Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Added Renovate to auto update helm-values and github-actions #979

Merged
merged 29 commits into from
Feb 1, 2024
Merged

feat: Added Renovate to auto update helm-values and github-actions #979

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
0741d38
enhancement: Moved image properties
kvanzuijlen Jan 3, 2024
3a1c0bf
fix(tests): Fixed tests and use snapshots
kvanzuijlen Jan 3, 2024
bdb8786
fix(tests): Some refactoring
kvanzuijlen Jan 3, 2024
e517518
feat: Added renovate
kvanzuijlen Jan 3, 2024
390836a
chore: cleanup
kvanzuijlen Jan 3, 2024
945cafb
Merge branch 'main' into renovate-autoupdate
kvanzuijlen Jan 3, 2024
78cd773
Merge branch 'main' into renovate-autoupdate
kvanzuijlen Jan 3, 2024
94553c4
Merge remote-tracking branch 'origin/renovate-autoupdate' into renova…
kvanzuijlen Jan 18, 2024
bf306d6
Merge branch 'main' into renovate-autoupdate
kvanzuijlen Jan 18, 2024
42898ff
chore: Updated renovate config and action
kvanzuijlen Jan 18, 2024
2efe39e
fix: Fixed mount volumes
kvanzuijlen Jan 18, 2024
b14ce8b
docs: Added breaking changes documentation
kvanzuijlen Jan 18, 2024
71c219a
fix: Updated test snapshots
kvanzuijlen Jan 18, 2024
1833cba
chore: Also update jenkins version via Renovate
kvanzuijlen Jan 18, 2024
12d7783
chore: Temporarily enable dependency dashboard
kvanzuijlen Jan 18, 2024
dba6f97
chore: Fixed md indentation
kvanzuijlen Jan 18, 2024
66626c5
chore: Made unittests more robust
kvanzuijlen Jan 18, 2024
980e329
chore: Bump Chart version
kvanzuijlen Jan 18, 2024
ed53918
fix: remove erroneous condition
kvanzuijlen Jan 18, 2024
fb9052c
Merge branch 'main' into renovate-autoupdate
kvanzuijlen Jan 31, 2024
fc6d514
feat: Added Renovate configuration
kvanzuijlen Jan 31, 2024
9780bbc
chore: Renamed admin credential values
kvanzuijlen Jan 31, 2024
05e5586
chore: Updated changelog
kvanzuijlen Jan 31, 2024
d0b3aad
chore: Fixed linting issues
kvanzuijlen Jan 31, 2024
6e26829
chore: Removed backup from Helm Chart
kvanzuijlen Feb 1, 2024
49e3943
chore: Added to UPGRADING.md and updated deprecation.yaml
kvanzuijlen Feb 1, 2024
cc69d9b
chore: Fixed linting issues
kvanzuijlen Feb 1, 2024
dcb318c
chore: Fixed deprecation.yaml
kvanzuijlen Feb 1, 2024
fc65c38
chore: Fixed linting issues
kvanzuijlen Feb 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 45 additions & 0 deletions .github/renovate.json5
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
{
$schema: "https://docs.renovatebot.com/renovate-schema.json",
semanticCommits: "auto",
enabledManagers: [
"helm-values",
"github-actions",
"regex"
],
packageRules: [
{
matchDepNames: ["jenkins/inbound-agent"],
versioning: "loose"
},
{
matchManagers: [
"github-actions",
"regex"
],
schedule: ["every monday"]
},
{
matchManagers: ["helm-values"],
bumpVersion: "minor",
postUpgradeTasks: {
"commands": ["helm unittest --strict -f 'unittests/*.yaml' charts/jenkins -u"],
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this needed? won't CI just run this anyway?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The -u updates the snapshots, which is needed for kiwigrid/k8s-sidecar and jenkins/inbound-agent

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah that's cool, much simpler.

We could also configure this to update plugins too right then?

helm-charts/charts/jenkins/values.yaml

Lines 250 to 253 in 762105a

- kubernetes:4029.v5712230ccb_f8
- workflow-aggregator:596.v8c21c963d92d
- git:5.1.0
- configuration-as-code:1670.v564dc8b_982d0

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, that could be a bit harder... We'd need to use the regex manager for that, so we can't use the bumpVersion functionality. I see 2 solutions for that;

  • Use postUpgradeTasks for bumping the Chart version as well
  • Use a 2-step approach, where we'd first create a draft PR using renovate and then use another GitHub Action to do stuff like bumping the Chart version, adding to the changelog, etc.

I need to verify if the postUpgradeTasks approach would work, as I don't know if things like helm (and helm unittest) are available once installed on the runner or if we'd need to build a custom Renovate image (Renovate runs in a container, but could, for example, mount some stuff).

If a custom image is required we could opt for option 2 instead. If a custom image isn't a big deal (it should be quite easy, with Renovate auto-updating it, etc.) that would also be an option.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe we could maintain a plugins.txt file and sync it in the renovate workflow using yq to override what's in the values.yaml file in post upgrade tasks?

https://docs.renovatebot.com/modules/manager/jenkins/

Copy link
Contributor Author

@kvanzuijlen kvanzuijlen Jan 4, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That would be an option yeah. That still wouldn't solve the bumpVersion issue though. Also, postUpgradeTasks run within the image, so we'd have to install the tools on the runner and mount the executables/binaries, use a custom image, or use the 2-step solution I proposed.

Personally, I'm more of a fan of mounting the tools since it doesn't involve custom images (maintenance!) and it doesn't require a 2-step approach.

"fileFilters": ["charts/jenkins/**"],
"executionMode": "update"
}
}
],
customManagers: [
{
customType: "regex",
fileMatch: [
"(^|/)\\.github/workflows/[^/]+\\.ya?ml$"
],
matchStrings: [
"# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( extractVersion=(?<extractVersion>.*?))?( versioning=(?<versioning>.*?))?\\s+?[\\w\\s-]*?version: (?<currentValue>.*)\\s"
]
}
],
allowedPostUpgradeCommands: [
"helm unittest --strict -f 'unittests/*.yaml' charts/jenkins -u",
],
}
3 changes: 3 additions & 0 deletions .github/workflows/lint-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,16 +26,19 @@ jobs:
- name: Set up Helm
uses: azure/setup-helm@v3
with:
# renovate: datasource=github-tags depName=helm/helm
version: v3.12.0

- name: Set up Python
uses: actions/setup-python@v5
with:
# renovate: datasource=docker depName=python
python-version: 3.11.4

- name: Set up chart-testing
uses: helm/chart-testing-action@v2
with:
# renovate: datasource=github-tags depName=helm/chart-testing
version: v3.8.0

- name: Run chart-testing (list-changed)
Expand Down
24 changes: 24 additions & 0 deletions .github/workflows/renovate.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
name: Renovate
on:
schedule:
- cron: "0 * * * 3"
workflow_dispatch:

jobs:
renovate:
runs-on: ubuntu-latest
steps:
- name: Get token
id: get_token
uses: tibdex/github-app-token@v2
with:
app_id: ${{ secrets.JENKINS_DEPENDENCY_UPDATER_APP_ID }}
private_key: ${{ secrets.JENKINS_DEPENDENCY_UPDATER_PRIVATE_KEY }}

- name: Checkout
uses: actions/checkout@v4

- name: Self-hosted Renovate
uses: renovatebot/[email protected]
with:
token: "${{ steps.get_token.outputs.token }}"
timja marked this conversation as resolved.
Show resolved Hide resolved
51 changes: 28 additions & 23 deletions charts/jenkins/VALUES_SUMMARY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,9 @@ The following tables list the configurable parameters of the Jenkins chart and t
| `controller.JCasC.authorizationStrategy` | Jenkins Config as Code for Authorization Strategy | `loggedInUsersCanDoAnything` |
| `controller.sidecars.configAutoReload` | Jenkins Config as Code auto-reload settings | |
| `controller.sidecars.configAutoReload.enabled` | Jenkins Config as Code auto-reload settings (Attention: rbac needs to be enabled otherwise the sidecar can't read the config map) | `true` |
| `controller.sidecars.configAutoReload.image` | Image which triggers the reload | `kiwigrid/k8s-sidecar:1.24.4` |
| `controller.sidecars.configAutoReload.image.registry` | Registry for the image which triggers the reload | `docker.io` |
| `controller.sidecars.configAutoReload.image.repository` | Image which triggers the reload | `kiwigrid/k8s-sidecar` |
| `controller.sidecars.configAutoReload.image.tag` | Tag for the image which triggers the reload | `1.24.4` |
| `controller.sidecars.configAutoReload.reqRetryConnect` | How many connection-related errors to retry on | `10` |
| `controller.sidecars.configAutoReload.sleepTime` | How many seconds to wait before updating config-maps/secrets (sets METHOD=SLEEP on the sidecar) | Not set |
| `controller.sidecars.configAutoReload.envFrom` | Environment variable sources for the Jenkins Config as Code auto-reload container | Not set |
Expand Down Expand Up @@ -109,10 +111,11 @@ The following tables list the configurable parameters of the Jenkins chart and t

| Parameter | Description | Default |
|--------------------------------------------|------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------|
| `controller.image` | Controller image name | `jenkins/jenkins` |
| `controller.tagLabel` | Controller image tag label | `jdk17` |
| `controller.tag` | Controller image tag override | Not set |
| `controller.imagePullPolicy` | Controller image pull policy | `Always` |
| `controller.image.registry` | Controller image registry | `docker.io` |
| `controller.image.repository` | Controller image name | `jenkins/jenkins` |
| `controller.image.tagLabel` | Controller image tag label | `jdk17` |
| `controller.image.tag` | Controller image tag override | Not set |
| `controller.image.pullPolicy` | Controller image pull policy | `Always` |
| `controller.imagePullSecretName` | Controller image pull secret | Not set |
| `controller.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 50m, memory: 256Mi}, limits: {cpu: 2000m, memory: 4096Mi}}` |
| `controller.initContainerResources` | Resources allocation (Requests and Limits) for Init Container | Not set |
Expand Down Expand Up @@ -341,20 +344,21 @@ The following tables list the configurable parameters of the Jenkins chart and t

#### Side Container Configuration

| Parameter | Description | Default |
|---------------------------|------------------------------------------------|------------------------------------------------------------------------------|
| `agent.sideContainerName` | Side container name in agent | jnlp |
| `agent.image` | Agent image name | `jenkins/inbound-agent` |
| `agent.tag` | Agent image tag | `3192.v713e3b_039fb_e-5` |
| `agent.alwaysPullImage` | Always pull agent container image before build | `false` |
| `agent.privileged` | Agent privileged container | `false` |
| `agent.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 512m, memory: 512Mi}, limits: {cpu: 512m, memory: 512Mi}}` |
| `agent.runAsUser` | Configure container user | Not set |
| `agent.runAsGroup` | Configure container group | Not set |
| `agent.command` | Executed command when side container starts | Not set |
| `agent.args` | Arguments passed to executed command | `${computer.jnlpmac} ${computer.name}` |
| `agent.TTYEnabled` | Allocate pseudo tty to the side container | false |
| `agent.workingDir` | Configure working directory for default agent | `/home/jenkins/agent` |
| Parameter | Description | Default |
|---------------------------| ----------------------------------------------- |--------------------------------------------------------------------------------|
| `agent.sideContainerName` | Side container name in agent | jnlp |
| `agent.image.repository` | Agent image name | `jenkins/inbound-agent` |
| `agent.image.tag` | Agent image tag | `3192.v713e3b_039fb_e-5` |
| `agent.alwaysPullImage` | Always pull agent container image before build | `false` |
| `agent.privileged` | Agent privileged container | `false` |
| `agent.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 512m, memory: 512Mi}, limits: {cpu: 512m, memory: 512Mi}}` |
| `agent.runAsUser` | Configure container user | Not set |
| `agent.runAsGroup` | Configure container group | Not set |
| `agent.command` | Executed command when side container starts | Not set |
| `agent.args` | Arguments passed to executed command | `${computer.jnlpmac} ${computer.name}` |
| `agent.TTYEnabled` | Allocate pseudo tty to the side container | false |
| `agent.workingDir` | Configure working directory for default agent | `/home/jenkins/agent` |


#### Other

Expand Down Expand Up @@ -415,7 +419,8 @@ The following tables list the configurable parameters of the Jenkins chart and t

### Helm Tests

| Parameter | Description | Default |
|-----------------------|-----------------------------------|-------------|
| `helmtest.bats.image` | Image used to test the framework | `bats/bats` |
| `helmtest.bats.tag` | Test framework image tag override | `1.2.1` |
| Parameter | Description | Default |
|----------------------------------|-------------------------------------|-------------|
| `helmtest.bats.image.registry` | Registry used to test the framework | `docker.io` |
| `helmtest.bats.image.repository` | Image used to test the framework | `bats/bats` |
| `helmtest.bats.image.tag` | Test framework image tag override | `1.2.1` |
10 changes: 6 additions & 4 deletions charts/jenkins/ci/other-values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,14 +56,16 @@ agent:
customJenkinsLabels: maven
# An example of overriding the jnlp container
# sideContainerName: jnlp
image: jenkins/jnlp-agent-maven
tag: latest
image:
repository: jenkins/jnlp-agent-maven
tag: latest
python:
podName: python
customJenkinsLabels: python
sideContainerName: python
image: python
tag: "3"
image:
repository: python
tag: "3"
command: "/bin/sh -c"
args: "cat"
TTYEnabled: true
Expand Down
2 changes: 1 addition & 1 deletion charts/jenkins/templates/NOTES.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ https://cloud.google.com/solutions/jenkins-on-container-engine
For more information about Jenkins Configuration as Code, visit:
https://jenkins.io/projects/jcasc/

{{ if (eq .Values.controller.image "jenkins/jenkins") }}
{{ if and (eq .Values.controller.image.repository "jenkins/jenkins") (eq .Values.controller.image.registry "docker.io") }}
NOTE: Consider using a custom image with pre-installed plugins
{{- else if .Values.controller.installPlugins }}
NOTE: Consider disabling `installPlugins` if your image already contains plugins.
Expand Down
Loading
Loading