diff --git a/.circleci/config.yml b/.circleci/config.yml index 5390e9b6c2..5bc4ac7578 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -15,6 +15,7 @@ jobs: # We do this instead of setting --default-tf-version because setting # that flag starts the download asynchronously so we'd have a race # condition. + # renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp TERRAFORM_VERSION: 1.3.6 steps: - checkout diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 26634dcfcc..0000000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,37 +0,0 @@ -# To get started with Dependabot version updates, you'll need to specify which -# package ecosystems to update and where the package manifests are located. -# Please see the documentation for all configuration options: -# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file - -version: 2 -updates: - - - package-ecosystem: "gomod" - directory: "/" - schedule: - interval: "weekly" - - - package-ecosystem: "gomod" - directory: "/e2e" - schedule: - interval: "weekly" - - - package-ecosystem: "docker" - directory: "/" - schedule: - interval: "weekly" - - - package-ecosystem: "docker" - directory: "/docker-base" - schedule: - interval: "weekly" - - - package-ecosystem: "docker" - directory: "/testing" - schedule: - interval: "weekly" - - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "weekly" diff --git a/.github/renovate.json5 b/.github/renovate.json5 new file mode 100644 index 0000000000..0b5e176bb9 --- /dev/null +++ b/.github/renovate.json5 @@ -0,0 +1,76 @@ +{ + extends: [ + "config:base", + "schedule:earlyMondays" + ], + automerge: false, + platformAutomerge: false, + labels: ["dependencies"], + postUpdateOptions: ["gomodTidy", "yarnDedupeHighest"], + prHourlyLimit: 0, + prConcurrentLimit: 5, + packageRules: [ + // e2e test depends on testing/Dockefile testing-image which has conftest specific version. + // to upgrade conftest versions, we need following PRs. + // 1. update testing/Dockerfile conftest version + // 2. update testing-env tag + // 3. update e2e conftest version + // this settings allow to create only testing/Dockefile contest version update PR which uses branch prefix. + { + matchPaths: ["testing/**"], + matchPackagePatterns: ["conftest"], + additionalBranchPrefix: "{{baseDir}}-", + groupName: "conftest-testing", + prBodyNotes: [ + ":warning: You need to upgrade testing-env conftest firstly, then upgrade other conftest versions for e2e :warning:", + ], + }, + { + ignorePaths: ["testing/**"], + matchPackagePatterns: ["github-actions"], + groupName: "github-", + }, + { + // we need to upgrade testing-env on ci quickly + matchPaths: [".github/**"], + matchPackageNames: ["ghcr.io/runatlantis/testing-env"], + groupName: "testing-env-ci-test", + schedule: ["every 1 hour after 00:00 and before 23:59 every day"], + }, + ], + // https://docs.renovatebot.com/modules/manager/regex/ + regexManagers: [ + { + fileMatch: ["(^|/)Dockerfile$", "(^|/)Dockerfile\\.[^/]*$"], + matchStrings: [ + // example: + // renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp + // ENV DEFAULT_TERRAFORM_VERSION=x.x.x + "renovate: datasource=(?.*?) depName=(?.*?)( versioning=(?.*?))?\\sENV .*?_VERSION=(?.*)\\s", + ], + versioningTemplate: "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + extractVersionTemplate: '^v(?\\d+\\.\\d+\\.\\d+)', + }, + { + fileMatch: [".*go$"], + matchStrings: [ + // example: + // const ConftestVersion = "x.x.x" // renovate: datasource=github-releases depName=open-policy-agent/conftest + "\\sconst .*Version = \"(?.*)\"\\s// renovate: datasource=(?.*?) depName=(?.*?)( versioning=(?.*?))?\\s", + ], + versioningTemplate: "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + extractVersionTemplate: '^v(?\\d+\\.\\d+\\.\\d+)', + }, + { + fileMatch: [".circleci/config.yml$"], + matchStrings: [ + // example: + // # renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp + // TRRAFORM_VERSION: x.x.x + "renovate: datasource=(?.*?) depName=(?.*?)( versioning=(?.*?))?\\s.*?_VERSION: (?.*)\\s", + ], + versioningTemplate: "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + extractVersionTemplate: '^v(?\\d+\\.\\d+\\.\\d+)', + }, + ] +} diff --git a/Dockerfile b/Dockerfile index 4f05342c4c..4248c29f36 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,6 +20,7 @@ FROM ${ATLANTIS_BASE}:${ATLANTIS_BASE_TAG_DATE}-${ATLANTIS_BASE_TAG_TYPE} AS bas ARG TARGETPLATFORM # install terraform binaries +# renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp ENV DEFAULT_TERRAFORM_VERSION=1.3.6 # In the official Atlantis image we only have the latest of each Terraform version. @@ -43,6 +44,7 @@ RUN AVAILABLE_TERRAFORM_VERSIONS="1.0.11 1.1.9 1.2.9 ${DEFAULT_TERRAFORM_VERSION done && \ ln -s "/usr/local/bin/tf/versions/${DEFAULT_TERRAFORM_VERSION}/terraform" /usr/local/bin/terraform +# renovate: datasource=github-releases depName=open-policy-agent/conftest ENV DEFAULT_CONFTEST_VERSION=0.35.0 RUN AVAILABLE_CONFTEST_VERSIONS="${DEFAULT_CONFTEST_VERSION}" && \ diff --git a/Dockerfile.dev b/Dockerfile.dev index d9ed7aad63..bff737fc1f 100644 --- a/Dockerfile.dev +++ b/Dockerfile.dev @@ -1,6 +1,7 @@ FROM ghcr.io/runatlantis/atlantis:latest COPY atlantis /usr/local/bin/atlantis # TODO: remove this once we get this in the base image +# renovate: datasource=github-releases depName=open-policy-agent/conftest ENV DEFAULT_CONFTEST_VERSION=0.35.0 WORKDIR /atlantis/src diff --git a/server/controllers/events/events_controller_e2e_test.go b/server/controllers/events/events_controller_e2e_test.go index 89627002a6..aba5c61675 100644 --- a/server/controllers/events/events_controller_e2e_test.go +++ b/server/controllers/events/events_controller_e2e_test.go @@ -42,7 +42,7 @@ import ( . "github.com/runatlantis/atlantis/testing" ) -const ConftestVersion = "0.35.0" +const ConftestVersion = "0.35.0" // renovate: datasource=github-releases depName=open-policy-agent/conftest var applyLocker locking.ApplyLocker var userConfig server.UserConfig diff --git a/testdrive/utils.go b/testdrive/utils.go index a3b44d054d..921f129b9b 100644 --- a/testdrive/utils.go +++ b/testdrive/utils.go @@ -34,7 +34,7 @@ import ( ) const hashicorpReleasesURL = "https://releases.hashicorp.com" -const terraformVersion = "1.3.6" +const terraformVersion = "1.3.6" // renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp const ngrokDownloadURL = "https://bin.equinox.io/c/4VmDzA7iaHb" const ngrokAPIURL = "localhost:41414" // We hope this isn't used. const atlantisPort = 4141 diff --git a/testing/Dockerfile b/testing/Dockerfile index ec4ba11e4c..34c6500070 100644 --- a/testing/Dockerfile +++ b/testing/Dockerfile @@ -5,6 +5,7 @@ RUN apt-get update && apt-get --no-install-recommends -y install unzip \ && rm -rf /var/lib/apt/lists/* # Install Terraform +# renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp ENV TERRAFORM_VERSION=1.3.6 RUN case $(uname -m) in x86_64|amd64) ARCH="amd64" ;; aarch64|arm64|armv7l) ARCH="arm64" ;; esac && \ wget -nv -O terraform.zip https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_${ARCH}.zip && \ @@ -14,6 +15,7 @@ RUN case $(uname -m) in x86_64|amd64) ARCH="amd64" ;; aarch64|arm64|armv7l) ARCH rm terraform.zip # Install conftest +# renovate: datasource=github-releases depName=open-policy-agent/conftest ENV CONFTEST_VERSION=0.35.0 SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN case $(uname -m) in x86_64|amd64) ARCH="x86_64" ;; aarch64|arm64|armv7l) ARCH="arm64" ;; esac && \