diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 09eec68..c99367b 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -1,50 +1,39 @@ { - $schema: 'https://docs.renovatebot.com/renovate-schema.json', - extends: [ - 'config:recommended', - ':dependencyDashboard', + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:recommended", + "docker:enableMajor", + "replacements:k8s-registry-move", + ":automergePr", + ":automergePatch", + ":disableRateLimiting", + ":dependencyDashboard", + ":semanticCommits", + ":timezone(Europe/Paris)", + "github>m0nsterrr/helm-charts//.github/renovate/labels.json5", ], - dependencyDashboardAutoclose: true, - automergeType: 'pr', - platformAutomerge: true, - rebaseWhen: 'conflicted', - timezone: 'Europe/Paris', - schedule: [ - 'before 9pm on friday', - ], - prConcurrentLimit: 0, - prHourlyLimit: 0, - terragrunt: { - enabled: false, + "lockFileMaintenance": { + "enabled": true, }, - labels: [ - 'dependencies', + "dependencyDashboardTitle": "Renovate Dashboard 🤖", + "suppressNotifications": ["prEditedNotification", "prIgnoreNotification"], + "rebaseWhen": "conflicted", + "schedule": [ + "before 9pm on friday", ], - vulnerabilityAlerts: { - enabled: true, - labels: [ - 'security', - ], - }, - patch: { - automerge: true, - }, - pin: { - automerge: true, - }, - 'pre-commit': { - enabled: true, - }, - customManagers: [ + "labels": [ + "dependencies", + ], + "customManagers": [ { - customType: 'regex', - fileMatch: [ - '(^|/)Chart\\.yaml$', + "customType": "regex", + "fileMatch": [ + "(^|/)Chart\\.yaml$", ], - matchStrings: [ + "matchStrings": [ '#\\s+image:\\s+(?\\S*)\nappVersion:\\s+"(?\\S*)"', ], - datasourceTemplate: 'docker', + "datasourceTemplate": "docker", }, ], } diff --git a/.github/renovate/labels.json5 b/.github/renovate/labels.json5 new file mode 100755 index 0000000..35c7951 --- /dev/null +++ b/.github/renovate/labels.json5 @@ -0,0 +1,25 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "packageRules": [ + { + "matchDatasources": ["helm"], + "addLabels": ["renovate/helm"] + }, + { + "matchUpdateTypes": ["major"], + "labels": ["type/major"] + }, + { + "matchUpdateTypes": ["minor"], + "labels": ["type/minor"] + }, + { + "matchUpdateTypes": ["patch"], + "labels": ["type/patch"] + }, + { + "matchUpdateTypes": ["digest"], + "labels": ["type/digest"] + }, + ] +} \ No newline at end of file diff --git a/.github/workflows/releases.yml b/.github/workflows/releases.yml index 9517471..df7a20e 100644 --- a/.github/workflows/releases.yml +++ b/.github/workflows/releases.yml @@ -10,6 +10,8 @@ jobs: permissions: contents: write packages: write + outputs: + has_artifacts: ${{ steps.check-artifacts.outputs.has_artifacts }} steps: - name: Checkout uses: actions/checkout@v4 @@ -25,8 +27,17 @@ jobs: config: "./cr.yaml" env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + - name: Check if artifacts exist + id: check-artifacts + run: | + if ls .cr-release-packages/* >/dev/null 2>&1; then + echo "has_artifacts=true" >> $GITHUB_OUTPUT + else + echo "has_artifacts=false" >> $GITHUB_OUTPUT + fi - name: Upload artifacts uses: actions/upload-artifact@v4 + if: steps.check-artifacts.outputs.has_artifacts == 'true' with: name: artifacts path: .cr-release-packages/ @@ -38,6 +49,7 @@ jobs: packages: write # needed for pushing to github registry id-token: write # needed for signing the images with GitHub OIDC Token needs: [publish-gh-pages] + if: needs.publish-gh-pages.outputs.has_artifacts == 'true' steps: - name: Install Cosign uses: sigstore/cosign-installer@v3