From 79a3d918e1e7b94ed1425328d3419e9d56f6e3d7 Mon Sep 17 00:00:00 2001
From: Alex Ashley <alexashley@users.noreply.github.com>
Date: Thu, 7 Mar 2024 17:19:39 -0500
Subject: [PATCH] ci: enable Renovate to manage GitHub Actions tool versions
 (#112)

---
 .github/actions/config/action.yaml |  8 ++++++++
 renovate.json                      | 18 +++++++++++++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/.github/actions/config/action.yaml b/.github/actions/config/action.yaml
index dadbf8f..60196bb 100644
--- a/.github/actions/config/action.yaml
+++ b/.github/actions/config/action.yaml
@@ -9,33 +9,41 @@ inputs:
 outputs:
   attestorVersion:
     description: "liatrio/gh-trusted-builds-attestations version"
+    # renovate: datasource=github-releases depName=liatrio/gh-trusted-builds-attestations
     value: "1.1.5"
   cosignVersion:
     description: "Sigstore cosign version"
+    # renovate: datasource=github-releases depName=sigstore/cosign
     value: "v2.2.3"
   craneVersion:
     description: "google/go-containerregistry crane version"
+    # renovate: datasource=github-releases depName=google/go-containerregistry
     value: "v0.15.2"
   fulcioUrl:
     description: "Sigstore Fulcio URL. Defaults to the production public good instance"
     value: "${{ steps.config.outputs.fulcioUrl }}"
   helmVersion:
     description: "Helm version"
+    # renovate: datasource=github-releases depName=helm/helm
     value: "v3.10.3"
   k3dVersion:
     description: "k3d version"
+    # renovate: datasource=github-releases depName=k3d-io/k3d
     value: "v5.4.9"
   policyControllerVersion:
     description: "Policy controller Helm chart version"
+    # renovate: datasource=helm depName=policy-controller
     value: "0.5.8"
   rekorUrl:
     description: "Sigstore Rekor URL. Defaults to the production public good instance"
     value: "${{ steps.config.outputs.rekorUrl }}"
   slsaGeneratorVersion:
     description: "SLSA container provenance generator version"
+    # renovate: datasource=github-releases depName=slsa-framework/slsa-github-generator
     value: "1.6.0"
   syftVersion:
     description: "Anchore syft version"
+    # renovate: datasource=github-releases depName=anchore/syft
     value: "v0.82.0"
   tufMirror:
     description: "cosign TUF root mirror URL"
diff --git a/renovate.json b/renovate.json
index e4a2966..0d997e0 100644
--- a/renovate.json
+++ b/renovate.json
@@ -7,5 +7,21 @@
     ":semanticCommitScopeDisabled",
     "helpers:pinGitHubActionDigests"
   ],
-  "enabledManagers": ["github-actions", "npm"]
+  "packageRules": [
+    {
+      "matchDatasources": ["helm"],
+      "registryUrls": [
+        "https://sigstore.github.io/helm-charts"
+      ]
+    }
+  ],
+  "customManagers": [
+    {
+      "customType": "regex",
+      "fileMatch": [".github/actions/config/action.yaml"],
+      "matchStrings": [
+        "# renovate: datasource=(?<datasource>.*?)\\s+depName=(?<depName>.*?)\\s+value:\\s?\"(?<currentValue>.*)\""
+      ]
+    }
+  ]
 }