diff --git a/.github/renovate.json5 b/.github/renovate.json5 new file mode 100644 index 000000000..bdc183c91 --- /dev/null +++ b/.github/renovate.json5 @@ -0,0 +1,48 @@ +{ + extends: [ + ":dependencyDashboard", + ":semanticPrefixFixDepsChoreOthers", + ":autodetectRangeStrategy", + ":disableRateLimiting", + ":semanticCommits", + "helpers:pinGitHubActionDigests", + "github>whitesource/merge-confidence:beta", + "github>SovereignCloudStack/cluster-stack-operator//.github/renovate/commitMessage.json5", + "github>SovereignCloudStack/cluster-stack-operator//.github/renovate/approval.json5", + "github>SovereignCloudStack/cluster-stack-operator//.github/renovate/golang.json5", + "github>SovereignCloudStack/cluster-stack-operator//.github/renovate/groups.json5", + "github>SovereignCloudStack/cluster-stack-operator//.github/renovate/labels.json5", + "github>SovereignCloudStack/cluster-stack-operator//.github/renovate/regexManagers.json5" + ], + platform: "github", + baseBranches: ["main"], + onboarding: false, + requireConfig: "ignored", + timezone: "Europe/Berlin", + // repo config + repositories: ["SovereignCloudStack/cluster-stack-operator"], + ignorePaths: [ + "**/vendor/**", + "**/test/**", + "**/tests/**" + ], + username: "cluster-stack-bot[bot]", + gitAuthor: "cluster-stack-bot[bot] <143188378+cluster-stack-bot[bot]@users.noreply.github.com>", + // PR config + dependencyDashboardTitle: "Dependency Dashboard 🤖", + dependencyDashboardHeader: "", + prFooter: "", + suppressNotifications: ["prIgnoreNotification"], + rebaseWhen: "conflicted", + commitBodyTable: true, + prHourlyLimit: 1, + printConfig: true, + pruneStaleBranches: true, + allowPostUpgradeCommandTemplating: true, + separateMajorMinor: true, + separateMultipleMajor: true, + separateMinorPatch: true, + enabledManagers: ["dockerfile", "gomod", "github-actions", "regex"], + recreateClosed: true, +} + diff --git a/.github/renovate/approval.json5 b/.github/renovate/approval.json5 new file mode 100644 index 000000000..e5b11150d --- /dev/null +++ b/.github/renovate/approval.json5 @@ -0,0 +1,12 @@ +{ + packageRules: [ + { + matchUpdateTypes: ["major", "minor"], + matchManagers: ["gomod"], + matchDepTypes: ["golang"], + description: "Ask for approval for golang updates", + dependencyDashboardApproval: true, + }, + ], +} + diff --git a/.github/renovate/commitMessage.json5 b/.github/renovate/commitMessage.json5 new file mode 100644 index 000000000..479071ad2 --- /dev/null +++ b/.github/renovate/commitMessage.json5 @@ -0,0 +1,19 @@ +{ + "commitMessagePrefix": ":seedling: ", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "to {{newVersion}}", + "commitMessageSuffix": "", + "group": { commitMessageTopic: "{{{groupName}}} group" }, + "packageRules": [ + { + "matchDatasources": ["helm"], + "commitMessageTopic": "chart {{depName}}" + }, + { + "matchDatasources": ["docker"], + "commitMessageTopic": "image {{depName}}", + "commitMessageExtra": "to {{#if isSingleVersion}}v{{{newVersion}}}{{else}}{{{newValue}}}{{/if}}" + } + ] +} + diff --git a/.github/renovate/golang.json5 b/.github/renovate/golang.json5 new file mode 100644 index 000000000..aeb8c30cc --- /dev/null +++ b/.github/renovate/golang.json5 @@ -0,0 +1,46 @@ +{ + golang: { + postUpdateOptions: ["gomodTidy", "gomodUpdateImportPaths"], + }, + // https://docs.renovatebot.com/configuration-options/#constraints + "constraints": { + "go": "1.21" + }, + packageRules: [ + { + description: "Disable Golang update for major and minor versions", + matchManagers: ["dockerfile"], + matchDepNames: ["docker.io/library/golang"], + matchUpdateTypes: ["major", "minor"], + enabled: false, + }, + { + description: "Disable slim-sprig", + matchManagers: ["gomod"], + matchDepNames: ["github.com/go-task/slim-sprig"], + matchPaths: ["hack/tools/**"], + enabled: false, + }, + { + description: "Disable update controller-tools", + matchManagers: ["gomod"], + matchDepNames: ["sigs.k8s.io/controller-runtime", "sigs.k8s.io/controller-tools", "github.com/google/go-github/v52"], + matchUpdateTypes: ["major", "minor"], + enabled: false, + }, + { + description: "Disable update k8s packages", + matchManagers: ["gomod"], + matchDepNames: ["k8s.io/api", "k8s.io/apimachinery", "k8s.io/apiserver", "k8s.io/client-go", "k8s.io/kubectl", "k8s.io/code-generator"], + matchUpdateTypes: ["patch"], + enabled: true, + }, + { + description: "Disable update cluster-api", + matchManagers: ["gomod"], + matchDepNames: ["sigs.k8s.io/cluster-api", "sigs.k8s.io/cluster-api/test", "sigs.k8s.io/cluster-api/hack/tools"], + enabled: false, + }, + ], +} + diff --git a/.github/renovate/groups.json5 b/.github/renovate/groups.json5 new file mode 100644 index 000000000..20fbd756a --- /dev/null +++ b/.github/renovate/groups.json5 @@ -0,0 +1,79 @@ +{ + packageRules: [ + { + description: "Update Builder Image", + groupName: "Builder Image", + groupSlug: "cso-builder-image", + commitMessageTopic: "Builder Image group", + matchPaths: ["images/builder/**"], + separateMajorMinor: false, + separateMultipleMajor: false, + separateMinorPatch: false, + schedule: ["on the first day of the month"], + }, + { + description: "Update Cso Image", + groupName: "Cso Image", + matchManagers: ["dockerfile", "regex"], + separateMajorMinor: false, + separateMultipleMajor: false, + separateMinorPatch: false, + matchPaths: ["images/cso/**"], + commitMessageTopic: "Cso Image group", + groupSlug: "cso-manager-image", + schedule: ["on monday"], + }, + { + description: "Update Makefile", + groupName: "Makefile", + matchManagers: ["regex"], + separateMajorMinor: false, + separateMultipleMajor: false, + separateMinorPatch: false, + matchFiles: ["Makefile"], + commitMessageTopic: "Makefile group", + groupSlug: "makefile", + }, + { + description: "Update Github Actions", + groupName: "github-actions", + matchManagers: ["github-actions"], + matchUpdateTypes: ["major", "minor", "patch", "digest", "pin", "pinDigest"], + pinDigests: true, + commitMessageTopic: "Github Actions group", + groupSlug: "github-actions", + schedule: ["on monday"], + }, + { + description: "Update Bot Schedule", + matchManagers: ["github-actions"], + matchUpdateTypes: ["major", "minor", "patch"], + matchPackageNames: ["renovatebot/github-action"], + schedule: ["on the first day of the month"], + }, + { + description: "Update Go Dev Dependencies", + groupName: "Update Go Dev Dependencies", + matchManagers: ["gomod"], + matchPaths: ["hack/tools/**"], + commitMessageTopic: "Go Dev Dependencies group", + groupSlug: "golang-devs-deps", + }, + { + description: "Update Golang Dependencies", + groupName: "Update Golang Dependencies", + matchManagers: ["gomod"], + ignorePaths: ["hack/tools/**"], + commitMessageTopic: "Golang Dependencies group", + groupSlug: "golang-deps", + }, + { + description: "disable update of cso builder image", + matchManagers: ["github-actions"], + matchUpdateTypes: ["major", "minor", "patch"], + matchPackageNames: ["ghcr.io/sovereigncloudstack/cso-builder"], + enabled: false, + }, + ] +} + diff --git a/.github/renovate/labels.json5 b/.github/renovate/labels.json5 new file mode 100644 index 000000000..1b8642c1b --- /dev/null +++ b/.github/renovate/labels.json5 @@ -0,0 +1,33 @@ +{ + "packageRules": [ + { + "matchUpdateTypes": ["major"], + "labels": ["type/major"] + }, + { + "matchUpdateTypes": ["minor"], + "labels": ["type/minor"] + }, + { + "matchUpdateTypes": ["patch"], + "labels": ["type/patch"] + }, + { + "matchDatasources": ["helm"], + "addLabels": ["update/helm"] + }, + { + "matchDatasources": ["docker"], + "addLabels": ["update/container"] + }, + { + "matchManagers": ["github-actions"], + "addLabels": ["update/github-action"] + }, + { + "matchDatasources": ["go"], + "addLabels": ["update/go"] + } + ] + } + diff --git a/.github/renovate/regexManagers.json5 b/.github/renovate/regexManagers.json5 new file mode 100644 index 000000000..ec85e6c0e --- /dev/null +++ b/.github/renovate/regexManagers.json5 @@ -0,0 +1,20 @@ +{ + "regexManagers": [ + { + "fileMatch": [".yaml$", ".yml$", "Makefile", "(^|/|\.)Dockerfile$", "(^|/)Dockerfile[^/]*$"], + "matchStrings": [ + ".*(@|=|==|:\\s)(?[v0-9.-]+)\\s#\\supdate: datasource=(?.*?) depName=(?.*?)( extractVersion=(?.+?))?( versioning=(?.*?))?\\s" + ], + "extractVersionTemplate":"{{#if extractVersion}}{{{extractVersion}}}{{/if}}", + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}" + }, + { + "fileMatch": ["(^|/|\.)Dockerfile$", "(^|/)Dockerfile[^/]*$"], + "matchStrings": [ + "#\\s*update:\\s*datasource=(?.*?) depName=(?.*?)( versioning=(?.*?))?\\sENV .*?_VERSION=\"(?.*)\"\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}" + }, + ] +} + diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a0cc4c6da..15d6eb0af 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -161,4 +161,4 @@ jobs: with: draft: true files: out/* - body_path: _releasenotes/${{ env.RELEASE_TAG }}.md + body_path: _releasenotes/${{ env.RELEASE_TAG }}.md \ No newline at end of file diff --git a/.github/workflows/schedule-update-bot.yaml b/.github/workflows/schedule-update-bot.yaml new file mode 100644 index 000000000..65c136df2 --- /dev/null +++ b/.github/workflows/schedule-update-bot.yaml @@ -0,0 +1,58 @@ +name: Schedule - Update Bot +on: # yamllint disable-line rule:truthy + workflow_dispatch: + inputs: + dryRun: + description: "Dry-Run" + default: "false" + required: false + logLevel: + description: "Log-Level" + default: "debug" + required: false + schedule: + - cron: "0 11 * * *" + push: + branches: + - main + paths: + - ".github/renovate.json5" + - ".github/renovate/**.json5" +env: + LOG_LEVEL: info + DRY_RUN: false + RENOVATE_CONFIG_FILE: .github/renovate.json5 +# yamllint disable rule:line-length +jobs: + update-bot: + if: github.repository == 'SovereignCloudStack/cluster-stack-operator' + name: Renovate + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Generate Token + uses: actions/create-github-app-token@f4c6bf6752984b3a29fcc135a5e70eb792c40c6b # v1 + id: generate-token + with: + app-id: ${{ secrets.SCS_APP_ID }} + private-key: ${{ secrets.SCS_APP_PRIVATE_KEY }} + + - name: Override default config from dispatch variables + run: | + echo "DRY_RUN=${{ github.event.inputs.dryRun || env.DRY_RUN }}" >> "$GITHUB_ENV" + echo "LOG_LEVEL=${{ github.event.inputs.logLevel || env.LOG_LEVEL }}" >> "$GITHUB_ENV" + + - name: Renovate + uses: renovatebot/github-action@f9c81dddc9b589e4e6ae0326d1e36f6bc415d230 # v39.2.4 + env: + RENOVATE_HOST_RULES: '[{"hostType": "docker", "matchHost": "ghcr.io", "username": "${{ github.actor }}", "password": "${{ secrets.GITHUB_TOKEN }}" }]' + RENOVATE_ALLOWED_POST_UPGRADE_COMMANDS: '[".*"]' + BUILDER_IMAGE: 'ghcr.io/sovereigncloudstack/cso' + RENOVATE_POST_UPGRADE_TASKS: '{ commands: ["BUILD_IMAGE_TOKEN=${{ secrets.GITHUB_TOKEN }} BUILD_IMAGE_USER=${{ github.actor }} CI=true ./hack/upgrade-builder-image.sh"], fileFilters: ["Makefile", ".github/**/*.yml", ".github/**/*.yaml"], executionMode: "branch"}' + with: + configurationFile: ${{ env.RENOVATE_CONFIG_FILE }} + token: "x-access-token:${{ steps.generate-token.outputs.token }}" + mount-docker-socket: "true" +