diff --git a/.circleci/config.yml b/.circleci/config.yml index 6ad1d18fa4..fd5da0f9fd 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -15,7 +15,8 @@ jobs: # We do this instead of setting --default-tf-version because setting # that flag starts the download asynchronously so we'd have a race # condition. - TERRAFORM_VERSION: 1.3.6 + # renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp + TERRAFORM_VERSION: 1.3.5 steps: - checkout - run: make build-service diff --git a/Dockerfile b/Dockerfile index 4f05342c4c..4248c29f36 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,6 +20,7 @@ FROM ${ATLANTIS_BASE}:${ATLANTIS_BASE_TAG_DATE}-${ATLANTIS_BASE_TAG_TYPE} AS bas ARG TARGETPLATFORM # install terraform binaries +# renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp ENV DEFAULT_TERRAFORM_VERSION=1.3.6 # In the official Atlantis image we only have the latest of each Terraform version. @@ -43,6 +44,7 @@ RUN AVAILABLE_TERRAFORM_VERSIONS="1.0.11 1.1.9 1.2.9 ${DEFAULT_TERRAFORM_VERSION done && \ ln -s "/usr/local/bin/tf/versions/${DEFAULT_TERRAFORM_VERSION}/terraform" /usr/local/bin/terraform +# renovate: datasource=github-releases depName=open-policy-agent/conftest ENV DEFAULT_CONFTEST_VERSION=0.35.0 RUN AVAILABLE_CONFTEST_VERSIONS="${DEFAULT_CONFTEST_VERSION}" && \ diff --git a/Dockerfile.dev b/Dockerfile.dev index d9ed7aad63..bff737fc1f 100644 --- a/Dockerfile.dev +++ b/Dockerfile.dev @@ -1,6 +1,7 @@ FROM ghcr.io/runatlantis/atlantis:latest COPY atlantis /usr/local/bin/atlantis # TODO: remove this once we get this in the base image +# renovate: datasource=github-releases depName=open-policy-agent/conftest ENV DEFAULT_CONFTEST_VERSION=0.35.0 WORKDIR /atlantis/src diff --git a/renovate.json5 b/renovate.json5 new file mode 100644 index 0000000000..e980f3e2c3 --- /dev/null +++ b/renovate.json5 @@ -0,0 +1,73 @@ +{ + extends: [ + "config:base", + ], + includeForks: true, + renovateFork: true, + automerge: false, + platformAutomerge: false, + labels: ["dependencies"], + postUpdateOptions: ["gomodTidy", "yarnDedupeHighest"], + prHourlyLimit: 0, + prConcurrentLimit: 0, + packageRules: [ + { + // e2e test depends on testing/Dockefile testing-image which has conftest specific version. + // to upgrade conftest versions, we need following PRs. + // 1. update testing/Dockerfile conftest version + // 2. update testing-image tag + // 3. update e2e conftest version + // this settings allow to create only testing/Dockefile contest version update PR which uses branch prefix. + matchPaths: ["testing/**"], + matchPackagePatterns: ["conftest"], + additionalBranchPrefix: "{{baseDir}}-", + groupName: "conftest testing", + commitMessageSuffix: "testing", + }, + { + matchPackagePatterns: ["conftest"], + groupName: "conftest upgrade", + commitMessageSuffix: "upgrade", + prBodyNotes: [ + ":warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning:", + ":warning: You need to upgrade conftest before update testing conftest and testing-env image :warning:", + ":warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning:", + ] + }, + ], + // https://docs.renovatebot.com/modules/manager/regex/ + regexManagers: [ + { + fileMatch: ["(^|/)Dockerfile$", "(^|/)Dockerfile\\.[^/]*$"], + matchStrings: [ + // example: + // renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp + // ENV DEFAULT_TERRAFORM_VERSION=x.x.x + "renovate: datasource=(?.*?) depName=(?.*?)( versioning=(?.*?))?\\sENV .*?_VERSION=(?.*)\\s", + ], + versioningTemplate: "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + extractVersionTemplate: '^v(?\\d+\\.\\d+\\.\\d+)', + }, + { + fileMatch: [".*go$"], + matchStrings: [ + // example: + // const ConftestVersion = "x.x.x" // renovate: datasource=github-releases depName=open-policy-agent/conftest + "\\sconst .*Version = \"(?.*)\"\\s// renovate: datasource=(?.*?) depName=(?.*?)( versioning=(?.*?))?\\s", + ], + versioningTemplate: "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + extractVersionTemplate: '^v(?\\d+\\.\\d+\\.\\d+)', + }, + { + fileMatch: [".circleci/config.yml$"], + matchStrings: [ + // example: + // # renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp + // TRRAFORM_VERSION: x.x.x + "renovate: datasource=(?.*?) depName=(?.*?)( versioning=(?.*?))?\\s.*?_VERSION: (?.*)\\s", + ], + versioningTemplate: "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + extractVersionTemplate: '^v(?\\d+\\.\\d+\\.\\d+)', + }, + ] +} diff --git a/server/controllers/events/events_controller_e2e_test.go b/server/controllers/events/events_controller_e2e_test.go index a5236d337c..80de4d4914 100644 --- a/server/controllers/events/events_controller_e2e_test.go +++ b/server/controllers/events/events_controller_e2e_test.go @@ -42,7 +42,7 @@ import ( . "github.com/runatlantis/atlantis/testing" ) -const ConftestVersion = "0.35.0" +const ConftestVersion = "0.35.0" // renovate: datasource=github-releases depName=open-policy-agent/conftest var applyLocker locking.ApplyLocker var userConfig server.UserConfig diff --git a/testdrive/utils.go b/testdrive/utils.go index a3b44d054d..2bcd210bfc 100644 --- a/testdrive/utils.go +++ b/testdrive/utils.go @@ -34,7 +34,7 @@ import ( ) const hashicorpReleasesURL = "https://releases.hashicorp.com" -const terraformVersion = "1.3.6" +const terraformVersion = "1.3.5" // renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp const ngrokDownloadURL = "https://bin.equinox.io/c/4VmDzA7iaHb" const ngrokAPIURL = "localhost:41414" // We hope this isn't used. const atlantisPort = 4141 diff --git a/testing/Dockerfile b/testing/Dockerfile index 9ad58a46f5..db23110992 100644 --- a/testing/Dockerfile +++ b/testing/Dockerfile @@ -5,6 +5,7 @@ RUN apt-get update && apt-get --no-install-recommends -y install unzip \ && rm -rf /var/lib/apt/lists/* # Install Terraform +# renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp ENV TERRAFORM_VERSION=1.3.6 RUN case $(uname -m) in x86_64|amd64) ARCH="amd64" ;; aarch64|arm64|armv7l) ARCH="arm64" ;; esac && \ wget -nv -O terraform.zip https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_${ARCH}.zip && \ @@ -14,6 +15,7 @@ RUN case $(uname -m) in x86_64|amd64) ARCH="amd64" ;; aarch64|arm64|armv7l) ARCH rm terraform.zip # Install conftest +# renovate: datasource=github-releases depName=open-policy-agent/conftest ENV CONFTEST_VERSION=0.35.0 SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN case $(uname -m) in x86_64|amd64) ARCH="x86_64" ;; aarch64|arm64|armv7l) ARCH="arm64" ;; esac && \