From 1b1e5c3b206d93ca8b9a0d30231f0e0896733957 Mon Sep 17 00:00:00 2001 From: jacobbmay <134300709+jacobbmay@users.noreply.github.com> Date: Thu, 27 Jul 2023 15:29:06 -0400 Subject: [PATCH] Initial renovate config based on modified dubbd renovate.json (#16) --- .github/workflows/publish.yml | 2 + Makefile | 4 +- gitlab-flux-values.yaml | 1 + renovate.json | 107 +++++++++++++++++++++++ test/values-gitlab.yaml | 159 ---------------------------------- zarf.yaml | 3 +- 6 files changed, 115 insertions(+), 161 deletions(-) create mode 100644 renovate.json delete mode 100644 test/values-gitlab.yaml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index f52bee1..17b7f16 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -27,8 +27,10 @@ jobs: - name: Install zarf uses: supplypike/setup-bin@v3 with: + # renovate: zarf-uri datasource=github-tags depName=defenseunicorns/zarf uri: 'https://github.com/defenseunicorns/zarf/releases/download/v0.28.0/zarf_v0.28.0_Linux_amd64' name: 'zarf' + # renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver version: 'v0.28.0' - name: Login to GHCR diff --git a/Makefile b/Makefile index b96f598..faf7c2a 100755 --- a/Makefile +++ b/Makefile @@ -1,11 +1,13 @@ # The version of Zarf to use. To keep this repo as portable as possible the Zarf binary will be downloaded and added to # the build folder. +# renovate: datasource=github-tags depName=defenseunicorns/zarf ZARF_VERSION := v0.28.2 # The version of the build harness container to use BUILD_HARNESS_REPO := ghcr.io/defenseunicorns/build-harness/build-harness +# renovate: datasource=docker depName=ghcr.io/defenseunicorns/build-harness/build-harness BUILD_HARNESS_VERSION := 1.7.1 - +# renovate: datasource=docker depName=ghcr.io/defenseunicorns/packages/dubbd-k3d extractVersion=^(?\d+\.\d+\.\d+) DUBBD_K3D_VERSION := 0.5.0 # Figure out which Zarf binary we should use based on the operating system we are on diff --git a/gitlab-flux-values.yaml b/gitlab-flux-values.yaml index 3f4b5c2..f26aa04 100644 --- a/gitlab-flux-values.yaml +++ b/gitlab-flux-values.yaml @@ -5,6 +5,7 @@ application: path: chart repository: https://repo1.dso.mil/big-bang/product/packages/gitlab.git ref: + # renovate: datasource=gitlab-tags depName=big-bang/product/packages/gitlab versioning=loose registryUrl=https://repo1.dso.mil tag: 7.0.4-bb.0 values: | ###ZARF_VAR_GITLAB_VALUES### diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..8145c52 --- /dev/null +++ b/renovate.json @@ -0,0 +1,107 @@ +{ + "enabled": true, + "forkProcessing": "enabled", + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + ":dependencyDashboard", + ":semanticPrefixFixDepsChoreOthers", + "config:base", + "group:all", + "replacements:all", + "workarounds:all" + ], + "timezone": "America/New_York", + "rebaseStalePrs": true, + "schedule": ["after 7am and before 9am every weekday"], + "dependencyDashboard": true, + "platform": "github", + "onboarding": false, + "requireConfig": false, + "dependencyDashboardTitle": "Renovate Dashboard 🤖", + "rebaseWhen": "conflicted", + "commitBodyTable": true, + "ignorePaths": ["archive/**"], + "suppressNotifications": ["prIgnoreNotification"], + "pre-commit": { + "enabled": true + }, + "helm-values": { + "fileMatch": ["./.+\\.yaml$"] + }, + "kubernetes": { + "fileMatch": ["\\.yaml$"], + "ignorePaths": [ + "ansible", + "scripts", + ".github" + ] + }, + "hostRules": [ + { + "matchHost": "registry1.dso.mil", + "hostType": "docker", + "description": "Encrypted creds for registry1, scoped to this Github org using: https://github.com/renovatebot/renovate/blob/main/docs/usage/configuration-options.md#encrypted", + "encrypted": { + "username": "wcFMA/xDdHCJBTolARAAiYqwOfwkjFnb7ifSRLxTGwyh5K8sUv4LFnEt9+clanU0hAoab9qY+98XLG9F5q+JuNWW9XSRgEYvg21LPhpux+2n+sF/n5UHNEc0X2C9zPVKBzRBu4RoNlsWNdq+wQaznHuw/iKmcDKddB29GTcXAC27ON78ex4jW4GBBEIY75OYfWUVJl3VM8cbK3t5iPNeldmdtS/1rEe8U2tGRdYvkwbMjM1hscHfc5wK06zt8NKz874jpqDYs9jT3FVrJbG9FHoTsrLvC9cEknu1BR3+LrEEV2UTpN+xkLbkCiI9F3rHwwYrAKpm3VDxjieWP2PbAZcazPvqNrC12pR3QrdbIN+6w7Xc9lIOuCcR+nB1mCTaZv4wGYoHmXat/nW58wAHqGzEnkfgfW7/dXvvZPoV/54CW2B8/iEp3oCf/mHk6tM/nlaN0fOcyFuLthD2t3L8bZEU8v88Bpa9sZgQYTg8vO3zGZeXqTznmq8NfseCXezho0syBize/4c7NI67JoVGJGUtOSZ56cNJkmNEhzH3CCKoD+j6shrojQ1yPLFgfxMa1zkp0tcAJ2dMxBbdMiGRKJcnJLRUi3N0z5I+JdydSZlFFj6Y+w7jWs1cff3mTyFCyhK3USyz+pF/ctTwpWixWWR7Zu/I0lqOr90LMri0bjzOf3xWP0eV3Osbi40BmdjScgG2LbZNVbKesnxaKLqzeubgLz9aTVTjHfHWQ753t4Ge/NPq+618M8JXuujYRc/Hw4bm1G7NHTKxPhiHCmDu+wPsNvt+nUvyk9Wb72XHYNdA8bUjV1gHj/1oSc3yGjOyiyaxDUR+nkPB8B+tr1cMWcVczw", + "password": "wcFMA/xDdHCJBTolAQ/9FqgG7wEhIpomA4DpTgDIQdShdkpUHxRCAaOXOaYamKxmyqQgX0N55hVvMt100/JK0AomtTehrWjsyYmvOA5bi2QqkJgEu7Vk/Nyg+CeJj27lZnbZ2wkWhIPUUZKbnGzNg8vmFqeSbI/nhcwwG+1Iiy06pBf/NB1V8KeezD3ICPJAe7HfW5FYDpuAnqo4ktagTEcmKp9bSztAEmNVgS325mE+SB5oGI7zZre4WLDmYCcawCJfwE2HqiWp9E42oiyEgsAa2RNmy/9RLMRq8QmAJY9UuAMDgyRUKh1bVEh2rhg3pV8N8ImqD8a7y/b5HOH5SE1b459K7rUACimJf8GtQtuUmU3bEhhYzafbN8sB6PByOgWEqPKvcCffLghCzsene4lOyie48rC0UZSTRrNiebcLLeJTnkQsUNm8x6GN34mZU4qkBam7Isvdyc7BcSo2rvMbsuMJEuns8Ua3TQlAab1PXofHjwf7aDPee4hLtJsR75IdeWA3mhPKo2hnZ08cBDwhsB7aXYxrH3rXAbPx7FvgcxGA73gCFwNXLf6S2xHb+D7C/ny4z9XhIQk4BrxKlmPFlfpELoijHQ34VBilM/XkeICbtBJghE31X3Ef/LZdLBsR9gvT4nK+zRRLVnEqndO4YkHFOjwKWQxyaGmN+ZE5gSbPx0R1EBo7vM48merSdgGRZxfF5OodxM/b3+xxBe6CXqi5yYVeNf/Op/lH/5baX6LUQCYHSNPXPHMstFYQm9QBwn6rA2aOYXojRehYwj8ymQo0wJ0TgVtGHDu+ODhTiPjZV1Mm7vVkucl63FLCDe7odIAgNVMBRInDbGYhKmA+I7To1gU" + } + } + ], + "regexManagers": [ + { + "fileMatch": [".*\\.ya?ml$"], + "matchStrings": [ + "# renovate: datasource=helm\n .*- name: (?.*?)\n *url: (?.*?)\n *version: (?.*)\n" + ], + "datasourceTemplate": "helm", + "extractVersionTemplate": "{{#if extractVersion}}{{{extractVersion}}}{{else}}^(?.*)${{/if}}" + }, + { + "fileMatch": [".*\\.ya?ml$"], + "matchStrings": [ + "# renovate: datasource=(?.*?) depName=(?.*?)( versioning=(?.*?))?( extractVersion=(?.*?))?( registryUrl=(?.*?))?\\s.*?:\\s*['\"]?(?.*?)['\"]?\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver-coerced{{/if}}", + "extractVersionTemplate": "{{#if extractVersion}}{{{extractVersion}}}{{else}}^(?.*)${{/if}}" + }, + { + "fileMatch": [".*\\.ya?ml$"], + "matchStrings": [ + "# renovate: zarf-uri datasource=github-tags depName=(?.*?)( versioning=(?.*?))?\\s.*?uri: ['\"]https:\\/\\/github.com\\/defenseunicorns\\/zarf\\/releases\\/download\\/(?.*)\\/zarf_.*_Linux_amd64['\"]", + "# renovate: zarf-uri datasource=github-tags depName=(?.*?)( versioning=(?.*?))?\\s.*?uri: ['\"]https:\\/\\/github.com\\/defenseunicorns\\/zarf\\/releases\\/download\\/.*\\/zarf_(?.*)_Linux_amd64['\"]" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver-coerced{{/if}}", + "datasourceTemplate": "github-tags" + }, + { + "fileMatch": [".*\/?zarf\\.ya?ml$"], + "matchStrings": [ + "-\\s+['\"](?[^:]+):(?.*)['\"]" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver-coerced{{/if}}", + "datasourceTemplate": "docker", + "extractVersionTemplate": "{{#if extractVersion}}{{{extractVersion}}}{{else}}^(?.*)${{/if}}" + }, + { + "fileMatch": ["^Makefile$"], + "matchStrings": [ + "renovate: datasource=(?.*?) depName=(?.*?)( versioning=(?.*?))?( extractVersion=(?.*?))?( registryUrl=(?.*?))?\\s.*?=\\s*['\"]?(?.*?)['\"]?\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver-coerced{{/if}}", + "extractVersionTemplate": "{{#if extractVersion}}{{{extractVersion}}}{{else}}^(?.*)${{/if}}" + } + ], + "packageRules": [ + { + "matchManagers": ["terraform"], + "matchDepTypes": ["module"], + "matchDatasources": ["github-tags", "git-tags"], + "versioning": "loose" + }, + { + "matchPackagePatterns": ["big-bang/.*"], + "matchDatasources": ["gitlab-tags"], + "allowedVersions": "!/^v.*$/" + } + ] +} diff --git a/test/values-gitlab.yaml b/test/values-gitlab.yaml deleted file mode 100644 index 3fde18e..0000000 --- a/test/values-gitlab.yaml +++ /dev/null @@ -1,159 +0,0 @@ -# hostname is deprecated and replaced with domain. But if hostname exists then use it. -hostname: bigbang.dev -domain: bigbang.dev - -# Define variables to help with conditionals later - -openshift: false - -istio: - enabled: true - injection: enabled - gitlab: - gateways: - - istio-system/tenant - registry: - gateways: - - istio-system/tenant - -monitoring: - enabled: true - -networkPolicies: - enabled: true - ingressLabels: - app: tenant-ingressgateway - istio: null - controlPlaneCidr: 0.0.0.0/0 -redis: - metrics: - serviceMonitor: - enabled: true - namespace: gitlab - master: - podAnnotations: - bigbang.dev/istioVersion: 1.17.2 - slave: - podAnnotations: - bigbang.dev/istioVersion: 1.17.2 -postgresql: - master: - podAnnotations: - bigbang.dev/istioVersion: 1.17.2 - slave: - podAnnotations: - bigbang.dev/istioVersion: 1.17.2 -registry: - annotations: - bigbang.dev/istioVersion: 1.17.2 - metrics: - serviceMonitor: - endpointConfig: - scheme: https - tlsConfig: - caFile: /etc/prom-certs/root-cert.pem - certFile: /etc/prom-certs/cert-chain.pem - keyFile: /etc/prom-certs/key.pem - insecureSkipVerify: true # Prometheus does not support Istio security naming, thus skip verifying target pod certificate - -gitlab: - toolbox: - annotations: - bigbang.dev/istioVersion: 1.17.2 - gitlab-exporter: - enabled: true - metrics: - annotations: - bigbang.dev/istioVersion: 1.17.2 - serviceMonitor: - endpointConfig: - scheme: https - tlsConfig: - caFile: /etc/prom-certs/root-cert.pem - certFile: /etc/prom-certs/cert-chain.pem - keyFile: /etc/prom-certs/key.pem - insecureSkipVerify: true # Prometheus does not support Istio security naming, thus skip verifying target pod certificate - webservice: - metrics: - serviceMonitor: - endpointConfig: - scheme: https - tlsConfig: - caFile: /etc/prom-certs/root-cert.pem - certFile: /etc/prom-certs/cert-chain.pem - keyFile: /etc/prom-certs/key.pem - insecureSkipVerify: true # Prometheus does not support Istio security naming, thus skip verifying target pod certificate - workhorse: - metrics: - serviceMonitor: - endpointConfig: - scheme: https - tlsConfig: - caFile: /etc/prom-certs/root-cert.pem - certFile: /etc/prom-certs/cert-chain.pem - keyFile: /etc/prom-certs/key.pem - insecureSkipVerify: true # Prometheus does not support Istio security naming, thus skip verifying target pod certificate - annotations: - bigbang.dev/istioVersion: 1.17.2 - sidekiq: - annotations: - bigbang.dev/istioVersion: 1.17.2 - migrations: - annotations: - bigbang.dev/istioVersion: 1.17.2 - gitaly: - annotations: - bigbang.dev/istioVersion: 1.17.2 - metrics: - serviceMonitor: - endpointConfig: - scheme: https - tlsConfig: - caFile: /etc/prom-certs/root-cert.pem - certFile: /etc/prom-certs/cert-chain.pem - keyFile: /etc/prom-certs/key.pem - insecureSkipVerify: true # Prometheus does not support Istio security naming, thus skip verifying target pod certificate - gitlab-shell: - annotations: - bigbang.dev/istioVersion: 1.17.2 - metrics: - serviceMonitor: - endpointConfig: - scheme: https - tlsConfig: - caFile: /etc/prom-certs/root-cert.pem - certFile: /etc/prom-certs/cert-chain.pem - keyFile: /etc/prom-certs/key.pem - insecureSkipVerify: true # Prometheus does not support Istio security naming, thus skip verifying target pod certificate - - praefect: - annotations: - bigbang.dev/istioVersion: 1.17.2 - gitlab-grafana: - annotations: - bigbang.dev/istioVersion: 1.17.2 -shared-secrets: - annotations: - bigbang.dev/istioVersion: 1.17.2 -minio: - podAnnotations: - bigbang.dev/istioVersion: 1.17.2 - -global: - - # added to help with Gitlab sub-chart configuration - image: - pullPolicy: IfNotPresent - - istio: - enabled: true - injection: enabled - - hosts: - domain: bigbang.dev - - gitlab: - name: gitlab.bigbang.dev - - registry: - name: registry.bigbang.dev diff --git a/zarf.yaml b/zarf.yaml index bd6c510..e4f1a73 100644 --- a/zarf.yaml +++ b/zarf.yaml @@ -31,9 +31,10 @@ components: autoIndent: true sensitive: true charts: + # renovate: datasource=helm - name: flux-app - version: 1.0.5 url: https://defenseunicorns.github.io/uds-support-charts/ + version: 1.0.5 namespace: gitlab valuesFiles: - gitlab-flux-values.yaml