renovate: rework

cubic3d · Oct 28, 2024 · a17d8f4 · a17d8f4
1 parent 26715bb
commit a17d8f4
Show file tree

Hide file tree

Showing 15 changed files with 399 additions and 97 deletions.
diff --git a/.github/labels.yaml b/.github/labels.yaml
@@ -1,15 +1,25 @@
-- name: version/major
-  color: "d93f0b"
-  description: Major update
+# Semantic Types
+- name: type/digest
+  color: "ffeC19"
+- name: type/patch
+  color: "ffeC19"
+- name: type/minor
+  color: "ff9800"
+- name: type/major
+  color: "f6412d"
 
-- name: version/minor
-  color: "fbca04"
-  description: Minor update
-
-- name: version/patch
-  color: "0e8a16"
-  description: Patch update
-
-- name: infrastructure/manifests
-  color: "1d76db"
-  description: Generated manifests
+  # Renovate Types
+- name: renovate/helm
+  color: "027fa0"
+- name: renovate/container
+  color: "027fa0"
+- name: renovate/ansible
+  color: "027fa0"
+- name: renovate/terraform
+  color: "027fa0"
+- name: renovate/github-release
+  color: "027fa0"
+- name: renovate/github-action
+  color: "027fa0"
+- name: renovate/grafana-dashboard
+  color: "027fa0"
diff --git a/.github/renovate.json5 b/.github/renovate.json5
@@ -0,0 +1,52 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  extends: [
+    "config:recommended",
+    ":disableRateLimiting",
+    ":timezone(Europe/Berlin)",
+    ":separatePatchReleases",
+    "docker:enableMajor",
+    ":enablePreCommit",
+    "github>cubic3d/ops//.github/renovate/allowedVersions.json5",
+    "github>cubic3d/ops//.github/renovate/autoMerge.json5",
+    "github>cubic3d/ops//.github/renovate/clusters.json5",
+    "github>cubic3d/ops//.github/renovate/commit-message.json5",
+    "github>cubic3d/ops//.github/renovate/custom-managers.json5",
+    "github>cubic3d/ops//.github/renovate/grafanaDashboards.json5",
+    "github>cubic3d/ops//.github/renovate/groups.json5",
+    "github>cubic3d/ops//.github/renovate/pr-labels.json5",
+    "github>cubic3d/ops//.github/renovate/semantic-commits.json5",
+    "github>cubic3d/ops//.github/renovate/versioning.json5",
+  ],
+
+  dependencyDashboardTitle: "🤖 Renovate Dashboard 🤖",
+  suppressNotifications: ["prIgnoreNotification", "prEditedNotification"],
+
+  ignorePaths: [
+    "**/gotk-components.yaml",
+    "**/_archive/**",
+    "**/*.sops.*",
+  ],
+
+  // TODO: Cleanup old paths after cluster migration
+  "helm-values": {
+    fileMatch: [
+      "(^|/)kubernetes/.+\\.ya?ml$",
+      "k8s/.+\\.yaml$",
+    ],
+  },
+
+  kubernetes: {
+    fileMatch: [
+      "(^|/)kubernetes/.+\\.ya?ml$"
+      "k8s/.+\\.yaml$",
+    ],
+  },
+
+  flux: {
+    fileMatch: [
+      "(^|/)kubernetes/.+\\.ya?ml$",
+      "k8s/.+\\.yaml$",
+    ],
+  },
+}
diff --git a/.github/renovate/allowedVersions.json5 b/.github/renovate/allowedVersions.json5
@@ -0,0 +1,10 @@
+{
+  $schema: "https://docs.renovatebot.com/renovate-schema.json",
+  packageRules: [
+    {
+      matchDatasources: ["docker"],
+      matchPackageNames: ["docker.io/kopia/kopia"],
+      allowedVersions: "<999",
+    },
+  ],
+}
diff --git a/.github/renovate/autoMerge.json5 b/.github/renovate/autoMerge.json5
@@ -0,0 +1,24 @@
+{
+  $schema: "https://docs.renovatebot.com/renovate-schema.json",
+  packageRules: [
+    {
+      description: "Auto merge trusted container digests",
+      matchDatasources: ["docker"],
+      automerge: true,
+      automergeType: "branch",
+      matchUpdateTypes: ["digest"],
+      matchPackagePrefixes: ["ghcr.io/onedr0p", "ghcr.io/bjw-s", "ghcr.io/bjw-s-labs"],
+      ignoreTests: true,
+    },
+
+    {
+      description: "Auto merge GitHub Actions for minor and patch",
+      matchManagers: ["github-actions"],
+      matchDatasources: ["github-tags"],
+      automerge: true,
+      automergeType: "branch",
+      matchUpdateTypes: ["minor", "patch"],
+      ignoreTests: true,
+    },
+  ],
+}
diff --git a/.github/renovate/clusters.json5 b/.github/renovate/clusters.json5
@@ -0,0 +1,10 @@
+{
+  $schema: "https://docs.renovatebot.com/renovate-schema.json",
+  packageRules: [
+    {
+      description: "Separate PRs for main cluster",
+      matchFileNames: ["**/kubernetes/main/**"],
+      additionalBranchPrefix: "main-",
+    },
+  ],
+}
diff --git a/.github/renovate/commit-message.json5 b/.github/renovate/commit-message.json5
@@ -0,0 +1,16 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  commitMessageTopic: "{{depName}}",
+  commitMessageExtra: "to {{newVersion}}",
+  commitMessageSuffix: "",
+  packageRules": [
+    {
+      matchDatasources: ["helm"],
+      commitMessageTopic: "chart {{depName}}"
+    },
+    {
+      matchDatasources: ["docker"],
+      commitMessageTopic: "image {{depName}}"
+    },
+  ]
+}
diff --git a/.github/renovate/custom-managers.json5 b/.github/renovate/custom-managers.json5
@@ -0,0 +1,45 @@
+{
+  $schema: "https://docs.renovatebot.com/renovate-schema.json",
+  customManagers: [
+    {
+      customType: "regex",
+      description: "Process various dependencies in YAML files",
+      fileMatch: ["\\.ya?ml(\\.j2)?$"],
+      matchStrings: [
+        // Inline
+        '\\S+: "?(?<currentValue>[^"\\s]+)"? # ?renovate: depName=(?<depName>\\S+)( datasource=(?<datasource>\\S+))?( versioning=(?<versioning>\\S+))?( extractVersion=(?<extractVersion>\\S+))?( packageName=(?<packageName>\\S+))?',
+        // Newline
+        '(?m:^[ \\t]*?# ?renovate: depName=(?<depName>\\S+)( datasource=(?<datasource>\\S+))?( versioning=(?<versioning>\\S+))?( extractVersion=(?<extractVersion>\\S+))?( packageName=(?<packageName>\\S+))?\\n[ \\t ]*?\\S+: "?(?<currentValue>[^" ]+?)"?$)',
+      ],
+      datasourceTemplate: "{{#if datasource}}{{{datasource}}}{{else}}github-releases{{/if}}",
+      versioningTemplate: "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}",
+      extractVersionTemplate: "{{#if extractVersion}}{{{extractVersion}}}{{else}}^(?<version>.*)${{/if}}",
+      packageNameTemplate: "{{#if packageName}}{{{packageName}}}{{else}}{{{depName}}}{{/if}}",
+    },
+
+    {
+      customType: "regex",
+      description: "Process GitHub download dependencies in YAML files",
+      fileMatch: ["\\.ya?ml(\\.j2)?$"],
+      matchStrings: [
+        // https://github.com/rancher/system-upgrade-controller/releases/download/v0.13.2/crd.yaml
+        "https:\\/\\/github.com\\/(?<depName>\\S+?\\/\\S+?)\\/releases\\/download\\/(?<currentValue>(v|\\d)\\S+?)\\/\\S+",
+        // https://raw.githubusercontent.com/external-secrets/external-secrets/v0.9.11/docs/snippets/dashboard.json
+        "https:\\/\\/raw.githubusercontent.com\\/(?<depName>\\S+?\\/\\S+?)\\/(?<currentValue>(v|\\d)\\S+?)\\/\\S+",
+      ],
+      datasourceTemplate: "{{#if datasource}}{{{datasource}}}{{else}}github-releases{{/if}}",
+      versioningTemplate: "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}",
+      extractVersionTemplate: "{{#if extractVersion}}{{{extractVersion}}}{{else}}^(?<version>.*)${{/if}}",
+    },
+
+    {
+      customType: "regex",
+      description: "VyOS container images",
+      fileMatch: ["infrastructure/.+\\.j2$"],
+      matchStrings: [
+        "set container name .+ image '?(?<depName>.+?):(?<currentValue>[^\"'\n ]+)",
+      ],
+      datasourceTemplate: "docker",
+    }
+  ],
+}
diff --git a/.github/renovate/grafanaDashboards.json5 b/.github/renovate/grafanaDashboards.json5
@@ -0,0 +1,36 @@
+{
+  $schema: "https://docs.renovatebot.com/renovate-schema.json",
+  customDatasources: {
+    "grafana-dashboards": {
+      defaultRegistryUrlTemplate: "https://grafana.com/api/dashboards/{{packageName}}",
+      format: "json",
+      transformTemplates: ['{"releases":[{"version": $string(revision)}]}'],
+    },
+  },
+  customManagers: [
+    {
+      customType: "regex",
+      description: "Process Grafana dashboards",
+      fileMatch: ["(^|/)kubernetes/.+\\.ya?ml(\\.j2)?$"],
+      matchStrings: [
+        '# renovate: dashboardName="(?<depName>.*)"\\n(?<indentation>\\s+)gnetId: (?<packageName>\\d+)\\n.+revision: (?<currentValue>\\d+)',
+      ],
+      autoReplaceStringTemplate: '# renovate: dashboardName="{{{depName}}}"\n{{{indentation}}}gnetId: {{{packageName}}}\n{{{indentation}}}revision: {{{newValue}}}',
+      datasourceTemplate: "custom.grafana-dashboards",
+      versioningTemplate: "regex:^(?<major>\\d+)$",
+    },
+  ],
+  packageRules: [
+    {
+      addLabels: ["renovate/grafana-dashboard"],
+      automerge: true,
+      automergeType: "branch",
+      matchDatasources: ["custom.grafana-dashboards"],
+      matchUpdateTypes: ["major"],
+      semanticCommitScope: "grafana-dashboards",
+      semanticCommitType: "chore",
+      commitMessageTopic: "dashboard {{depName}}",
+      commitMessageExtra: "( {{currentVersion}} → {{newVersion}} )",
+    },
+  ],
+}
diff --git a/.github/renovate/groups.json5 b/.github/renovate/groups.json5
@@ -0,0 +1,54 @@
+{
+  $schema: "https://docs.renovatebot.com/renovate-schema.json",
+  packageRules: [
+    {
+      description: "Flux Group",
+      groupName: "Flux",
+      matchPackagePatterns: ["^flux", "^ghcr.io/fluxcd/"],
+      matchDatasources: ["docker", "github-tags"],
+      versioning: "semver",
+      group: {
+        commitMessageTopic: "{{{groupName}}} group",
+      },
+      separateMinorPatch: true,
+    },
+    {
+      description: "Cilium image and chart",
+      groupName: "cilium",
+      matchPackageNames: [
+        "quay.io/cilium/cilium",
+        "quay.io/cilium/operator-generic",
+        "cilium",
+      ],
+      matchDatasources: ["helm", "docker"],
+      group: {
+        commitMessageTopic: "{{{groupName}}} group",
+      },
+      separateMinorPatch: true,
+    },
+    {
+      description: "Talos",
+      groupName: "Talos",
+      matchPackageNames: [
+        "ghcr.io/siderolabs/installer",
+        "ghcr.io/siderolabs/talosctl",
+      ],
+      matchDatasources: ["docker"],
+      group: {
+        commitMessageTopic: "{{{groupName}}} group",
+      },
+      separateMinorPatch: true,
+    },
+    {
+      description: "Vector image and chart - versions do not match",
+      groupName: "Vector",
+      matchPackagePatterns: ["vector"],
+      matchDatasources: ["docker", "github-releases", "helm"],
+      matchUpdateTypes: ["minor", "patch"],
+      group: {
+        commitMessageTopic: "{{{groupName}}} group",
+      },
+      separateMinorPatch: false,
+    },
+  ],
+}
diff --git a/.github/renovate/pr-labels.json5 b/.github/renovate/pr-labels.json5
@@ -0,0 +1,45 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  packageRules: [
+    {
+      matchUpdateTypes: ["major"],
+      labels: ["type/major"]
+    },
+    {
+      matchUpdateTypes: ["minor"],
+      labels: ["type/minor"]
+    },
+    {
+      matchUpdateTypes: ["patch"],
+      labels: ["type/patch"]
+    },
+    {
+      matchUpdateTypes: ["digest"],
+      labels: ["type/digest"]
+    },
+    {
+      matchDatasources: ["helm"],
+      addLabels: ["renovate/helm"]
+    },
+    {
+      matchDatasources: ["docker"],
+      addLabels: ["renovate/container"]
+    },
+    {
+      matchDatasources: ["galaxy", "galaxy-collection"],
+      addLabels: ["renovate/ansible"]
+    },
+    {
+      matchDatasources: ["terraform-provider"],
+      addLabels: ["renovate/terraform"]
+    },
+    {
+      matchDatasources: ["github-releases", "github-tags"],
+      addLabels: ["renovate/github-release"]
+    },
+    {
+      matchManagers: ["github-actions"],
+      addLabels: ["renovate/github-action"]
+    },
+  ]
+}