diff --git a/.github/renovate.json5 b/.github/renovate.json5 new file mode 100644 index 000000000..dcd6b6bec --- /dev/null +++ b/.github/renovate.json5 @@ -0,0 +1,47 @@ +{ + extends: [ + ":dependencyDashboard", + ":semanticPrefixFixDepsChoreOthers", + ":autodetectRangeStrategy", + ":disableRateLimiting", + ":semanticCommits", + "helpers:pinGitHubActionDigests", + "github>whitesource/merge-confidence:beta", + "github>SovereignCloudStack/cluster-stack-operator//.github/renovate/commitMessage.json5", + "github>SovereignCloudStack/cluster-stack-operator//.github/renovate/approval.json5", + "github>SovereignCloudStack/cluster-stack-operator//.github/renovate/golang.json5", + "github>SovereignCloudStack/cluster-stack-operator//.github/renovate/groups.json5", + "github>SovereignCloudStack/cluster-stack-operator//.github/renovate/labels.json5", + "github>SovereignCloudStack/cluster-stack-operator//.github/renovate/regexManagers.json5" + ], + platform: "github", + baseBranches: ["main"], + onboarding: false, + requireConfig: "ignored", + timezone: "Europe/Berlin", + // repo config + repositories: ["SovereignCloudStack/cluster-stack-operator"], + ignorePaths: [ + "**/vendor/**", + "**/test/**", + "**/tests/**" + ], + username: "cluster-stack-bot[bot]", + gitAuthor: "cluster-stack-bot[bot] <143188378+cluster-stack-bot[bot]@users.noreply.github.com>", + // PR config + dependencyDashboardTitle: "Dependency Dashboard 🤖", + dependencyDashboardHeader: "", + prFooter: "", + suppressNotifications: ["prIgnoreNotification"], + rebaseWhen: "conflicted", + commitBodyTable: true, + prHourlyLimit: 1, + printConfig: true, + pruneStaleBranches: true, + allowPostUpgradeCommandTemplating: true, + separateMajorMinor: true, + separateMultipleMajor: true, + separateMinorPatch: true, + enabledManagers: ["dockerfile", "gomod", "github-actions", "regex"], + recreateClosed: true, +} diff --git a/.github/renovate/approval.json5 b/.github/renovate/approval.json5 new file mode 100644 index 000000000..757cfba88 --- /dev/null +++ b/.github/renovate/approval.json5 @@ -0,0 +1,11 @@ +{ + packageRules: [ + { + matchUpdateTypes: ["major", "minor"], + matchManagers: ["gomod"], + matchDepTypes: ["golang"], + description: "Ask for approval for golang updates", + dependencyDashboardApproval: true, + }, + ], +} diff --git a/.github/renovate/commitMessage.json5 b/.github/renovate/commitMessage.json5 new file mode 100644 index 000000000..d6234c348 --- /dev/null +++ b/.github/renovate/commitMessage.json5 @@ -0,0 +1,18 @@ +{ + "commitMessagePrefix": ":seedling: ", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "to {{newVersion}}", + "commitMessageSuffix": "", + "group": { commitMessageTopic: "{{{groupName}}} group" }, + "packageRules": [ + { + "matchDatasources": ["helm"], + "commitMessageTopic": "chart {{depName}}" + }, + { + "matchDatasources": ["docker"], + "commitMessageTopic": "image {{depName}}", + "commitMessageExtra": "to {{#if isSingleVersion}}v{{{newVersion}}}{{else}}{{{newValue}}}{{/if}}" + } + ] +} diff --git a/.github/renovate/golang.json5 b/.github/renovate/golang.json5 new file mode 100644 index 000000000..657e09246 --- /dev/null +++ b/.github/renovate/golang.json5 @@ -0,0 +1,45 @@ +{ + golang: { + postUpdateOptions: ["gomodTidy", "gomodUpdateImportPaths"], + }, + // https://docs.renovatebot.com/configuration-options/#constraints + "constraints": { + "go": "1.21" + }, + packageRules: [ + { + description: "Disable Golang update for major and minor versions", + matchManagers: ["dockerfile"], + matchDepNames: ["docker.io/library/golang"], + matchUpdateTypes: ["major", "minor"], + enabled: false, + }, + { + description: "Disable slim-sprig", + matchManagers: ["gomod"], + matchDepNames: ["github.com/go-task/slim-sprig"], + matchPaths: ["hack/tools/**"], + enabled: false, + }, + { + description: "Disable update controller-tools", + matchManagers: ["gomod"], + matchDepNames: ["sigs.k8s.io/controller-runtime", "sigs.k8s.io/controller-tools", "github.com/google/go-github/v52"], + matchUpdateTypes: ["major", "minor"], + enabled: false, + }, + { + description: "Disable update k8s packages", + matchManagers: ["gomod"], + matchDepNames: ["k8s.io/api", "k8s.io/apimachinery", "k8s.io/apiserver", "k8s.io/client-go", "k8s.io/kubectl", "k8s.io/code-generator"], + matchUpdateTypes: ["patch"], + enabled: true, + }, + { + description: "Disable update cluster-api", + matchManagers: ["gomod"], + matchDepNames: ["sigs.k8s.io/cluster-api", "sigs.k8s.io/cluster-api/test", "sigs.k8s.io/cluster-api/hack/tools"], + enabled: false, + }, + ], +} diff --git a/.github/renovate/groups.json5 b/.github/renovate/groups.json5 new file mode 100644 index 000000000..8447bd998 --- /dev/null +++ b/.github/renovate/groups.json5 @@ -0,0 +1,78 @@ +{ + packageRules: [ + { + description: "Update Builder Image", + groupName: "Builder Image", + groupSlug: "cso-builder-image", + commitMessageTopic: "Builder Image group", + matchPaths: ["images/builder/**"], + separateMajorMinor: false, + separateMultipleMajor: false, + separateMinorPatch: false, + schedule: ["on the first day of the month"], + }, + { + description: "Update Cso Image", + groupName: "Cso Image", + matchManagers: ["dockerfile", "regex"], + separateMajorMinor: false, + separateMultipleMajor: false, + separateMinorPatch: false, + matchPaths: ["images/cso/**"], + commitMessageTopic: "Cso Image group", + groupSlug: "cso-manager-image", + schedule: ["on monday"], + }, + { + description: "Update Makefile", + groupName: "Makefile", + matchManagers: ["regex"], + separateMajorMinor: false, + separateMultipleMajor: false, + separateMinorPatch: false, + matchFiles: ["Makefile"], + commitMessageTopic: "Makefile group", + groupSlug: "makefile", + }, + { + description: "Update Github Actions", + groupName: "github-actions", + matchManagers: ["github-actions"], + matchUpdateTypes: ["major", "minor", "patch", "digest", "pin", "pinDigest"], + pinDigests: true, + commitMessageTopic: "Github Actions group", + groupSlug: "github-actions", + schedule: ["on monday"], + }, + { + description: "Update Bot Schedule", + matchManagers: ["github-actions"], + matchUpdateTypes: ["major", "minor", "patch"], + matchPackageNames: ["renovatebot/github-action"], + schedule: ["on the first day of the month"], + }, + { + description: "Update Go Dev Dependencies", + groupName: "Update Go Dev Dependencies", + matchManagers: ["gomod"], + matchPaths: ["hack/tools/**"], + commitMessageTopic: "Go Dev Dependencies group", + groupSlug: "golang-devs-deps", + }, + { + description: "Update Golang Dependencies", + groupName: "Update Golang Dependencies", + matchManagers: ["gomod"], + ignorePaths: ["hack/tools/**"], + commitMessageTopic: "Golang Dependencies group", + groupSlug: "golang-deps", + }, + { + description: "disable update of cso builder image", + matchManagers: ["github-actions"], + matchUpdateTypes: ["major", "minor", "patch"], + matchPackageNames: ["ghcr.io/sovereigncloudstack/cso-builder"], + enabled: false, + }, + ] +} diff --git a/.github/renovate/labels.json5 b/.github/renovate/labels.json5 new file mode 100644 index 000000000..216100d2d --- /dev/null +++ b/.github/renovate/labels.json5 @@ -0,0 +1,32 @@ +{ + "packageRules": [ + { + "matchUpdateTypes": ["major"], + "labels": ["type/major"] + }, + { + "matchUpdateTypes": ["minor"], + "labels": ["type/minor"] + }, + { + "matchUpdateTypes": ["patch"], + "labels": ["type/patch"] + }, + { + "matchDatasources": ["helm"], + "addLabels": ["update/helm"] + }, + { + "matchDatasources": ["docker"], + "addLabels": ["update/container"] + }, + { + "matchManagers": ["github-actions"], + "addLabels": ["update/github-action"] + }, + { + "matchDatasources": ["go"], + "addLabels": ["update/go"] + } + ] + } diff --git a/.github/renovate/regexManagers.json5 b/.github/renovate/regexManagers.json5 new file mode 100644 index 000000000..1f7345348 --- /dev/null +++ b/.github/renovate/regexManagers.json5 @@ -0,0 +1,19 @@ +{ + "regexManagers": [ + { + "fileMatch": [".yaml$", ".yml$", "Makefile", "(^|/|\.)Dockerfile$", "(^|/)Dockerfile[^/]*$"], + "matchStrings": [ + ".*(@|=|==|:\\s)(?[v0-9.-]+)\\s#\\supdate: datasource=(?.*?) depName=(?.*?)( extractVersion=(?.+?))?( versioning=(?.*?))?\\s" + ], + "extractVersionTemplate":"{{#if extractVersion}}{{{extractVersion}}}{{/if}}", + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}" + }, + { + "fileMatch": ["(^|/|\.)Dockerfile$", "(^|/)Dockerfile[^/]*$"], + "matchStrings": [ + "#\\s*update:\\s*datasource=(?.*?) depName=(?.*?)( versioning=(?.*?))?\\sENV .*?_VERSION=\"(?.*)\"\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}" + }, + ] +} diff --git a/.github/workflows/schedule-update-bot.yaml b/.github/workflows/schedule-update-bot.yaml new file mode 100644 index 000000000..2feff468e --- /dev/null +++ b/.github/workflows/schedule-update-bot.yaml @@ -0,0 +1,57 @@ +name: Schedule - Update Bot +on: # yamllint disable-line rule:truthy + workflow_dispatch: + inputs: + dryRun: + description: "Dry-Run" + default: "false" + required: false + logLevel: + description: "Log-Level" + default: "debug" + required: false + schedule: + - cron: "0 11 * * *" + push: + branches: + - main + paths: + - ".github/renovate.json5" + - ".github/renovate/**.json5" +env: + LOG_LEVEL: info + DRY_RUN: false + RENOVATE_CONFIG_FILE: .github/renovate.json5 +# yamllint disable rule:line-length +jobs: + update-bot: + if: github.repository == 'SovereignCloudStack/cluster-stack-operator' + name: Renovate + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Generate Token + uses: actions/create-github-app-token@f4c6bf6752984b3a29fcc135a5e70eb792c40c6b # v1 + id: generate-token + with: + app-id: ${{ secrets.SCS_APP_ID }} + private-key: ${{ secrets.SCS_APP_PRIVATE_KEY }} + + - name: Override default config from dispatch variables + run: | + echo "DRY_RUN=${{ github.event.inputs.dryRun || env.DRY_RUN }}" >> "$GITHUB_ENV" + echo "LOG_LEVEL=${{ github.event.inputs.logLevel || env.LOG_LEVEL }}" >> "$GITHUB_ENV" + + - name: Renovate + uses: renovatebot/github-action@f9c81dddc9b589e4e6ae0326d1e36f6bc415d230 # v39.2.4 + env: + RENOVATE_HOST_RULES: '[{"hostType": "docker", "matchHost": "ghcr.io", "username": "${{ github.actor }}", "password": "${{ secrets.GITHUB_TOKEN }}" }]' + RENOVATE_ALLOWED_POST_UPGRADE_COMMANDS: '[".*"]' + BUILDER_IMAGE: 'ghcr.io/sovereigncloudstack/cso' + RENOVATE_POST_UPGRADE_TASKS: '{ commands: ["BUILD_IMAGE_TOKEN=${{ secrets.GITHUB_TOKEN }} BUILD_IMAGE_USER=${{ github.actor }} CI=true ./hack/upgrade-builder-image.sh"], fileFilters: ["Makefile", ".github/**/*.yml", ".github/**/*.yaml"], executionMode: "branch"}' + with: + configurationFile: ${{ env.RENOVATE_CONFIG_FILE }} + token: "x-access-token:${{ steps.generate-token.outputs.token }}" + mount-docker-socket: "true" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index aab8e1b99..2ae28af0a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -64,4 +64,4 @@ jobs: GIT_REPOSITORY_NAME: cluster-stacks GO111MODULE: "on" GIT_ACCESS_TOKEN: ${{ secrets.GIT_ACCESS_TOKEN }} - run: make test-integration-workloadcluster \ No newline at end of file + run: make test-integration-workloadcluster diff --git a/.hadolint.yaml b/.hadolint.yaml index f7f27d05a..59dc7ca08 100644 --- a/.hadolint.yaml +++ b/.hadolint.yaml @@ -4,4 +4,4 @@ ignored: [] no-color: false no-fail: false strict-labels: false -disable-ignore-pragma: false \ No newline at end of file +disable-ignore-pragma: false diff --git a/.yamllint.yaml b/.yamllint.yaml index 164f56052..6f654c168 100644 --- a/.yamllint.yaml +++ b/.yamllint.yaml @@ -10,7 +10,7 @@ rules: spaces: 2 indent-sequences: consistent line-length: disable - new-line-at-end-of-file: disable + new-line-at-end-of-file: enable truthy: disable document-start: false comments: @@ -26,4 +26,4 @@ ignore: - _artifacts - config/crd/**/*.yaml - config/rbac/**/*.yaml - - config/webhook/**/*.yaml \ No newline at end of file + - config/webhook/**/*.yaml diff --git a/config/certmanager/certificate.yaml b/config/certmanager/certificate.yaml index e894ada3b..c5a164c8a 100644 --- a/config/certmanager/certificate.yaml +++ b/config/certmanager/certificate.yaml @@ -25,4 +25,4 @@ spec: secretName: cso-webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize subject: organizations: - - k8s-sig-cluster-lifecycle \ No newline at end of file + - k8s-sig-cluster-lifecycle diff --git a/config/manager/credentials.yaml b/config/manager/credentials.yaml index dec755958..c8211f0a3 100644 --- a/config/manager/credentials.yaml +++ b/config/manager/credentials.yaml @@ -8,4 +8,4 @@ data: git-provider: ${GIT_PROVIDER_B64:=""} git-org-name: ${GIT_ORG_NAME_B64:=""} git-repo-name: ${GIT_REPOSITORY_NAME_B64:=""} - git-access-token: ${GIT_ACCESS_TOKEN_B64:=""} \ No newline at end of file + git-access-token: ${GIT_ACCESS_TOKEN_B64:=""} diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index d23523982..d797a472c 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -1,3 +1,3 @@ resources: - manager.yaml -- credentials.yaml \ No newline at end of file +- credentials.yaml