merge from main

.whitesource

@@ -0,0 +1,8 @@
+{
+  "remediateSettings": {
+    "workflowRules": {
+      "enabled": false
+    },
+    "enableRenovate": false
+  }
+}

docs/README.md

@@ -4,6 +4,16 @@ This repository provides documentation specific to Mend Renovate Community Editi
 
 Mend Renovate CE was formerly known as "Mend Renovate On-Premises".
 
+## Supported platforms
+
+The following platforms are supported by Mend Renovate Community Edition and Enterprise Edition:
+- GitHub.com
+- GitHub Enterprise Server
+- GitLab Enterprise Edition
+- Bitbucket Server/Datacenter (in beta)
+
+## Documentation contents
+
 1. [Overview](./overview.md)
 1. Installation ([Helm](./installation-helm.md))
 1. Configuration

docs/configure-postgres-db.md

@@ -2,14 +2,15 @@
 
 To configure renovate to use a PostgreSQL database, the following environment variables should be supplied to the Server containers (not required for Worker environment config).
 
-| Environment variable name  | Description                                             |
-|----------------------------|---------------------------------------------------------|
-| MEND_RNV_DATA_HANDLER_TYPE | Set to ‘postgresql’ to use a PostgreSQL database        |
-| PGDATABASE                 | Name of the database instance. Eg. ‘postgres’           |
-| PGUSER                     | Postgres User name. Must have Create Schema permission. |
-| PGPASSWORD                 | Postgres User password                                  |
-| PGHOST                     | Host name of the PostgreSQL instance                    |
-| PGPORT                     | Host Port for the PostgreSQL instance                   |
+| Environment variable name      | Description                                                   |
+|--------------------------------|---------------------------------------------------------------|
+| MEND_RNV_DATA_HANDLER_TYPE     | Set to ‘postgresql’ to use a PostgreSQL database              |
+| MEND_RNV_POSTGRES_SSL_PEM_PATH | The `.pem` file location in the container for SSL connection  |
+| PGDATABASE                     | Name of the database instance. Eg. ‘postgres’                 |
+| PGUSER                         | Postgres User name. Must have Create Schema permission.       |
+| PGPASSWORD                     | Postgres User password                                        |
+| PGHOST                         | Host name of the PostgreSQL instance                          |
+| PGPORT                         | Host Port for the PostgreSQL instance                         |
 
 **Note:** DB size is related to the number of repositories installed for Renovate.
 

examples/README.md

@@ -0,0 +1,42 @@
+# Mend Renovate - Example Configuration Files
+
+To get started with Mend Renovate Community Edition or Enterprise Edition, you can use the examples provided in this repository.
+
+There are Docker Compose files created for:
+- Mend Renovate Community Edition
+- Mend Renovate Enterprise Edition
+
+See the [helm-charts](../helm-charts) folder for examples of using Helm Charts.
+
+## Example Docker Compose files
+
+### Mend Renovate Community Edition
+
+| File                                                                | Description                                                                                                                                                               | Containers created                                                                  |
+|---------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------|
+| [renovate-ce-github.yml](docker-compose/renovate-ce-github.yml)     | Starts a single container for Mend Renovate Community Edition.                                                                                                            | <li>1 x Mend Renovate CE container</li>            |
+| [renovate-ce-postgres.yml](docker-compose/renovate-ce-postgres.yml) | Starts a single container for Mend Renovate Community Edition.<li>Uses network accessible PostgreSQL DB</li><br/><br/>Requires additional files: <li>[pgAdmin Dockerfile](dockerfiles/pgadmin/Dockerfile)</li> | <li>1 x Mend Renovate CE</li><li>Postgres DB</li><li>Postgres Web UI (pgAdmin)</li> |
+
+### Mend Renovate Enterprise Edition
+
+| File                                                                                    | Description                                                                                                                                                                                                                                                                                                                                                 | Containers created                                                                                                                                               |
+|-----------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| [renovate-ee-simple.yml](docker-compose/renovate-ee-simple.yml)                         | Starts containers for Mend Renovate Enterprise Edition.<br/><li>Runs a single Server with multiple Worker containers.</li><li>Uses internal SQLite DB.                                                                                                                                                                                                      | <li>1 x Renovate EE Server </li><li>2 x Renovate EE Workers</li>                                                                                                 |
+| [renovate-ee-server-ha-postgres.yml](docker-compose/renovate-ee-server-ha-postgres.yml) | Starts containers for Mend Renovate Enterprise Edition.<br/><li>Runs with multiple Server containers.</li><li>Uses network accessible PostgreSQL DB</li><li>APIs enabled</li><li>Job logs written to mounted volume</li><br/><br/>Requires additional files: <li>[NGINX conf file](conf/nginx.conf)<li>[pgAdmin Dockerfile](dockerfiles/pgadmin/Dockerfile) | <li>2 x Renovate EE Servers</li><li>2 x Renovate EE Workers</li><li>NGINX load balancer (for Servers)</li><li>Postgres DB</li><li>Postgres Web UI (pgAdmin)</li> |
+
+## Example Env files
+
+Instead of having all Server and Worker environment variables defined in the Docker Compose files, variables can be defined in separate env files and referenced from the Docker Compose file in the 'env_file' section.
+One primary reason to do this is to separate license keys and access tokens from the other files that are committed to source code.
+Another reason is to manage swapping between different running environments and targets.
+
+The [env directory](env) provides some templates for environment variables required to run Mend Renovate and connect to the supported platforms.<br/>
+Check the [docs directory](../docs) for information about additional variables and options.
+
+### Env file templates
+
+| File              | Description                                                                                  |
+|-------------------|----------------------------------------------------------------------------------------------|
+| mend-renovate.env | Env vars associated with the Mend Renovate application. Includes License key and API secret. |
+| github.env        | Env vars for connecting Mend Renovate to a Renovate App on GitHub                            |
+| gitlab.env        | Env vars for connecting Mend Renovate to a Renovate Bot user account on GitLab               |

examples/conf/nginx.conf

@@ -0,0 +1,21 @@
+# nginx.conf
+
+user  nginx;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    server {
+        listen 4000;
+
+        location / {
+            proxy_pass http://rnv-ee-server:8080;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+    }
+}

examples/docker-compose/renovate-ce-github.yml

@@ -0,0 +1,42 @@
+version: "3.6"
+
+## Title: Renovate CE with SQLite DB
+## Description: This example Docker Compose file starts a single container for Mend Renovate Community Edition.
+## Details: Creates 1 x Mend Renovate CE container that acts as Server and Worker.
+
+services:
+  renovate-ce:
+    # Check latest version here: https://github.com/mend/renovate-ce-ee/pkgs/container/renovate-ce
+    image: ghcr.io/mend/renovate-ce:<latest-version>
+    ports:
+      # Note: Set MEND_RNV_SERVER_PORT to match internal port. (Defaults to 8080)
+      - "80:8080"  # "[external]:[internal]" Receive APIs and Webhooks on external port
+    environment:
+      # Optional: Enable debug logging for verbose output
+      LOG_LEVEL: debug  # Defaults to 'info'
+      # LOG_FORMAT: json  # Defaults to 'pretty'. Useful when importing logs to reporting tool (eg. Splunk).
+
+      # Provide a license key and accept the Terms of Service
+      MEND_RNV_LICENSE_KEY: # Get Community Edition license key from https://www.mend.io/renovate-community/
+      MEND_RNV_ACCEPT_TOS: # Set to 'Y' to accept Terms of Service
+      # Provide connection details for the GitHub App
+      # Available at: https://github.com/settings/apps/<your-renovate-app>
+      MEND_RNV_PLATFORM: github
+      MEND_RNV_GITHUB_APP_ID: # App ID
+      MEND_RNV_GITHUB_APP_KEY: # Private key
+      # MEND_RNV_WEBHOOK_SECRET: # Webhook secret (Defaults to 'renovate')
+
+      # Mend Renovate Application settings (Optional)
+      # MEND_RNV_ADMIN_API_ENABLED: true  # Enable incoming API calls. Must set MEND_RNV_SERVER_API_SECRET.
+      # MEND_RNV_SERVER_API_SECRET: abc123 # Required to enable APIs
+      # MEND_RNV_LOG_HISTORY_DIR: /logs  # Persist Renovate job logs - organized by org/rep/timestamp. Enable volume mount!
+      # MEND_RNV_SQLITE_FILE_PATH: /db/renovate-ce.sqlite  # Persist database to file. Enable volume mount! (Defaults to '/tmp/database.sqlite')
+      # MEND_RNV_ENQUEUE_JOBS_ON_STARTUP: disabled  # Options: 'enabled', 'disabled', 'discovered' (default)
+      # MEND_RNV_AUTODISCOVER_FILTER: org1/*, org2/test* # Renovate will only run on these repos
+
+    # Enable volumes if persisting the application database or Renovate job logs
+    # volumes:
+    # Tip: Create folders in advance to avoid permission issues (ie. when Renovate CLI tries to write logs)
+    #   - /tmp/renovate/job-logs:/logs   # Unix version
+    #   - C:\tmp\renovate\job-logs:/logs  # Windows version
+    #   - C:\tmp\renovate\db:/db

examples/docker-compose/renovate-ce-postgres.yml

@@ -0,0 +1,75 @@
+version: "3.6"
+
+## Title: Renovate CE with SQLite DB
+## Description: This example Docker Compose file starts a single container for Mend Renovate Community Edition.
+## Details: Creates 1 x Mend Renovate CE container that acts as Server and Worker.
+
+services:
+  renovate-ce:
+    # Check latest version here: https://github.com/mend/renovate-ce-ee/pkgs/container/renovate-ce
+    image: ghcr.io/mend/renovate-ce:<latest-version>
+    depends_on:
+      - postgres-database
+    ports:
+      # Note: Set MEND_RNV_SERVER_PORT to match internal port. (Defaults to 8080)
+      - "80:8080"  # "[external]:[internal]" Receive APIs and Webhooks on external port
+    environment:
+      # Optional: Enable debug logging for verbose output
+      LOG_LEVEL: debug  # Defaults to 'info'
+      # LOG_FORMAT: json  # Defaults to 'pretty'. Useful when importing logs to reporting tool (eg. Splunk).
+
+      # Provide a license key and accept the Terms of Service
+      MEND_RNV_LICENSE_KEY: # Get Community Edition license key from https://www.mend.io/renovate-community/
+      MEND_RNV_ACCEPT_TOS: # Set to 'Y' to accept Terms of Service
+      # Provide connection details for the GitHub App
+      # Available at: https://github.com/settings/apps/<your-renovate-app>
+      MEND_RNV_PLATFORM: github
+      MEND_RNV_GITHUB_APP_ID: # App ID
+      MEND_RNV_GITHUB_APP_KEY: # Private key
+      # MEND_RNV_WEBHOOK_SECRET: # Webhook secret (Defaults to 'renovate')
+
+      # Mend Renovate Application settings (Optional)
+      # MEND_RNV_ADMIN_API_ENABLED: true  # Enable incoming API calls. Must set MEND_RNV_SERVER_API_SECRET.
+      # MEND_RNV_SERVER_API_SECRET: abc123 # Required to enable APIs
+      # MEND_RNV_LOG_HISTORY_DIR: /logs  # Persist Renovate job logs - organized by org/rep/timestamp. Enable volume mount!
+      # MEND_RNV_ENQUEUE_JOBS_ON_STARTUP: disabled  # Options: 'enabled', 'disabled', 'discovered' (default)
+      # MEND_RNV_AUTODISCOVER_FILTER: org1/*, org2/test* # Renovate will only run on these repos
+
+      # Connection details to the Postgres DB
+      MEND_RNV_DATA_HANDLER_TYPE: postgresql
+      PGDATABASE: postgres
+      PGUSER: postgres
+      PGPASSWORD: password
+      PGHOST: postgres-database
+      PGPORT: 5432
+
+    # Enable volumes if persisting Renovate job logs
+    # volumes:
+      # Tip: Create folders in advance to avoid permission issues (ie. when Renovate CLI tries to write logs)
+      # - /tmp/renovate/job-logs:/logs   # Unix version
+      # - C:\tmp\renovate\job-logs:/logs  # Windows version
+
+  ## Postgres Database - used for persisting data held by Mend Renovate about jobs and repos
+  postgres-database:
+    restart: always
+    image: postgres:16.1-alpine3.17
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: password
+    ports:
+      - "5432:5432"
+
+  ## [Optional] Postgres Web Frontend (pgAdmin)
+  ## View the database contents via URL: http://localhost:5050/ with user/pwd as defined below
+  ## Note! pgAdmin requires 'Dockerfile' file (available in 'dockerfiles/pgadmin' directory).
+  pgadmin:
+    restart: unless-stopped
+    build:
+      context: ../dockerfiles/pgadmin
+      dockerfile: Dockerfile
+    depends_on:
+      - postgres-database
+    ports:
+      - "5050:5050"
+    environment:
+      - PGADMIN_LISTEN_PORT=5050

examples/docker-compose/renovate-ee-server-ha-postgres.yml

@@ -0,0 +1,118 @@
+version: "3.4"
+
+## Title: Renovate Enterprise High Availability Server with Postgres DB
+## Description: This example Docker Compose file starts containers for Mend Renovate Enterprise Edition.
+## Details: Creates 2 x Servers, 2 x Workers, Nginx load balancer (for Servers), Postgres DB, Postgres Web UI (PGAdmin)
+
+## Shared variables - used in both Server and Worker
+x-shared-variables: &shared_variables
+  MEND_RNV_SERVER_HOSTNAME: http://nginx:4000  # Server URL. Use URL of load balancer if there are multiple Servers.
+
+  ## Mend-Renovate essential variables
+  MEND_RNV_LICENSE_KEY: # Enterprise licence key. Get License key from Mend.io
+  MEND_RNV_ACCEPT_TOS: # Set to 'Y' to accept Terms of Service
+  MEND_RNV_SERVER_API_SECRET: abc123 # Required on Server and Worker for internal communication
+
+## Server variables
+x-server-variables: &server_variables
+  # Enable Merge Confidence package rules
+  MEND_RNV_MC_TOKEN: auto # Provide token or set to 'auto'
+
+  # Renovate App connection details (eg. GitHub, GitLab, Bitbucket)
+  # GitHub configuration variables provided below for convenience.
+  # See Renovate-CE-EE documentation for connection details for all platforms.
+  # MEND_RNV_PLATFORM: github
+  # MEND_RNV_GITHUB_APP_ID: # App ID
+  # MEND_RNV_GITHUB_APP_KEY: # Private key
+  # MEND_RNV_WEBHOOK_SECRET: # Webhook secret (Defaults to 'renovate')
+
+  ## Mend Renovate Application settings
+  MEND_RNV_ADMIN_API_ENABLED: true  # Enable incoming API calls
+  MEND_RNV_LOG_HISTORY_DIR: /logs  # Write Renovate job logs to file. Enable volume mount on Server and Worker!
+  MEND_RNV_ENQUEUE_JOBS_ON_STARTUP: disabled  # Options: 'enabled', 'disabled', 'discovered' (default)
+  # MEND_RNV_AUTODISCOVER_FILTER: org1/*, org2/test* # Renovate will only run on these repos
+
+services:
+
+  ## Scaling Server and Worker instances after initial deployment
+  # To increase or decrease Server or Worker instances, run the following command (replace values as appropriate):
+  # $ docker-compose -f renovate-ee-server-ha-postgres.yml up --scale rnv-ee-server=3 --scale rnv-ee-worker=4 -d --no-recreate
+  # Note: Always specify both Server and Worker scaling. Whichever is unspecified will be re-scaled to its original value.
+
+  ## Renovate Server containers
+  rnv-ee-server:
+    # Check latest version here: https://github.com/mend/renovate-ce-ee/pkgs/container/renovate-ee-server
+    image: ghcr.io/mend/renovate-ee-server:<latest-version>
+    deploy:
+      replicas: 2
+    depends_on:
+      - postgres-database
+    ports:
+      - "8080"  # Must match MEND_RNV_SERVER_PORT, plus 'proxy_pass' in nginx.conf
+    environment:
+      <<: [*shared_variables, *server_variables]
+      LOG_LEVEL: debug  # Defaults to 'info'
+      # LOG_FORMAT: json  # Defaults to 'pretty'
+      ## Network DB settings (Postgres)
+      MEND_RNV_DATA_HANDLER_TYPE: postgresql
+      PGDATABASE: postgres
+      PGUSER: postgres
+      PGPASSWORD: password
+      PGHOST: postgres-database
+      PGPORT: 5432
+    volumes:
+#      - /tmp/renovate/job-logs:/logs   # Unix version
+      - C:\tmp\renovate\job-logs:/logs  # Windows version
+
+  ## Renovate Worker containers
+  rnv-ee-worker:
+    # Check latest version here: https://github.com/mend/renovate-ce-ee/pkgs/container/renovate-ee-worker
+    image: ghcr.io/mend/renovate-ee-worker:<latest-version>
+    deploy:
+      replicas: 2
+    depends_on:
+      - rnv-ee-server
+    environment:
+      <<: *shared_variables
+      LOG_LEVEL: debug  # Defaults to 'info'
+      # LOG_FORMAT: json  # Defaults to 'pretty'
+    volumes:
+#      - /tmp/renovate/job-logs:/logs   # Unix version
+      - C:\tmp\renovate\job-logs:/logs  # Windows version
+
+  ## Load balancer for Renovate Server containers
+  ## Will balance traffic sent to http://localhost:4000/ between Renovate Server instances (rnv-ee-server)
+  ## Note! Requires 'nginx.conf' file (available in 'conf' directory).
+  nginx:
+    image: nginx:1.25.3
+    volumes:
+      - ../conf/nginx.conf:/etc/nginx/nginx.conf:ro
+    depends_on:
+      - rnv-ee-server
+    ports:
+      - "4000:4000"
+
+  ## Postgres Database - used for persisting data held by Mend Renovate about jobs and repos
+  postgres-database:
+    restart: always
+    image: postgres:16.1-alpine3.17
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: password
+    ports:
+      - "5432:5432"
+
+  ## [Optional] Postgres Web Frontend (pgAdmin)
+  ## View the database contents via URL: http://localhost:5050/ with user/pwd as defined below
+  ## Note! pgAdmin requires 'Dockerfile' file (available in 'dockerfiles/pgadmin' directory).
+  pgadmin:
+    restart: unless-stopped
+    build:
+      context: ../dockerfiles/pgadmin
+      dockerfile: Dockerfile
+    depends_on:
+      - postgres-database
+    ports:
+      - "5050:5050"
+    environment:
+      - PGADMIN_LISTEN_PORT=5050