diff --git a/.github/labels.yaml b/.github/labels.yaml index 5d626f57..bdb18f02 100644 --- a/.github/labels.yaml +++ b/.github/labels.yaml @@ -1,15 +1,25 @@ -- name: version/major - color: "d93f0b" - description: Major update +# Semantic Types +- name: type/digest + color: "ffeC19" +- name: type/patch + color: "ffeC19" +- name: type/minor + color: "ff9800" +- name: type/major + color: "f6412d" -- name: version/minor - color: "fbca04" - description: Minor update - -- name: version/patch - color: "0e8a16" - description: Patch update - -- name: infrastructure/manifests - color: "1d76db" - description: Generated manifests + # Renovate Types +- name: renovate/helm + color: "027fa0" +- name: renovate/container + color: "027fa0" +- name: renovate/ansible + color: "027fa0" +- name: renovate/terraform + color: "027fa0" +- name: renovate/github-release + color: "027fa0" +- name: renovate/github-action + color: "027fa0" +- name: renovate/grafana-dashboard + color: "027fa0" diff --git a/.github/renovate.json5 b/.github/renovate.json5 new file mode 100644 index 00000000..1f40bf66 --- /dev/null +++ b/.github/renovate.json5 @@ -0,0 +1,52 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + extends: [ + "config:recommended", + ":disableRateLimiting", + ":timezone(Europe/Berlin)", + ":separatePatchReleases", + "docker:enableMajor", + ":enablePreCommit", + "github>cubic3d/ops//.github/renovate/allowedVersions.json5", + "github>cubic3d/ops//.github/renovate/autoMerge.json5", + "github>cubic3d/ops//.github/renovate/clusters.json5", + "github>cubic3d/ops//.github/renovate/commit-message.json5", + "github>cubic3d/ops//.github/renovate/custom-managers.json5", + "github>cubic3d/ops//.github/renovate/grafanaDashboards.json5", + "github>cubic3d/ops//.github/renovate/groups.json5", + "github>cubic3d/ops//.github/renovate/pr-labels.json5", + "github>cubic3d/ops//.github/renovate/semantic-commits.json5", + "github>cubic3d/ops//.github/renovate/versioning.json5", + ], + + dependencyDashboardTitle: "🤖 Renovate Dashboard 🤖", + suppressNotifications: ["prIgnoreNotification", "prEditedNotification"], + + ignorePaths: [ + "**/gotk-components.yaml", + "**/_archive/**", + "**/*.sops.*", + ], + + // TODO: Cleanup old paths after cluster migration + "helm-values": { + fileMatch: [ + "(^|/)kubernetes/.+\\.ya?ml$", + "k8s/.+\\.yaml$", + ], + }, + + kubernetes: { + fileMatch: [ + "(^|/)kubernetes/.+\\.ya?ml$" + "k8s/.+\\.yaml$", + ], + }, + + flux: { + fileMatch: [ + "(^|/)kubernetes/.+\\.ya?ml$", + "k8s/.+\\.yaml$", + ], + }, +} diff --git a/.github/renovate/allowedVersions.json5 b/.github/renovate/allowedVersions.json5 new file mode 100644 index 00000000..e45f4a03 --- /dev/null +++ b/.github/renovate/allowedVersions.json5 @@ -0,0 +1,10 @@ +{ + $schema: "https://docs.renovatebot.com/renovate-schema.json", + packageRules: [ + { + matchDatasources: ["docker"], + matchPackageNames: ["docker.io/kopia/kopia"], + allowedVersions: "<999", + }, + ], +} diff --git a/.github/renovate/autoMerge.json5 b/.github/renovate/autoMerge.json5 new file mode 100644 index 00000000..a1d4d0be --- /dev/null +++ b/.github/renovate/autoMerge.json5 @@ -0,0 +1,24 @@ +{ + $schema: "https://docs.renovatebot.com/renovate-schema.json", + packageRules: [ + { + description: "Auto merge trusted container digests", + matchDatasources: ["docker"], + automerge: true, + automergeType: "branch", + matchUpdateTypes: ["digest"], + matchPackagePrefixes: ["ghcr.io/onedr0p", "ghcr.io/bjw-s", "ghcr.io/bjw-s-labs"], + ignoreTests: true, + }, + + { + description: "Auto merge GitHub Actions for minor and patch", + matchManagers: ["github-actions"], + matchDatasources: ["github-tags"], + automerge: true, + automergeType: "branch", + matchUpdateTypes: ["minor", "patch"], + ignoreTests: true, + }, + ], +} diff --git a/.github/renovate/clusters.json5 b/.github/renovate/clusters.json5 new file mode 100644 index 00000000..64c3fead --- /dev/null +++ b/.github/renovate/clusters.json5 @@ -0,0 +1,10 @@ +{ + $schema: "https://docs.renovatebot.com/renovate-schema.json", + packageRules: [ + { + description: "Separate PRs for main cluster", + matchFileNames: ["**/kubernetes/main/**"], + additionalBranchPrefix: "main-", + }, + ], +} diff --git a/.github/renovate/commit-message.json5 b/.github/renovate/commit-message.json5 new file mode 100644 index 00000000..a3a06699 --- /dev/null +++ b/.github/renovate/commit-message.json5 @@ -0,0 +1,16 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + commitMessageTopic: "{{depName}}", + commitMessageExtra: "to {{newVersion}}", + commitMessageSuffix: "", + packageRules": [ + { + matchDatasources: ["helm"], + commitMessageTopic: "chart {{depName}}" + }, + { + matchDatasources: ["docker"], + commitMessageTopic: "image {{depName}}" + }, + ] +} diff --git a/.github/renovate/custom-managers.json5 b/.github/renovate/custom-managers.json5 new file mode 100644 index 00000000..28aeb870 --- /dev/null +++ b/.github/renovate/custom-managers.json5 @@ -0,0 +1,45 @@ +{ + $schema: "https://docs.renovatebot.com/renovate-schema.json", + customManagers: [ + { + customType: "regex", + description: "Process various dependencies in YAML files", + fileMatch: ["\\.ya?ml(\\.j2)?$"], + matchStrings: [ + // Inline + '\\S+: "?(?[^"\\s]+)"? # ?renovate: depName=(?\\S+)( datasource=(?\\S+))?( versioning=(?\\S+))?( extractVersion=(?\\S+))?( packageName=(?\\S+))?', + // Newline + '(?m:^[ \\t]*?# ?renovate: depName=(?\\S+)( datasource=(?\\S+))?( versioning=(?\\S+))?( extractVersion=(?\\S+))?( packageName=(?\\S+))?\\n[ \\t ]*?\\S+: "?(?[^" ]+?)"?$)', + ], + datasourceTemplate: "{{#if datasource}}{{{datasource}}}{{else}}github-releases{{/if}}", + versioningTemplate: "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + extractVersionTemplate: "{{#if extractVersion}}{{{extractVersion}}}{{else}}^(?.*)${{/if}}", + packageNameTemplate: "{{#if packageName}}{{{packageName}}}{{else}}{{{depName}}}{{/if}}", + }, + + { + customType: "regex", + description: "Process GitHub download dependencies in YAML files", + fileMatch: ["\\.ya?ml(\\.j2)?$"], + matchStrings: [ + // https://github.com/rancher/system-upgrade-controller/releases/download/v0.13.2/crd.yaml + "https:\\/\\/github.com\\/(?\\S+?\\/\\S+?)\\/releases\\/download\\/(?(v|\\d)\\S+?)\\/\\S+", + // https://raw.githubusercontent.com/external-secrets/external-secrets/v0.9.11/docs/snippets/dashboard.json + "https:\\/\\/raw.githubusercontent.com\\/(?\\S+?\\/\\S+?)\\/(?(v|\\d)\\S+?)\\/\\S+", + ], + datasourceTemplate: "{{#if datasource}}{{{datasource}}}{{else}}github-releases{{/if}}", + versioningTemplate: "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + extractVersionTemplate: "{{#if extractVersion}}{{{extractVersion}}}{{else}}^(?.*)${{/if}}", + }, + + { + customType: "regex", + description: "VyOS container images", + fileMatch: ["infrastructure/.+\\.j2$"], + matchStrings: [ + "set container name .+ image '?(?.+?):(?[^\"'\n ]+)", + ], + datasourceTemplate: "docker", + } + ], +} diff --git a/.github/renovate/grafanaDashboards.json5 b/.github/renovate/grafanaDashboards.json5 new file mode 100644 index 00000000..89dbc475 --- /dev/null +++ b/.github/renovate/grafanaDashboards.json5 @@ -0,0 +1,36 @@ +{ + $schema: "https://docs.renovatebot.com/renovate-schema.json", + customDatasources: { + "grafana-dashboards": { + defaultRegistryUrlTemplate: "https://grafana.com/api/dashboards/{{packageName}}", + format: "json", + transformTemplates: ['{"releases":[{"version": $string(revision)}]}'], + }, + }, + customManagers: [ + { + customType: "regex", + description: "Process Grafana dashboards", + fileMatch: ["(^|/)kubernetes/.+\\.ya?ml(\\.j2)?$"], + matchStrings: [ + '# renovate: dashboardName="(?.*)"\\n(?\\s+)gnetId: (?\\d+)\\n.+revision: (?\\d+)', + ], + autoReplaceStringTemplate: '# renovate: dashboardName="{{{depName}}}"\n{{{indentation}}}gnetId: {{{packageName}}}\n{{{indentation}}}revision: {{{newValue}}}', + datasourceTemplate: "custom.grafana-dashboards", + versioningTemplate: "regex:^(?\\d+)$", + }, + ], + packageRules: [ + { + addLabels: ["renovate/grafana-dashboard"], + automerge: true, + automergeType: "branch", + matchDatasources: ["custom.grafana-dashboards"], + matchUpdateTypes: ["major"], + semanticCommitScope: "grafana-dashboards", + semanticCommitType: "chore", + commitMessageTopic: "dashboard {{depName}}", + commitMessageExtra: "( {{currentVersion}} → {{newVersion}} )", + }, + ], +} diff --git a/.github/renovate/groups.json5 b/.github/renovate/groups.json5 new file mode 100644 index 00000000..036b7d5d --- /dev/null +++ b/.github/renovate/groups.json5 @@ -0,0 +1,54 @@ +{ + $schema: "https://docs.renovatebot.com/renovate-schema.json", + packageRules: [ + { + description: "Flux Group", + groupName: "Flux", + matchPackagePatterns: ["^flux", "^ghcr.io/fluxcd/"], + matchDatasources: ["docker", "github-tags"], + versioning: "semver", + group: { + commitMessageTopic: "{{{groupName}}} group", + }, + separateMinorPatch: true, + }, + { + description: "Cilium image and chart", + groupName: "cilium", + matchPackageNames: [ + "quay.io/cilium/cilium", + "quay.io/cilium/operator-generic", + "cilium", + ], + matchDatasources: ["helm", "docker"], + group: { + commitMessageTopic: "{{{groupName}}} group", + }, + separateMinorPatch: true, + }, + { + description: "Talos", + groupName: "Talos", + matchPackageNames: [ + "ghcr.io/siderolabs/installer", + "ghcr.io/siderolabs/talosctl", + ], + matchDatasources: ["docker"], + group: { + commitMessageTopic: "{{{groupName}}} group", + }, + separateMinorPatch: true, + }, + { + description: "Vector image and chart - versions do not match", + groupName: "Vector", + matchPackagePatterns: ["vector"], + matchDatasources: ["docker", "github-releases", "helm"], + matchUpdateTypes: ["minor", "patch"], + group: { + commitMessageTopic: "{{{groupName}}} group", + }, + separateMinorPatch: false, + }, + ], +} diff --git a/.github/renovate/pr-labels.json5 b/.github/renovate/pr-labels.json5 new file mode 100644 index 00000000..3967a35e --- /dev/null +++ b/.github/renovate/pr-labels.json5 @@ -0,0 +1,45 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + packageRules: [ + { + matchUpdateTypes: ["major"], + labels: ["type/major"] + }, + { + matchUpdateTypes: ["minor"], + labels: ["type/minor"] + }, + { + matchUpdateTypes: ["patch"], + labels: ["type/patch"] + }, + { + matchUpdateTypes: ["digest"], + labels: ["type/digest"] + }, + { + matchDatasources: ["helm"], + addLabels: ["renovate/helm"] + }, + { + matchDatasources: ["docker"], + addLabels: ["renovate/container"] + }, + { + matchDatasources: ["galaxy", "galaxy-collection"], + addLabels: ["renovate/ansible"] + }, + { + matchDatasources: ["terraform-provider"], + addLabels: ["renovate/terraform"] + }, + { + matchDatasources: ["github-releases", "github-tags"], + addLabels: ["renovate/github-release"] + }, + { + matchManagers: ["github-actions"], + addLabels: ["renovate/github-action"] + }, + ] +} diff --git a/.github/renovate/semantic-commits.json5 b/.github/renovate/semantic-commits.json5 new file mode 100644 index 00000000..25fed730 --- /dev/null +++ b/.github/renovate/semantic-commits.json5 @@ -0,0 +1,66 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + packageRules: [ + { + matchUpdateTypes: [ + "major" + ], + semanticCommitType: "feat", + commitMessagePrefix: "{{semanticCommitType}}({{semanticCommitScope}})!:", + commitMessageExtra: "( {{currentVersion}} → {{newVersion}} )" + }, + { + matchUpdateTypes: [ + "minor" + ], + semanticCommitType: "feat", + commitMessageExtra: "( {{currentVersion}} → {{newVersion}} )" + }, + { + matchUpdateTypes: [ + "patch" + ], + semanticCommitType: "fix", + commitMessageExtra: "( {{currentVersion}} → {{newVersion}} )" + }, + { + matchUpdateTypes: [ + "digest" + ], + semanticCommitType: "chore", + commitMessageExtra: "( {{currentDigestShort}} → {{newDigestShort}} )" + }, + { + matchDatasources: [ + "docker" + ], + semanticCommitScope: "container" + }, + { + matchDatasources: [ + "helm" + ], + semanticCommitScope: "helm" + }, + { + matchDatasources: [ + "terraform-provider" + ], + semanticCommitScope: "terraform" + }, + { + matchDatasources: [ + "galaxy", + "galaxy-collection" + ], + semanticCommitScope: "ansible" + }, + { + matchManagers: [ + "github-actions" + ], + semanticCommitType: "ci", + semanticCommitScope: "github-action" + }, + ] +} diff --git a/.github/renovate/versioning.json5 b/.github/renovate/versioning.json5 new file mode 100644 index 00000000..a9a3bdf1 --- /dev/null +++ b/.github/renovate/versioning.json5 @@ -0,0 +1,13 @@ +{ + $schema: "https://docs.renovatebot.com/renovate-schema.json", + packageRules: [ + { + description: "Loose versioning for non-semver packages", + matchDatasources: ["docker"], + matchPackageNames: [ + "ghcr.io/onedr0p/plex", + ], + versioning: "loose", + }, + ], +} diff --git a/infrastructure/talos/island/talconfig.yaml b/infrastructure/talos/island/talconfig.yaml index eab9b272..8dd546cf 100644 --- a/infrastructure/talos/island/talconfig.yaml +++ b/infrastructure/talos/island/talconfig.yaml @@ -1,8 +1,8 @@ clusterName: island -# renovate: image depName=ghcr.io/siderolabs/installer +# renovate: depName=ghcr.io/siderolabs/installer datasource=docker talosVersion: v1.8.1 -# renovate: image depName=ghcr.io/siderolabs/kubelet +# renovate: depName=ghcr.io/siderolabs/kubelet datasource=docker kubernetesVersion: v1.31.1 endpoint: https://${domain}:6443 diff --git a/kubernetes/main/bootstrap/talos/talconfig.yaml b/kubernetes/main/bootstrap/talos/talconfig.yaml index 8294b313..cc49ba34 100644 --- a/kubernetes/main/bootstrap/talos/talconfig.yaml +++ b/kubernetes/main/bootstrap/talos/talconfig.yaml @@ -2,9 +2,9 @@ clusterName: main endpoint: https://192.168.40.90:6443 -# renovate: image depName=ghcr.io/siderolabs/installer +# renovate: depName=ghcr.io/siderolabs/installer datasource=docker talosVersion: v1.8.1 -# renovate: image depName=ghcr.io/siderolabs/kubelet +# renovate: depName=ghcr.io/siderolabs/kubelet datasource=docker kubernetesVersion: v1.31.1 additionalMachineCertSans: &sans diff --git a/renovate.json5 b/renovate.json5 deleted file mode 100644 index 645a8589..00000000 --- a/renovate.json5 +++ /dev/null @@ -1,79 +0,0 @@ -{ - extends: [ - "config:base", - ":disableRateLimiting", - ":timezone(Europe/Berlin)", - ":separatePatchReleases", - ":semanticCommits", - "docker:enableMajor", - ":enablePreCommit", - ], - dependencyDashboardTitle: "🤖 Renovate Dashboard 🤖", - suppressNotifications: ["prIgnoreNotification"], - "helm-values": { - fileMatch: ["k8s/.+\\.yaml$"], - ignorePaths: [ - "**/gotk-components.yaml", - "**/_archive/**", - ], - }, - kubernetes: { - fileMatch: ["k8s/.+\\.yaml$"], - ignorePaths: [ - "**/gotk-components.yaml", - "**/_archive/**", - ], - }, - flux: { - fileMatch: ["k8s/.+\\.yaml$"], - ignorePaths: ["**/_archive/**"], - }, - regexManagers: [ - { - fileMatch: [ - ".+\\.ya?ml$", - ], - matchStrings: [ - "# renovate: image( versioning=(?.+=?))?\n.*[:|=] \"?(?.+?):(?[^\"\n]+=?)\"?", - "# renovate: image depName=(?.+=?)( versioning=(?.+=?))?\n.*[:|=] \"?(?[^\"\n]+=?)\"?", - ], - datasourceTemplate: "docker", - versioningTemplate: "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", - }, - { - fileMatch: [ - "infrastructure/.+\\.j2$", - ], - matchStrings: [ - "set container name .+ image '?(?.+?):(?[^\"'\n ]+)", - ], - datasourceTemplate: "docker", - }, - ], - packageRules: [ - { - updateTypes: ["major"], - labels: ["version/major"], - }, - { - updateTypes: ["minor"], - labels: ["version/minor"], - }, - { - updateTypes: ["patch"], - labels: ["version/patch"], - }, - { - matchDatasources: ["docker", "github-releases"], - versioning: "loose", - matchPackageNames: [ - "ghcr.io/onedr0p/plex", - ], - }, - { - matchDatasources: ["helm"], - matchPackageNames: ["authentik"], - separateMajorMinor: false, - }, - ], -}