-
Notifications
You must be signed in to change notification settings - Fork 29
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(deps): ensure a dependency workflow checks all upstream resourc…
…es and dependencies (#1042) * Deletes dependabot and adds renovate
- Loading branch information
1 parent
84a6d70
commit c37c698
Showing
2 changed files
with
260 additions
and
16 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,260 @@ | ||
{ | ||
"enabled": true, | ||
"forkProcessing": "enabled", | ||
"$schema": "https://docs.renovatebot.com/renovate-schema.json", | ||
"extends": [ | ||
"config:best-practices", | ||
":semanticCommits", | ||
":semanticCommitTypeAll(chore)" | ||
], | ||
// Disable reviewers getting added by renovate to limit notification noise | ||
"reviewersFromCodeOwners": false, | ||
"timezone": "America/New_York", | ||
"rebaseStalePrs": true, | ||
"dependencyDashboard": true, | ||
"dependencyDashboardTitle": "Renovate Dashboard 🤖", | ||
"rebaseWhen": "conflicted", | ||
"commitBodyTable": true, | ||
"suppressNotifications": ["prIgnoreNotification"], | ||
"pre-commit": { | ||
"enabled": true | ||
}, | ||
"helm-values": { | ||
"fileMatch": [".*\\.ya?ml$"] | ||
}, | ||
"kubernetes": { | ||
"fileMatch": [".*\\.ya?ml$"], | ||
"ignorePaths": [ | ||
".github" | ||
] | ||
}, | ||
"labels": ["dependencies", "tech-debt"], | ||
"hostRules": [ | ||
{ | ||
"matchHost": "registry1.dso.mil", | ||
"hostType": "docker", | ||
"description": "Encrypted creds for registry1, scoped to this Github org using: https://docs.renovatebot.com/getting-started/migrating-secrets/#migrate-your-secrets-in-encrypted-form", | ||
"username": "{{ secrets.IRONBANK_USERNAME }}", | ||
"password": "{{ secrets.IRONBANK_PASSWORD }}" | ||
}, | ||
{ | ||
"matchHost": "cgr.dev", | ||
"description": "Encrypted creds for cgr.dev, scoped to this Github org using: https://docs.renovatebot.com/getting-started/migrating-secrets/#migrate-your-secrets-in-encrypted-form", | ||
"username": "{{ secrets.CHAINGUARD_USERNAME }}", | ||
"password": "{{ secrets.CHAINGUARD_PASSWORD }}" | ||
}, | ||
{ | ||
"matchHost": "ghcr.io", | ||
"hostType": "docker", | ||
"description": "Encrypted creds for ghcr.io, scoped to this Github org using: https://docs.renovatebot.com/getting-started/migrating-secrets/#migrate-your-secrets-in-encrypted-form", | ||
"username": "renovate", | ||
"password": "{{ secrets.DEFENSEUNICORNS_PACKAGE_READ_PAT }}" | ||
} | ||
], | ||
"regexManagers": [ | ||
// Matches github-tags pointing to items in githubusercontent (i.e. https://github.com/defenseunicorns/uds-core/blob/e45de0e5917a2ca6c3e30e593e2d9a8d393849a9/.vscode/settings.json#L12) | ||
{ | ||
"fileMatch": [".*(\\.ya?ml|\\.json)$"], | ||
"matchStrings": [ | ||
// Test: https://regex101.com/r/r1nWoZ/1 | ||
"https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\/]+\\/[^\\/]+)\\/(?<currentValue>[^\\/]+)" | ||
], | ||
"versioningTemplate": "semver-coerced", | ||
"datasourceTemplate": "github-tags" | ||
}, | ||
// Matches github-tags pointing to items in github.com/<org>/<repo>/raw/<tag> (i.e. https://github.com/defenseunicorns/uds-package-postgres-operator/blob/c88f9fd47c2fbc85e86c86c26b2d6948f6220898/zarf.yaml#L17) | ||
{ | ||
"fileMatch": [".*(\\.ya?ml|\\.json)$"], | ||
"matchStrings": [ | ||
// Test: https://regex101.com/r/huQrD4/1 | ||
"https:\\/\\/github\\.com\\/(?<depName>[^\\/]+\\/[^\\/]+)\\/raw\\/(?<currentValue>[^\\/]+)" | ||
], | ||
"versioningTemplate": "semver-coerced", | ||
"datasourceTemplate": "github-tags" | ||
}, | ||
// Matches github-tags pointing to items in github.com/<org>/<repo>/releases/download/<tag> (i.e. https://github.com/defenseunicorns/zarf/blob/c8abe31a5c4bbed933d692fcdeeefdc4b31701a5/packages/distros/k3s/zarf.yaml#L17) | ||
{ | ||
"fileMatch": [".*(\\.ya?ml|\\.json)$"], | ||
"matchStrings": [ | ||
// Test: https://regex101.com/r/oGP4dI/1 | ||
"https:\\/\\/github\\.com\\/(?<depName>[^\\/]+\\/[^\\/]+)\\/releases\\/download\\/(?<currentValue>[^\\/]+)" | ||
], | ||
"versioningTemplate": "semver-coerced", | ||
"datasourceTemplate": "github-tags" | ||
}, | ||
// Matches npm modules in npm install commands (i.e. https://github.com/defenseunicorns/uds-core/blob/f8e65159873f87be5912b73cc6f0a5ff26b7bed0/.github/workflows/commitlint.yaml#L26) | ||
{ | ||
"fileMatch": [".*(\\.ya?ml|\\.json)$"], | ||
"matchStrings": [ | ||
// Test: https://regex101.com/r/321nL5/1 | ||
"npm install ([\\w\\- ]+ )?(?<depName>@?[^\\s]*?)@(?<currentValue>[^\\s]+)" | ||
], | ||
"datasourceTemplate": "npm" | ||
}, | ||
// Matches specified datasources where a colon separates the version on the following line (i.e. https://github.com/defenseunicorns/zarf/blob/7e91d3b9823b52fe6d0f563d692c8af57faa6005/examples/big-bang/zarf.yaml#L5) | ||
{ | ||
"fileMatch": [".*\\.ya?ml$"], | ||
"matchStrings": [ | ||
// Test: https://regex101.com/r/d9t0lt/1 | ||
"# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?( extractVersion=(?<extractVersion>.*?))?( registryUrl=(?<registryUrl>.*?))?\\s.*:\\s*['\"]?(?<currentValue>[v0-9].*?)['\"]?(\\s|$)" | ||
], | ||
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver-coerced{{/if}}", | ||
"extractVersionTemplate": "{{#if extractVersion}}{{{extractVersion}}}{{else}}^(?<version>.*)${{/if}}" | ||
}, | ||
// Matches specified datasources where an environment variable separates the version on the following line (i.e. https://github.com/defenseunicorns/uds-common/blob/ce3ba974ef3ff88058809f4b9a78da281a65ffa0/.github/actions/setup/action.yaml#L9) | ||
{ | ||
"fileMatch": [".*\\.ya?ml$", ".*\\.sh$", ".*\\.?Dockerfile$"], | ||
"matchStrings": [ | ||
// Test: https://regex101.com/r/b53bEF/2 | ||
"# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?( extractVersion=(?<extractVersion>.*?))?( registryUrl=(?<registryUrl>.*?))?\\s.*[A-Z]+=['\"]?(?<currentValue>[v0-9].*?)['\"]?(\\s|$)" | ||
], | ||
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver-coerced{{/if}}", | ||
"extractVersionTemplate": "{{#if extractVersion}}{{{extractVersion}}}{{else}}^(?<version>.*)${{/if}}" | ||
}, | ||
// Matches specified datasources for brew where an @ separates the version on the following line (i.e. https://github.com/defenseunicorns/uds-core/blob/5a2666f6a5ba89686c6dc1fecb0db98512b1b9f8/.github/actions/setup/action.yaml#L32) | ||
{ | ||
"fileMatch": [".*\\.ya?ml$"], | ||
"matchStrings": [ | ||
// Test: https://regex101.com/r/p3Cpjx/1 | ||
"# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\s.*brew.*@\\s*['\"]?(?<currentValue>[v0-9].*?)['\"]?(\\s|$)" | ||
], | ||
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver-coerced{{/if}}", | ||
"extractVersionTemplate": "^v(?<version>.*)$" | ||
}, | ||
// Matches images where you need to override the image reference in a Helm Value (i.e. https://github.com/defenseunicorns/uds-capability-rook-ceph/blob/f190c32688e80ad72df6389bcb150b35d779d0f0/values/cluster-values.yaml#L3-L4) | ||
{ | ||
"fileMatch": ["\\.*\\.ya?ml$"], | ||
"matchStrings": [ | ||
// Test: https://regex101.com/r/k5ebjz/1 | ||
"# renovate: image=(?<depName>.*?)\\s*image:\\s.*:(?<currentValue>[^\\s\"]*)", | ||
], | ||
"datasourceTemplate": "docker" | ||
}, | ||
// Matches individual images in a `zarf.yaml`'s `images:` section that are tagged with a version (allowing for # renovate overrides) | ||
{ | ||
"fileMatch": [ "(^|/)zarf\\.ya?ml$" ], | ||
"matchStrings": [ | ||
// Test: https://regex101.com/r/Bd8IBp/1 | ||
"- ['\"]?(?<depName>[^\"'\\s]+):(?<currentValue>[^\"'\\s]+)['\"]?( # renovate:( versioning=(?<versioning>.*?))?( extractVersion=(?<extractVersion>.*?))?)?(\\s|$)" | ||
], | ||
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}docker{{/if}}", | ||
"extractVersionTemplate": "{{#if extractVersion}}{{{extractVersion}}}{{else}}^(?<version>.*)${{/if}}", | ||
"datasourceTemplate": "docker" | ||
}, | ||
// Matches individual helm repo charts in a `zarf.yaml`'s `charts:` section that specify `version` then `url` | ||
{ | ||
"fileMatch": [ "(^|/)zarf\\.ya?ml$" ], | ||
"matchStringsStrategy": "recursive", | ||
"matchStrings": [ | ||
// Match the chart section. Test: https://regex101.com/r/1DL0tI/3 | ||
"(?m)charts:(.|\\n)*?(^\\s{4}[\\w:]+|\\n$|^\\s{2}-)", | ||
// Match a chart entry. Test: https://regex101.com/r/ibpxYd/1 | ||
"(?m)name:(.|\\n)+?(^\\s{4}[\\w\\-:]+|\\n$|^\\s{2}-|^\\s{6}-)", | ||
// Match the parts of a chart entry. Test: https://regex101.com/r/tVVHYS/1 | ||
"(?m)name: [\"']?(?<depName>.+?)[\"']?$(.|\\n)*?version: [\"']?(?<currentValue>.+?)[\"']?$(.|\\n)*?url: [\"']?(?<registryUrl>(https|http|file):\\/\\/.+?)[\"']?$" | ||
], | ||
"datasourceTemplate": "helm" | ||
}, | ||
// Matches individual helm repo charts in a `zarf.yaml`'s `charts:` section that specify `url` then `version` | ||
{ | ||
"fileMatch": [ "(^|/)zarf.yaml$" ], | ||
"matchStringsStrategy": "recursive", | ||
"matchStrings": [ | ||
// Match the chart section. Test: https://regex101.com/r/1DL0tI/3 | ||
"(?m)charts:(.|\\n)*?(^\\s{4}[\\w:]+|\\n$|^\\s{2}-)", | ||
// Match a chart entry. Test: https://regex101.com/r/ibpxYd/1 | ||
"(?m)name:(.|\\n)+?(^\\s{4}[\\w\\-:]+|\\n$|^\\s{2}-|^\\s{6}-)", | ||
// Match the parts of a chart entry. Test: https://regex101.com/r/ehfBW6/1 | ||
"(?m)name: [\"']?(?<depName>.+?)[\"']?$(.|\\n)*?url: [\"']?(?<registryUrl>(https|http|file):\\/\\/.+?)[\"']?$(.|\\n)*?version: [\"']?(?<currentValue>.+?)[\"']?$" | ||
], | ||
"datasourceTemplate": "helm" | ||
}, | ||
// Matches individual helm git charts in a `zarf.yaml`'s `charts:` section that specify `version` then `url` | ||
{ | ||
"fileMatch": [ "(^|/)zarf\\.ya?ml$" ], | ||
"matchStringsStrategy": "recursive", | ||
"matchStrings": [ | ||
// Match the chart section. Test: https://regex101.com/r/1DL0tI/3 | ||
"(?m)charts:(.|\\n)*?(^\\s{4}[\\w:]+|\\n$|^\\s{2}-)", | ||
// Match a chart entry. Test: https://regex101.com/r/ibpxYd/1 | ||
"(?m)name:(.|\\n)+?(^\\s{4}[\\w\\-:]+|\\n$|^\\s{2}-|^\\s{6}-)", | ||
// Match the parts of a chart entry. Test: https://regex101.com/r/PIIH1p/1 | ||
"(?m)name:(.|\\n)*?version: [\"']?(?<currentValue>.+?)[\"']?$(.|\\n)*?url: [\"']?(?<depName>.+?\\.git)[\"']?$" | ||
], | ||
"datasourceTemplate": "git-tags", | ||
// Match the version from the tag. Test: https://regex101.com/r/dzQZiE/1 | ||
"versioningTemplate": "regex:^v?(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)(-[\\w\\.]+\\.(?<build>\\d+))?" | ||
}, | ||
// Matches individual helm git charts in a `zarf.yaml`'s `charts:` section that specify `url` then `version` | ||
{ | ||
"fileMatch": [ "(^|/)zarf.yaml$" ], | ||
"matchStringsStrategy": "recursive", | ||
"matchStrings": [ | ||
// Match the chart section. Test: https://regex101.com/r/1DL0tI/3 | ||
"(?m)charts:(.|\\n)*?(^\\s{4}[\\w:]+|\\n$|^\\s{2}-)", | ||
// Match a chart entry. Test: https://regex101.com/r/ibpxYd/1 | ||
"(?m)name:(.|\\n)+?(^\\s{4}[\\w\\-:]+|\\n$|^\\s{2}-|^\\s{6}-)", | ||
// Match the parts of a chart entry. Test: https://regex101.com/r/m71Sn5/1 | ||
"(?m)name:(.|\\n)*?url: [\"']?(?<depName>.+?\\.git)[\"']?$(.|\\n)*?version: [\"']?(?<currentValue>.+?)[\"']?$" | ||
], | ||
"datasourceTemplate": "git-tags", | ||
// Match the version from the tag. Test: https://regex101.com/r/dzQZiE/1 | ||
"versioningTemplate": "regex:^v?(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)(-[\\w\\.]+\\.(?<build>\\d+))?" | ||
}, | ||
// Matches individual helm oci charts in a `zarf.yaml`'s `charts:` section that specify `version` then `url` | ||
{ | ||
"fileMatch": [ "(^|/)zarf\\.ya?ml$" ], | ||
"matchStringsStrategy": "recursive", | ||
"matchStrings": [ | ||
// Match the chart section. Test: https://regex101.com/r/1DL0tI/3 | ||
"(?m)charts:(.|\\n)*?(^\\s{4}[\\w:]+|\\n$|^\\s{2}-)", | ||
// Match a chart entry. Test: https://regex101.com/r/ibpxYd/1 | ||
"(?m)name:(.|\\n)+?(^\\s{4}[\\w\\-:]+|\\n$|^\\s{2}-|^\\s{6}-)", | ||
// Match the parts of a chart entry. Test: https://regex101.com/r/gYGkgq/1 | ||
"(?m)name:(.|\\n)*?version: [\"']?(?<currentValue>.+?)[\"']?$(.|\\n)*?url: [\"']?oci:\\/\\/(?<depName>.+?)[\"']?$" | ||
], | ||
"datasourceTemplate": "docker" | ||
}, | ||
// Matches individual helm oci charts in a `zarf.yaml`'s `charts:` section that specify `url` then `version` | ||
{ | ||
"fileMatch": [ "(^|/)zarf.yaml$" ], | ||
"matchStringsStrategy": "recursive", | ||
"matchStrings": [ | ||
// Match the chart section. Test: https://regex101.com/r/1DL0tI/3 | ||
"(?m)charts:(.|\\n)*?(^\\s{4}[\\w:]+|\\n$|^\\s{2}-)", | ||
// Match a chart entry. Test: https://regex101.com/r/ibpxYd/1 | ||
"(?m)name:(.|\\n)+?(^\\s{4}[\\w\\-:]+|\\n$|^\\s{2}-|^\\s{6}-)", | ||
// Match the parts of a chart entry. Test: https://regex101.com/r/VDMzhy/1 | ||
"(?m)name:(.|\\n)*?url: [\"']?oci:\\/\\/(?<depName>.+?)[\"']?$(.|\\n)*?version: [\"']?(?<currentValue>.+?)[\"']?$" | ||
], | ||
"datasourceTemplate": "docker" | ||
}, | ||
// Matches individual kustomizations in a `zarf.yaml`'s `manifests:` section using a github url with a ref | ||
{ | ||
"fileMatch": [ "(^|/)zarf\\.ya?ml$" ], | ||
"matchStringsStrategy": "recursive", | ||
"matchStrings": [ | ||
// Match the manifests section. Test: https://regex101.com/r/BCfsGu/1 | ||
"(?m)manifests:(.|\\n)*?(^\\s{4}[\\w:]+|\\n$|^\\s{2}-)", | ||
// Match a manifests entry. Test: https://regex101.com/r/UjQa51/1 | ||
"(?m)name:(.|\\n)+?(^\\s{4}[\\w\\-:]+|\\n$|^\\s{2}-|^\\s{6}-)", | ||
// Match the parts of a chart entry. Test: https://regex101.com/r/cumJ2Y/1 | ||
"(?m)name:(.|\\n)*?kustomizations:(.|\n)*?- [\"']?github.com\\/(?<depName>.+?)\\/\\/.*\\?ref=(?<currentValue>.+?)[\"']?$" | ||
], | ||
"versioningTemplate": "semver-coerced", | ||
"datasourceTemplate": "github-tags" | ||
}, | ||
// Matches oci packages in a `uds-bundle.yaml`'s `zarf-packages:` section that specify `repository` then `ref` | ||
{ | ||
"fileMatch": [ "(^|/)uds-bundle.yaml$" ], | ||
"matchStringsStrategy": "recursive", | ||
"matchStrings": [ | ||
// Match the parts of a chart entry. Test: https://regex101.com/r/IFgEw0/1 | ||
"(?m)repository: [\"']?(?<depName>.+?)[\"']?$(.)*(\n.*){0,2}ref: [\"']?(?<currentValue>.+?)[\"']?$" | ||
], | ||
"datasourceTemplate": "docker", | ||
// Match versioning used on UDS packages. Test: https://regex101.com/r/BGkYHX/4 | ||
"versioningTemplate": "regex:^v?(?<major>\\d+)(\\.(?<minor>\\d+))?(\\.(?<patch>\\d+))?(-uds\\.(?<build>\\d))?(-(?<compatibility>\\w+)?)?(.*?)?$" | ||
} | ||
] | ||
} |