/renovate/golang.json5
@@ -0,0 +1,45 @@
+{
+  golang: {
+    postUpdateOptions: ["gomodTidy", "gomodUpdateImportPaths"],
+  },
+  // https://docs.renovatebot.com/configuration-options/#constraints
+  "constraints": {
+    "go": "1.21"
+  },
+  packageRules: [
+    {
+      description: "Disable Golang update for major and minor versions",
+      matchManagers: ["dockerfile"],
+      matchDepNames: ["docker.io/library/golang"],
+      matchUpdateTypes: ["major", "minor"],
+      enabled: false,
+    },
+    {
+      description: "Disable slim-sprig",
+      matchManagers: ["gomod"],
+      matchDepNames: ["github.com/go-task/slim-sprig"],
+      matchPaths: ["hack/tools/**"],
+      enabled: false,
+    },
+    {
+      description: "Disable update controller-tools",
+      matchManagers: ["gomod"],
+      matchDepNames: ["sigs.k8s.io/controller-runtime", "sigs.k8s.io/controller-tools", "github.com/google/go-github/v52"],
+      matchUpdateTypes: ["major", "minor"],
+      enabled: false,
+    },
+    {
+      description: "Disable update k8s packages",
+      matchManagers: ["gomod"],
+      matchDepNames: ["k8s.io/api", "k8s.io/apimachinery", "k8s.io/apiserver", "k8s.io/client-go", "k8s.io/kubectl", "k8s.io/code-generator"],
+      matchUpdateTypes: ["patch"],
+      enabled: true,
+    },
+    {
+      description: "Disable update cluster-api",
+      matchManagers: ["gomod"],
+      matchDepNames: ["sigs.k8s.io/cluster-api", "sigs.k8s.io/cluster-api/test", "sigs.k8s.io/cluster-api/hack/tools"],
+      enabled: false,
+    },
+  ],
+}
diff --git a/.github/renovate/groups.json5 b/.github/renovate/groups.json5
@@ -0,0 +1,78 @@
+{
+  packageRules: [
+    {
+      description: "Update Builder Image",
+      groupName: "Builder Image",
+      groupSlug: "cso-builder-image",
+      commitMessageTopic: "Builder Image group",
+      matchPaths: ["images/builder/**"],
+      separateMajorMinor: false,
+      separateMultipleMajor: false,
+      separateMinorPatch: false,
+      schedule: ["on the first day of the month"],
+    },
+    {
+      description: "Update Cso Image",
+      groupName: "Cso Image",
+      matchManagers: ["dockerfile", "regex"],
+      separateMajorMinor: false,
+      separateMultipleMajor: false,
+      separateMinorPatch: false,
+      matchPaths: ["images/cso/**"],
+      commitMessageTopic: "Cso Image group",
+      groupSlug: "cso-manager-image",
+      schedule: ["on monday"],
+    },
+    {
+      description: "Update Makefile",
+      groupName: "Makefile",
+      matchManagers: ["regex"],
+      separateMajorMinor: false,
+      separateMultipleMajor: false,
+      separateMinorPatch: false,
+      matchFiles: ["Makefile"],
+      commitMessageTopic: "Makefile group",
+      groupSlug: "makefile",
+    },
+    {
+      description: "Update Github Actions",
+      groupName: "github-actions",
+      matchManagers: ["github-actions"],
+      matchUpdateTypes: ["major", "minor", "patch", "digest", "pin", "pinDigest"],
+      pinDigests: true,
+      commitMessageTopic: "Github Actions group",
+      groupSlug: "github-actions",
+      schedule: ["on monday"],
+    },
+    {
+      description: "Update Bot Schedule",
+      matchManagers: ["github-actions"],
+      matchUpdateTypes: ["major", "minor", "patch"],
+      matchPackageNames: ["renovatebot/github-action"],
+      schedule: ["on the first day of the month"],
+    },
+    {
+      description: "Update Go Dev Dependencies",
+      groupName: "Update Go Dev Dependencies",
+      matchManagers: ["gomod"],
+      matchPaths: ["hack/tools/**"],
+      commitMessageTopic: "Go Dev Dependencies group",
+      groupSlug: "golang-devs-deps",
+    },
+    {
+      description: "Update Golang Dependencies",
+      groupName: "Update Golang Dependencies",
+      matchManagers: ["gomod"],
+      ignorePaths: ["hack/tools/**"],
+      commitMessageTopic: "Golang Dependencies group",
+      groupSlug: "golang-deps",
+    },
+    {
+      description: "disable update of cso builder image",
+      matchManagers: ["github-actions"],
+      matchUpdateTypes: ["major", "minor", "patch"],
+      matchPackageNames: ["ghcr.io/sovereigncloudstack/cso-builder"],
+      enabled: false,
+    },
+  ]
+}
diff --git a/.github/renovate/labels.json5 b/.github/renovate/labels.json5
@@ -0,0 +1,32 @@
+{
+    "packageRules": [
+      {
+        "matchUpdateTypes": ["major"],
+        "labels": ["type/major"]
+      },
+      {
+        "matchUpdateTypes": ["minor"],
+        "labels": ["type/minor"]
+      },
+      {
+        "matchUpdateTypes": ["patch"],
+        "labels": ["type/patch"]
+      },
+      {
+        "matchDatasources": ["helm"],
+        "addLabels": ["update/helm"]
+      },
+      {
+        "matchDatasources": ["docker"],
+        "addLabels": ["update/container"]
+      },
+      {
+        "matchManagers": ["github-actions"],
+        "addLabels": ["update/github-action"]
+      },
+      {
+        "matchDatasources": ["go"],
+        "addLabels": ["update/go"]
+      }
+    ]
+  }
diff --git a/.github/renovate/regexManagers.json5 b/.github/renovate/regexManagers.json5
@@ -0,0 +1,19 @@
+{
+  "regexManagers": [
+    {
+      "fileMatch": [".yaml$", ".yml$", "Makefile", "(^|/|\.)Dockerfile$", "(^|/)Dockerfile[^/]*$"],
+      "matchStrings": [
+        ".*(@|=|==|:\\s)(?<currentValue>[v0-9.-]+)\\s#\\supdate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( extractVersion=(?<extractVersion>.+?))?( versioning=(?<versioning>.*?))?\\s"
+      ],
+      "extractVersionTemplate":"{{#if extractVersion}}{{{extractVersion}}}{{/if}}",
+      "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}"
+    },
+    {
+      "fileMatch": ["(^|/|\.)Dockerfile$", "(^|/)Dockerfile[^/]*$"],
+      "matchStrings": [
+        "#\\s*update:\\s*datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\sENV .*?_VERSION=\"(?<currentValue>.*)\"\\s"
+      ],
+      "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}"
+    },
+  ]
+}
diff --git a/.github/workflows/schedule-update-bot.yaml b/.github/workflows/schedule-update-bot.yaml
@@ -0,0 +1,57 @@
+name: Schedule - Update Bot
+on: # yamllint disable-line rule:truthy
+  workflow_dispatch:
+    inputs:
+      dryRun:
+        description: "Dry-Run"
+        default: "false"
+        required: false
+      logLevel:
+        description: "Log-Level"
+        default: "debug"
+        required: false
+  schedule:
+    - cron: "0 11 * * *"
+  push:
+    branches:
+      - main
+    paths:
+      - ".github/renovate.json5"
+      - ".github/renovate/**.json5"
+env:
+  LOG_LEVEL: info
+  DRY_RUN: false
+  RENOVATE_CONFIG_FILE: .github/renovate.json5
+# yamllint disable rule:line-length
+jobs:
+  update-bot:
+    if: github.repository == 'SovereignCloudStack/cluster-stack-operator'
+    name: Renovate
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Generate Token
+        uses: actions/create-github-app-token@f4c6bf6752984b3a29fcc135a5e70eb792c40c6b # v1
+        id: generate-token
+        with:
+          app-id: ${{ secrets.SCS_APP_ID }}
+          private-key: ${{ secrets.SCS_APP_PRIVATE_KEY }}
+
+      - name: Override default config from dispatch variables
+        run: |
+          echo "DRY_RUN=${{ github.event.inputs.dryRun || env.DRY_RUN }}" >> "$GITHUB_ENV"
+          echo "LOG_LEVEL=${{ github.event.inputs.logLevel || env.LOG_LEVEL }}" >> "$GITHUB_ENV"
+
+      - name: Renovate
+        uses: renovatebot/github-action@f9c81dddc9b589e4e6ae0326d1e36f6bc415d230 # v39.2.4
+        env:
+          RENOVATE_HOST_RULES: '[{"hostType": "docker", "matchHost": "ghcr.io", "username": "${{ github.actor }}", "password": "${{ secrets.GITHUB_TOKEN }}" }]'
+          RENOVATE_ALLOWED_POST_UPGRADE_COMMANDS: '[".*"]'
+          BUILDER_IMAGE: 'ghcr.io/sovereigncloudstack/cso'
+          RENOVATE_POST_UPGRADE_TASKS: '{ commands: ["BUILD_IMAGE_TOKEN=${{ secrets.GITHUB_TOKEN }} BUILD_IMAGE_USER=${{ github.actor }} CI=true ./hack/upgrade-builder-image.sh"], fileFilters: ["Makefile", ".github/**/*.yml", ".github/**/*.yaml"], executionMode: "branch"}'
+        with:
+          configurationFile: ${{ env.RENOVATE_CONFIG_FILE }}
+          token: "x-access-token:${{ steps.generate-token.outputs.token }}"
+          mount-docker-socket: "true"
diff --git a/.hadolint.yaml b/.hadolint.yaml
@@ -4,4 +4,4 @@ ignored: []
 no-color: false
 no-fail: false
 strict-labels: false
-disable-ignore-pragma: false
+disable-ignore-pragma: false
diff --git a/.yamllint.yaml b/.yamllint.yaml
@@ -10,7 +10,7 @@ rules:
     spaces: 2
     indent-sequences: consistent
   line-length: disable
-  new-line-at-end-of-file: disable
+  new-line-at-end-of-file: enable
   truthy: disable
   document-start: false
   comments:
@@ -26,4 +26,4 @@ ignore:
   - _artifacts
   - config/crd/**/*.yaml
   - config/rbac/**/*.yaml
-  - config/webhook/**/*.yaml
+  - config/webhook/**/*.yaml
diff --git a/config/certmanager/certificate.yaml b/config/certmanager/certificate.yaml
@@ -25,4 +25,4 @@ spec:
   secretName: cso-webhook-server-cert  # this secret will not be prefixed, since it's not managed by kustomize
   subject:
     organizations:
-    - k8s-sig-cluster-lifecycle
+    - k8s-sig-cluster-lifecycle
diff --git a/config/manager/credentials.yaml b/config/manager/credentials.yaml
@@ -8,4 +8,4 @@ data:
   git-provider: ${GIT_PROVIDER_B64:=""}
   git-org-name: ${GIT_ORG_NAME_B64:=""}
   git-repo-name: ${GIT_REPOSITORY_NAME_B64:=""}
-  git-access-token: ${GIT_ACCESS_TOKEN_B64:=""}
+  git-access-token: ${GIT_ACCESS_TOKEN_B64:=""}
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
@@ -1,3 +1,3 @@
 resources:
 - manager.yaml
-- credentials.yaml
+- credentials.yaml