diff --git a/.whitesource b/.whitesource
new file mode 100644
index 00000000..2554be2d
--- /dev/null
+++ b/.whitesource
@@ -0,0 +1,8 @@
+{
+ "remediateSettings": {
+ "workflowRules": {
+ "enabled": false
+ },
+ "enableRenovate": false
+ }
+}
diff --git a/docs/README.md b/docs/README.md
index 9242c007..0f1fd1be 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -4,6 +4,16 @@ This repository provides documentation specific to Mend Renovate Community Editi
Mend Renovate CE was formerly known as "Mend Renovate On-Premises".
+## Supported platforms
+
+The following platforms are supported by Mend Renovate Community Edition and Enterprise Edition:
+- GitHub.com
+- GitHub Enterprise Server
+- GitLab Enterprise Edition
+- Bitbucket Server/Datacenter (in beta)
+
+## Documentation contents
+
1. [Overview](./overview.md)
1. Installation ([Helm](./installation-helm.md))
1. Configuration
diff --git a/docs/configure-postgres-db.md b/docs/configure-postgres-db.md
index 29f936fe..e78af5aa 100644
--- a/docs/configure-postgres-db.md
+++ b/docs/configure-postgres-db.md
@@ -2,14 +2,15 @@
To configure renovate to use a PostgreSQL database, the following environment variables should be supplied to the Server containers (not required for Worker environment config).
-| Environment variable name | Description |
-|----------------------------|---------------------------------------------------------|
-| MEND_RNV_DATA_HANDLER_TYPE | Set to ‘postgresql’ to use a PostgreSQL database |
-| PGDATABASE | Name of the database instance. Eg. ‘postgres’ |
-| PGUSER | Postgres User name. Must have Create Schema permission. |
-| PGPASSWORD | Postgres User password |
-| PGHOST | Host name of the PostgreSQL instance |
-| PGPORT | Host Port for the PostgreSQL instance |
+| Environment variable name | Description |
+|--------------------------------|---------------------------------------------------------------|
+| MEND_RNV_DATA_HANDLER_TYPE | Set to ‘postgresql’ to use a PostgreSQL database |
+| MEND_RNV_POSTGRES_SSL_PEM_PATH | The `.pem` file location in the container for SSL connection |
+| PGDATABASE | Name of the database instance. Eg. ‘postgres’ |
+| PGUSER | Postgres User name. Must have Create Schema permission. |
+| PGPASSWORD | Postgres User password |
+| PGHOST | Host name of the PostgreSQL instance |
+| PGPORT | Host Port for the PostgreSQL instance |
**Note:** DB size is related to the number of repositories installed for Renovate.
diff --git a/examples/README.md b/examples/README.md
new file mode 100644
index 00000000..13aaed19
--- /dev/null
+++ b/examples/README.md
@@ -0,0 +1,42 @@
+# Mend Renovate - Example Configuration Files
+
+To get started with Mend Renovate Community Edition or Enterprise Edition, you can use the examples provided in this repository.
+
+There are Docker Compose files created for:
+- Mend Renovate Community Edition
+- Mend Renovate Enterprise Edition
+
+See the [helm-charts](../helm-charts) folder for examples of using Helm Charts.
+
+## Example Docker Compose files
+
+### Mend Renovate Community Edition
+
+| File | Description | Containers created |
+|---------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------|
+| [renovate-ce-github.yml](docker-compose/renovate-ce-github.yml) | Starts a single container for Mend Renovate Community Edition. | 1 x Mend Renovate CE container |
+| [renovate-ce-postgres.yml](docker-compose/renovate-ce-postgres.yml) | Starts a single container for Mend Renovate Community Edition.Uses network accessible PostgreSQL DB
Requires additional files: [pgAdmin Dockerfile](dockerfiles/pgadmin/Dockerfile) | 1 x Mend Renovate CEPostgres DBPostgres Web UI (pgAdmin) |
+
+### Mend Renovate Enterprise Edition
+
+| File | Description | Containers created |
+|-----------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| [renovate-ee-simple.yml](docker-compose/renovate-ee-simple.yml) | Starts containers for Mend Renovate Enterprise Edition.
Runs a single Server with multiple Worker containers.Uses internal SQLite DB. | 1 x Renovate EE Server 2 x Renovate EE Workers |
+| [renovate-ee-server-ha-postgres.yml](docker-compose/renovate-ee-server-ha-postgres.yml) | Starts containers for Mend Renovate Enterprise Edition.
Runs with multiple Server containers.Uses network accessible PostgreSQL DBAPIs enabledJob logs written to mounted volume
Requires additional files: [NGINX conf file](conf/nginx.conf)[pgAdmin Dockerfile](dockerfiles/pgadmin/Dockerfile) | 2 x Renovate EE Servers2 x Renovate EE WorkersNGINX load balancer (for Servers)Postgres DBPostgres Web UI (pgAdmin) |
+
+## Example Env files
+
+Instead of having all Server and Worker environment variables defined in the Docker Compose files, variables can be defined in separate env files and referenced from the Docker Compose file in the 'env_file' section.
+One primary reason to do this is to separate license keys and access tokens from the other files that are committed to source code.
+Another reason is to manage swapping between different running environments and targets.
+
+The [env directory](env) provides some templates for environment variables required to run Mend Renovate and connect to the supported platforms.
+Check the [docs directory](../docs) for information about additional variables and options.
+
+### Env file templates
+
+| File | Description |
+|-------------------|----------------------------------------------------------------------------------------------|
+| mend-renovate.env | Env vars associated with the Mend Renovate application. Includes License key and API secret. |
+| github.env | Env vars for connecting Mend Renovate to a Renovate App on GitHub |
+| gitlab.env | Env vars for connecting Mend Renovate to a Renovate Bot user account on GitLab |
\ No newline at end of file
diff --git a/examples/conf/nginx.conf b/examples/conf/nginx.conf
new file mode 100644
index 00000000..89b34766
--- /dev/null
+++ b/examples/conf/nginx.conf
@@ -0,0 +1,21 @@
+# nginx.conf
+
+user nginx;
+
+events {
+ worker_connections 1024;
+}
+
+http {
+ server {
+ listen 4000;
+
+ location / {
+ proxy_pass http://rnv-ee-server:8080;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ }
+ }
+}
diff --git a/examples/docker-compose/renovate-ce-github.yml b/examples/docker-compose/renovate-ce-github.yml
new file mode 100644
index 00000000..fa76090c
--- /dev/null
+++ b/examples/docker-compose/renovate-ce-github.yml
@@ -0,0 +1,42 @@
+version: "3.6"
+
+## Title: Renovate CE with SQLite DB
+## Description: This example Docker Compose file starts a single container for Mend Renovate Community Edition.
+## Details: Creates 1 x Mend Renovate CE container that acts as Server and Worker.
+
+services:
+ renovate-ce:
+ # Check latest version here: https://github.com/mend/renovate-ce-ee/pkgs/container/renovate-ce
+ image: ghcr.io/mend/renovate-ce:
+ ports:
+ # Note: Set MEND_RNV_SERVER_PORT to match internal port. (Defaults to 8080)
+ - "80:8080" # "[external]:[internal]" Receive APIs and Webhooks on external port
+ environment:
+ # Optional: Enable debug logging for verbose output
+ LOG_LEVEL: debug # Defaults to 'info'
+ # LOG_FORMAT: json # Defaults to 'pretty'. Useful when importing logs to reporting tool (eg. Splunk).
+
+ # Provide a license key and accept the Terms of Service
+ MEND_RNV_LICENSE_KEY: # Get Community Edition license key from https://www.mend.io/renovate-community/
+ MEND_RNV_ACCEPT_TOS: # Set to 'Y' to accept Terms of Service
+ # Provide connection details for the GitHub App
+ # Available at: https://github.com/settings/apps/
+ MEND_RNV_PLATFORM: github
+ MEND_RNV_GITHUB_APP_ID: # App ID
+ MEND_RNV_GITHUB_APP_KEY: # Private key
+ # MEND_RNV_WEBHOOK_SECRET: # Webhook secret (Defaults to 'renovate')
+
+ # Mend Renovate Application settings (Optional)
+ # MEND_RNV_ADMIN_API_ENABLED: true # Enable incoming API calls. Must set MEND_RNV_SERVER_API_SECRET.
+ # MEND_RNV_SERVER_API_SECRET: abc123 # Required to enable APIs
+ # MEND_RNV_LOG_HISTORY_DIR: /logs # Persist Renovate job logs - organized by org/rep/timestamp. Enable volume mount!
+ # MEND_RNV_SQLITE_FILE_PATH: /db/renovate-ce.sqlite # Persist database to file. Enable volume mount! (Defaults to '/tmp/database.sqlite')
+ # MEND_RNV_ENQUEUE_JOBS_ON_STARTUP: disabled # Options: 'enabled', 'disabled', 'discovered' (default)
+ # MEND_RNV_AUTODISCOVER_FILTER: org1/*, org2/test* # Renovate will only run on these repos
+
+ # Enable volumes if persisting the application database or Renovate job logs
+ # volumes:
+ # Tip: Create folders in advance to avoid permission issues (ie. when Renovate CLI tries to write logs)
+ # - /tmp/renovate/job-logs:/logs # Unix version
+ # - C:\tmp\renovate\job-logs:/logs # Windows version
+ # - C:\tmp\renovate\db:/db
diff --git a/examples/docker-compose/renovate-ce-postgres.yml b/examples/docker-compose/renovate-ce-postgres.yml
new file mode 100644
index 00000000..fe453125
--- /dev/null
+++ b/examples/docker-compose/renovate-ce-postgres.yml
@@ -0,0 +1,75 @@
+version: "3.6"
+
+## Title: Renovate CE with SQLite DB
+## Description: This example Docker Compose file starts a single container for Mend Renovate Community Edition.
+## Details: Creates 1 x Mend Renovate CE container that acts as Server and Worker.
+
+services:
+ renovate-ce:
+ # Check latest version here: https://github.com/mend/renovate-ce-ee/pkgs/container/renovate-ce
+ image: ghcr.io/mend/renovate-ce:
+ depends_on:
+ - postgres-database
+ ports:
+ # Note: Set MEND_RNV_SERVER_PORT to match internal port. (Defaults to 8080)
+ - "80:8080" # "[external]:[internal]" Receive APIs and Webhooks on external port
+ environment:
+ # Optional: Enable debug logging for verbose output
+ LOG_LEVEL: debug # Defaults to 'info'
+ # LOG_FORMAT: json # Defaults to 'pretty'. Useful when importing logs to reporting tool (eg. Splunk).
+
+ # Provide a license key and accept the Terms of Service
+ MEND_RNV_LICENSE_KEY: # Get Community Edition license key from https://www.mend.io/renovate-community/
+ MEND_RNV_ACCEPT_TOS: # Set to 'Y' to accept Terms of Service
+ # Provide connection details for the GitHub App
+ # Available at: https://github.com/settings/apps/
+ MEND_RNV_PLATFORM: github
+ MEND_RNV_GITHUB_APP_ID: # App ID
+ MEND_RNV_GITHUB_APP_KEY: # Private key
+ # MEND_RNV_WEBHOOK_SECRET: # Webhook secret (Defaults to 'renovate')
+
+ # Mend Renovate Application settings (Optional)
+ # MEND_RNV_ADMIN_API_ENABLED: true # Enable incoming API calls. Must set MEND_RNV_SERVER_API_SECRET.
+ # MEND_RNV_SERVER_API_SECRET: abc123 # Required to enable APIs
+ # MEND_RNV_LOG_HISTORY_DIR: /logs # Persist Renovate job logs - organized by org/rep/timestamp. Enable volume mount!
+ # MEND_RNV_ENQUEUE_JOBS_ON_STARTUP: disabled # Options: 'enabled', 'disabled', 'discovered' (default)
+ # MEND_RNV_AUTODISCOVER_FILTER: org1/*, org2/test* # Renovate will only run on these repos
+
+ # Connection details to the Postgres DB
+ MEND_RNV_DATA_HANDLER_TYPE: postgresql
+ PGDATABASE: postgres
+ PGUSER: postgres
+ PGPASSWORD: password
+ PGHOST: postgres-database
+ PGPORT: 5432
+
+ # Enable volumes if persisting Renovate job logs
+ # volumes:
+ # Tip: Create folders in advance to avoid permission issues (ie. when Renovate CLI tries to write logs)
+ # - /tmp/renovate/job-logs:/logs # Unix version
+ # - C:\tmp\renovate\job-logs:/logs # Windows version
+
+ ## Postgres Database - used for persisting data held by Mend Renovate about jobs and repos
+ postgres-database:
+ restart: always
+ image: postgres:16.1-alpine3.17
+ environment:
+ POSTGRES_USER: postgres
+ POSTGRES_PASSWORD: password
+ ports:
+ - "5432:5432"
+
+ ## [Optional] Postgres Web Frontend (pgAdmin)
+ ## View the database contents via URL: http://localhost:5050/ with user/pwd as defined below
+ ## Note! pgAdmin requires 'Dockerfile' file (available in 'dockerfiles/pgadmin' directory).
+ pgadmin:
+ restart: unless-stopped
+ build:
+ context: ../dockerfiles/pgadmin
+ dockerfile: Dockerfile
+ depends_on:
+ - postgres-database
+ ports:
+ - "5050:5050"
+ environment:
+ - PGADMIN_LISTEN_PORT=5050
diff --git a/examples/docker-compose/renovate-ee-server-ha-postgres.yml b/examples/docker-compose/renovate-ee-server-ha-postgres.yml
new file mode 100644
index 00000000..7b5097e4
--- /dev/null
+++ b/examples/docker-compose/renovate-ee-server-ha-postgres.yml
@@ -0,0 +1,118 @@
+version: "3.4"
+
+## Title: Renovate Enterprise High Availability Server with Postgres DB
+## Description: This example Docker Compose file starts containers for Mend Renovate Enterprise Edition.
+## Details: Creates 2 x Servers, 2 x Workers, Nginx load balancer (for Servers), Postgres DB, Postgres Web UI (PGAdmin)
+
+## Shared variables - used in both Server and Worker
+x-shared-variables: &shared_variables
+ MEND_RNV_SERVER_HOSTNAME: http://nginx:4000 # Server URL. Use URL of load balancer if there are multiple Servers.
+
+ ## Mend-Renovate essential variables
+ MEND_RNV_LICENSE_KEY: # Enterprise licence key. Get License key from Mend.io
+ MEND_RNV_ACCEPT_TOS: # Set to 'Y' to accept Terms of Service
+ MEND_RNV_SERVER_API_SECRET: abc123 # Required on Server and Worker for internal communication
+
+## Server variables
+x-server-variables: &server_variables
+ # Enable Merge Confidence package rules
+ MEND_RNV_MC_TOKEN: auto # Provide token or set to 'auto'
+
+ # Renovate App connection details (eg. GitHub, GitLab, Bitbucket)
+ # GitHub configuration variables provided below for convenience.
+ # See Renovate-CE-EE documentation for connection details for all platforms.
+ # MEND_RNV_PLATFORM: github
+ # MEND_RNV_GITHUB_APP_ID: # App ID
+ # MEND_RNV_GITHUB_APP_KEY: # Private key
+ # MEND_RNV_WEBHOOK_SECRET: # Webhook secret (Defaults to 'renovate')
+
+ ## Mend Renovate Application settings
+ MEND_RNV_ADMIN_API_ENABLED: true # Enable incoming API calls
+ MEND_RNV_LOG_HISTORY_DIR: /logs # Write Renovate job logs to file. Enable volume mount on Server and Worker!
+ MEND_RNV_ENQUEUE_JOBS_ON_STARTUP: disabled # Options: 'enabled', 'disabled', 'discovered' (default)
+ # MEND_RNV_AUTODISCOVER_FILTER: org1/*, org2/test* # Renovate will only run on these repos
+
+services:
+
+ ## Scaling Server and Worker instances after initial deployment
+ # To increase or decrease Server or Worker instances, run the following command (replace values as appropriate):
+ # $ docker-compose -f renovate-ee-server-ha-postgres.yml up --scale rnv-ee-server=3 --scale rnv-ee-worker=4 -d --no-recreate
+ # Note: Always specify both Server and Worker scaling. Whichever is unspecified will be re-scaled to its original value.
+
+ ## Renovate Server containers
+ rnv-ee-server:
+ # Check latest version here: https://github.com/mend/renovate-ce-ee/pkgs/container/renovate-ee-server
+ image: ghcr.io/mend/renovate-ee-server:
+ deploy:
+ replicas: 2
+ depends_on:
+ - postgres-database
+ ports:
+ - "8080" # Must match MEND_RNV_SERVER_PORT, plus 'proxy_pass' in nginx.conf
+ environment:
+ <<: [*shared_variables, *server_variables]
+ LOG_LEVEL: debug # Defaults to 'info'
+ # LOG_FORMAT: json # Defaults to 'pretty'
+ ## Network DB settings (Postgres)
+ MEND_RNV_DATA_HANDLER_TYPE: postgresql
+ PGDATABASE: postgres
+ PGUSER: postgres
+ PGPASSWORD: password
+ PGHOST: postgres-database
+ PGPORT: 5432
+ volumes:
+# - /tmp/renovate/job-logs:/logs # Unix version
+ - C:\tmp\renovate\job-logs:/logs # Windows version
+
+ ## Renovate Worker containers
+ rnv-ee-worker:
+ # Check latest version here: https://github.com/mend/renovate-ce-ee/pkgs/container/renovate-ee-worker
+ image: ghcr.io/mend/renovate-ee-worker:
+ deploy:
+ replicas: 2
+ depends_on:
+ - rnv-ee-server
+ environment:
+ <<: *shared_variables
+ LOG_LEVEL: debug # Defaults to 'info'
+ # LOG_FORMAT: json # Defaults to 'pretty'
+ volumes:
+# - /tmp/renovate/job-logs:/logs # Unix version
+ - C:\tmp\renovate\job-logs:/logs # Windows version
+
+ ## Load balancer for Renovate Server containers
+ ## Will balance traffic sent to http://localhost:4000/ between Renovate Server instances (rnv-ee-server)
+ ## Note! Requires 'nginx.conf' file (available in 'conf' directory).
+ nginx:
+ image: nginx:1.25.3
+ volumes:
+ - ../conf/nginx.conf:/etc/nginx/nginx.conf:ro
+ depends_on:
+ - rnv-ee-server
+ ports:
+ - "4000:4000"
+
+ ## Postgres Database - used for persisting data held by Mend Renovate about jobs and repos
+ postgres-database:
+ restart: always
+ image: postgres:16.1-alpine3.17
+ environment:
+ POSTGRES_USER: postgres
+ POSTGRES_PASSWORD: password
+ ports:
+ - "5432:5432"
+
+ ## [Optional] Postgres Web Frontend (pgAdmin)
+ ## View the database contents via URL: http://localhost:5050/ with user/pwd as defined below
+ ## Note! pgAdmin requires 'Dockerfile' file (available in 'dockerfiles/pgadmin' directory).
+ pgadmin:
+ restart: unless-stopped
+ build:
+ context: ../dockerfiles/pgadmin
+ dockerfile: Dockerfile
+ depends_on:
+ - postgres-database
+ ports:
+ - "5050:5050"
+ environment:
+ - PGADMIN_LISTEN_PORT=5050
diff --git a/examples/docker-compose/renovate-ee-simple.yml b/examples/docker-compose/renovate-ee-simple.yml
new file mode 100644
index 00000000..4c35d88b
--- /dev/null
+++ b/examples/docker-compose/renovate-ee-simple.yml
@@ -0,0 +1,75 @@
+version: "3.4"
+
+## Title: Renovate Enterprise with SQLite DB
+## Description: This example Docker Compose file starts containers for Mend Renovate Enterprise Edition.
+## Details: Creates 1 x Server, 2 x Workers. Uses internal SQLite DB.
+
+## Shared variables - used in both Server and Worker
+x-shared-variables: &shared-variables
+ MEND_RNV_SERVER_HOSTNAME: http://rnv-ee-server:8080
+
+ ## Mend-Renovate essential variables
+ MEND_RNV_LICENSE_KEY: # Enterprise licence key. Get License key from Mend.io
+ MEND_RNV_ACCEPT_TOS: # Set to 'Y' to accept Terms of Service
+ MEND_RNV_SERVER_API_SECRET: abc123 # Required on Server and Worker for internal communication
+
+## Server variables
+x-server-variables: &server-variables
+ # Enable Merge Confidence package rules
+ MEND_RNV_MC_TOKEN: auto # Provide token or set to 'auto' to enable
+
+ # Renovate App connection details (eg. GitHub, GitLab, Bitbucket)
+ # GitHub configuration variables provided below for convenience.
+ # See Renovate-CE-EE documentation for connection details for all platforms.
+ # MEND_RNV_PLATFORM: github
+ # MEND_RNV_ENDPOINT: # Required for GitLab or GitHub Enterprise Server; not for GitHub.com. Include the trailing slash.
+ # MEND_RNV_GITHUB_APP_ID: # App ID
+ # MEND_RNV_GITHUB_APP_KEY: # Private key
+ # MEND_RNV_WEBHOOK_SECRET: # Webhook secret (Defaults to 'renovate')
+
+ # Mend Renovate Application settings (Optional)
+ # MEND_RNV_ADMIN_API_ENABLED: true # Enable incoming API calls. Must set MEND_RNV_SERVER_API_SECRET.
+ # MEND_RNV_LOG_HISTORY_DIR: /logs # Persist Renovate job logs - organized by org/rep/timestamp. Enable volume mount!
+ # MEND_RNV_SQLITE_FILE_PATH: /db/renovate-ce.sqlite # Persist database to file. Enable volume mount! (Defaults to '/tmp/database.sqlite')
+ # MEND_RNV_ENQUEUE_JOBS_ON_STARTUP: disabled # Options: 'enabled', 'disabled', 'discovered' (default)
+ # MEND_RNV_AUTODISCOVER_FILTER: org1/*, org2/test* # Renovate will only run on these repos
+
+ # Core Renovate settings
+ # GITHUB_COM_TOKEN: # Personal Access Token for github.com (used for retrieving changelogs)
+
+services:
+
+ ## Renovate Server
+ # Note: Server instances can not scale unless using a network database (eg. Postgres)
+ rnv-ee-server:
+ # Check latest version here: https://github.com/mend/renovate-ce-ee/pkgs/container/renovate-ee-server
+ image: ghcr.io/mend/renovate-ee-server:
+ ports:
+ # Note: Set MEND_RNV_SERVER_PORT to match internal port. (Defaults to 8080)
+ - "80:8080" # "[external]:[internal]" Receive APIs and Webhooks on external port
+ environment:
+ <<: [*shared-variables, *server-variables]
+ LOG_LEVEL: debug # Defaults to 'info'
+ # LOG_FORMAT: json # Defaults to 'pretty'
+ volumes:
+ # - /tmp/renovate/job-logs:/logs # Unix version
+ - C:\tmp\renovate\job-logs:/logs # Windows version
+ - C:\tmp\renovate\db:/db
+
+ ## Renovate Worker
+ # To scale Worker instances post deployment, run the following command (replace values as appropriate):
+ # $ docker-compose -f .yml up --scale rnv-ee-worker=4 -d --no-recreate
+ rnv-ee-worker:
+ # Check latest version here: https://github.com/mend/renovate-ce-ee/pkgs/container/renovate-ee-worker
+ image: ghcr.io/mend/renovate-ee-worker:
+ deploy:
+ replicas: 2
+ depends_on:
+ - rnv-ee-server
+ environment:
+ <<: *shared-variables
+ LOG_LEVEL: debug # Defaults to 'info'
+ # LOG_FORMAT: json # Defaults to 'pretty'
+ volumes:
+ # - /tmp/renovate/job-logs:/logs # Unix version
+ - C:\tmp\renovate\job-logs:/logs # Windows version
diff --git a/examples/dockerfiles/pgadmin/Dockerfile b/examples/dockerfiles/pgadmin/Dockerfile
new file mode 100644
index 00000000..313f00e1
--- /dev/null
+++ b/examples/dockerfiles/pgadmin/Dockerfile
@@ -0,0 +1,53 @@
+FROM dpage/pgadmin4:8.0
+
+# pgadmin server user attributes
+ARG P_USER=pgadmin
+ARG P_DOMAIN=mend.io
+ARG P_PASSWORD=admin
+
+# This allows connection information to be pre-loaded into the instance of pgAdmin in the container.
+# https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html#mapped-files-and-directories
+#{
+# "Servers": {
+# "1": {
+# "Name": "Renovate-Pro",
+# "Group": "Servers",
+# "Port": 5432,
+# "Username": "admin",
+# "Host": "postgres-database",
+# "SSLMode": "prefer",
+# "PassFile": "/pgpass",
+# "MaintenanceDB": "postgres"
+# }
+# }
+#}
+ARG SERVERS='{"Servers":{"1":{"Name":"Renovate-Pro","Group":"Servers","Port":5432,"Username":"postgres","Host":"postgres-database","SSLMode":"prefer","PassFile":"/pgpass","MaintenanceDB":"postgres"}}}'
+
+# remote database password file
+# https://www.postgresql.org/docs/current/libpq-pgpass.html
+# hostname:port:database:username:password
+ARG PGPASS='postgres-database:5432:postgres:postgres:password'
+
+# pgadmin home dir
+ARG PGADMIN_DIR=/var/lib/pgadmin/storage/${P_USER}_${P_DOMAIN}
+
+# pgadmin required environment variables
+ENV PGADMIN_DEFAULT_EMAIL=${P_USER}@${P_DOMAIN}
+ENV PGADMIN_DEFAULT_PASSWORD=${P_PASSWORD}
+
+# Create postgres password file
+USER ${P_USER}
+RUN mkdir -p ${PGADMIN_DIR}
+RUN echo ${PGPASS} > ${PGADMIN_DIR}/pgpass
+
+# Disallow any access to the password file
+# https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html#mapped-files-and-directories
+USER root
+RUN chown -R 5050:5050 ${PGADMIN_DIR}/pgpass
+RUN chmod 0600 ${PGADMIN_DIR}/pgpass
+
+# Create server definitions file
+RUN echo ${SERVERS} > /pgadmin4/servers.json
+
+USER ${P_USER}
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/examples/env/github.env b/examples/env/github.env
new file mode 100644
index 00000000..ffd9a454
--- /dev/null
+++ b/examples/env/github.env
@@ -0,0 +1,6 @@
+# Connection details for the Renovate App on GitHub
+# Available at: https://github.com/settings/apps/
+MEND_RNV_PLATFORM=github
+MEND_RNV_GITHUB_APP_ID= # App ID
+MEND_RNV_GITHUB_APP_KEY= # Private key
+MEND_RNV_WEBHOOK_SECRET= # Webhook secret (Defaults to 'renovate')
diff --git a/examples/env/gitlab.env b/examples/env/gitlab.env
new file mode 100644
index 00000000..ec5723e3
--- /dev/null
+++ b/examples/env/gitlab.env
@@ -0,0 +1,5 @@
+# Connection details for the Renovate Bot user account on GitLab
+MEND_RNV_PLATFORM=gitlab
+MEND_RNV_ENDPOINT= # API endpoint for your GitLab host. e.g. like https://gitlab.company.com/api/v4/. Include the trailing slash.
+MEND_RNV_GITLAB_PAT= # Personal access token for the GitLab Renovate user account
+MEND_RNV_WEBHOOK_SECRET= # Webhook secret (Defaults to 'renovate')
diff --git a/examples/env/mend-renovate.env b/examples/env/mend-renovate.env
new file mode 100644
index 00000000..0a7a61eb
--- /dev/null
+++ b/examples/env/mend-renovate.env
@@ -0,0 +1,5 @@
+# Essential environment variables for Server and Worker instances
+MEND_RNV_LICENSE_KEY= # Enterprise license key. Get License key from Mend.io
+MEND_RNV_ACCEPT_TOS= # Set to 'Y' to accept Terms of Service
+MEND_RNV_MC_TOKEN= # Provide token or set to 'auto' to enable Merge Confidence package rules
+MEND_RNV_SERVER_API_SECRET=abc123 # Required on Server and Worker for internal communication
diff --git a/helm-charts/mend-renovate-ce/Chart.yaml b/helm-charts/mend-renovate-ce/Chart.yaml
index 40e7d107..ced2d34b 100644
--- a/helm-charts/mend-renovate-ce/Chart.yaml
+++ b/helm-charts/mend-renovate-ce/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: mend-renovate-ce
-version: 6.9.0
-appVersion: 6.9.1
+version: 6.10.0
+appVersion: 6.10.0
description: Mend Renovate Community Edition
home: https://github.com/mend/renovate-ce-ee
sources:
diff --git a/helm-charts/mend-renovate-ce/templates/deployment.yaml b/helm-charts/mend-renovate-ce/templates/deployment.yaml
index 5bc2daa9..2dbbc71c 100644
--- a/helm-charts/mend-renovate-ce/templates/deployment.yaml
+++ b/helm-charts/mend-renovate-ce/templates/deployment.yaml
@@ -30,7 +30,10 @@ spec:
{{- end }}
spec:
{{- with .Values.podSecurityContext }}
- securityContext: {{ toYaml . | nindent 8 }}
+ securityContext: {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if .Values.serviceAccount }}
+ serviceAccountName: {{ .Values.serviceAccount }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
containers:
@@ -38,7 +41,7 @@ spec:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- with .Values.containerSecurityContext }}
- securityContext: {{ toYaml . | nindent 10 }}
+ securityContext: {{- toYaml . | nindent 12 }}
{{- end }}
env:
{{- with .Values.renovate.extraEnvVars }}
diff --git a/helm-charts/mend-renovate-ce/values.yaml b/helm-charts/mend-renovate-ce/values.yaml
index 82310dd6..9ea1c28c 100644
--- a/helm-charts/mend-renovate-ce/values.yaml
+++ b/helm-charts/mend-renovate-ce/values.yaml
@@ -1,6 +1,6 @@
image:
repository: ghcr.io/mend/renovate-ce
- tag: 6.9.1-full
+ tag: 6.11.0-full
pullPolicy: IfNotPresent
nameOverride: ""
@@ -193,6 +193,8 @@ ingress:
# hosts:
# - mend-renovate.local
+serviceAccount:
+
resources: {}
annotations: {}
@@ -207,8 +209,16 @@ tolerations: []
affinity: {}
podSecurityContext: {}
+# runAsNonRoot: true
+# seccompProfile:
+# type: RuntimeDefault
containerSecurityContext: {}
+# allowPrivilegeEscalation: false
+# readOnlyRootFilesystem: true
+# capabilities:
+# drop:
+# - ALL
# name of the image pull secret
imagePullSecrets: ""
diff --git a/helm-charts/mend-renovate-ee/Chart.yaml b/helm-charts/mend-renovate-ee/Chart.yaml
index 79d7dcd9..cad5d01b 100644
--- a/helm-charts/mend-renovate-ee/Chart.yaml
+++ b/helm-charts/mend-renovate-ee/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: mend-renovate-enterprise-edition
-version: 0.4.0
-appVersion: 6.9.1
+version: 0.5.0
+appVersion: 6.10.0
description: Mend Renovate Enterprise Edition
home: https://github.com/mend/renovate-ce-ee
sources:
diff --git a/helm-charts/mend-renovate-ee/templates/deployment-postgresql.yaml b/helm-charts/mend-renovate-ee/templates/deployment-postgresql.yaml
new file mode 100644
index 00000000..e69de29b
diff --git a/helm-charts/mend-renovate-ee/templates/server-deployment.yaml b/helm-charts/mend-renovate-ee/templates/server-deployment.yaml
index 8cb0c2c5..5771530c 100644
--- a/helm-charts/mend-renovate-ee/templates/server-deployment.yaml
+++ b/helm-charts/mend-renovate-ee/templates/server-deployment.yaml
@@ -32,7 +32,7 @@ spec:
{{- end }}
spec:
{{- with .Values.renovateServer.podSecurityContext }}
- securityContext: {{ toYaml . | nindent 8 }}
+ securityContext: {{- toYaml . | nindent 8 }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.renovateServer.terminationGracePeriodSeconds }}
containers:
@@ -40,7 +40,7 @@ spec:
image: "{{ .Values.renovateServer.image.repository }}:{{ .Values.renovateServer.image.tag }}"
imagePullPolicy: {{ .Values.renovateServer.image.pullPolicy }}
{{- with .Values.containerSecurityContext }}
- securityContext: {{ toYaml . | nindent 10 }}
+ securityContext: {{- toYaml . | nindent 12 }}
{{- end }}
env:
{{- with .Values.renovateServer.extraEnvVars }}
diff --git a/helm-charts/mend-renovate-ee/templates/worker-deployment.yaml b/helm-charts/mend-renovate-ee/templates/worker-deployment.yaml
index b3d04664..99937414 100644
--- a/helm-charts/mend-renovate-ee/templates/worker-deployment.yaml
+++ b/helm-charts/mend-renovate-ee/templates/worker-deployment.yaml
@@ -30,13 +30,16 @@ spec:
{{- end }}
spec:
{{- with .Values.renovateWorker.podSecurityContext }}
- securityContext: {{ toYaml . | nindent 8 }}
+ securityContext: {{- toYaml . | nindent 8 }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.renovateWorker.terminationGracePeriodSeconds }}
containers:
- name: {{ .Chart.Name }}-worker
image: "{{ .Values.renovateWorker.image.repository }}:{{ .Values.renovateWorker.image.tag }}"
imagePullPolicy: {{ .Values.renovateWorker.image.pullPolicy }}
+ {{- with .Values.containerSecurityContext }}
+ securityContext: {{- toYaml . | nindent 12 }}
+ {{- end }}
env:
{{- with .Values.renovateWorker.extraEnvVars }}
{{- toYaml . | nindent 12 }}
diff --git a/helm-charts/mend-renovate-ee/values.yaml b/helm-charts/mend-renovate-ee/values.yaml
index 5b58ab30..8d6fc1d3 100644
--- a/helm-charts/mend-renovate-ee/values.yaml
+++ b/helm-charts/mend-renovate-ee/values.yaml
@@ -28,7 +28,7 @@ postgresql:
renovateServer:
image:
repository: ghcr.io/mend/renovate-ee-server
- tag: 6.9.1
+ tag: 6.11.0
pullPolicy: IfNotPresent
# Number of renovate-ee-server (for SQLite only 1 replica is allowed)
@@ -121,22 +121,30 @@ renovateServer:
# Set log format, defaults to pretty format. Allowed values: undefined or 'json'
logFormat: json
- resources: { }
+ resources: {}
- annotations: { }
+ annotations: {}
labels:
- pods: { }
+ pods: {}
- nodeSelector: { }
+ nodeSelector: {}
- tolerations: [ ]
+ tolerations: []
- affinity: { }
+ affinity: {}
- podSecurityContext: { }
+ podSecurityContext: {}
+ # runAsNonRoot: true
+ # seccompProfile:
+ # type: RuntimeDefault
- containerSecurityContext: { }
+ containerSecurityContext: {}
+ # allowPrivilegeEscalation: false
+ # readOnlyRootFilesystem: true
+ # capabilities:
+ # drop:
+ # - ALL
# name of the image pull secret
imagePullSecrets: ""
@@ -173,7 +181,7 @@ renovateServer:
# secretProviderClass: "some-secret-store"
extraVolumeMounts:
- [ ]
+ []
# - name: secrets-store-inline
# mountPath: "/mnt/secrets-store"
# readOnly: true
@@ -182,7 +190,7 @@ renovateServer:
renovateWorker:
image:
repository: ghcr.io/mend/renovate-ee-worker
- tag: 6.9.1-full
+ tag: 6.11.0-full
pullPolicy: IfNotPresent
# Optional: Sets the maximum execution duration of a Renovate CLI scan in minutes. Defaults to 60.
@@ -235,20 +243,18 @@ renovateWorker:
# defaults to https://github.com/renovatebot/renovate
renovateUserAgent:
- resources: { }
+ resources: {}
- annotations: { }
+ annotations: {}
labels:
- pods: { }
-
- nodeSelector: { }
+ pods: {}
- tolerations: [ ]
+ nodeSelector: {}
- affinity: { }
+ tolerations: []
- podSecurityContext: { }
+ affinity: {}
# name of the image pull secret
imagePullSecrets: ""
@@ -266,7 +272,7 @@ renovateWorker:
# secretProviderClass: "some-secret-store"
extraVolumeMounts:
- [ ]
+ []
# - name: secrets-store-inline
# mountPath: "/mnt/secrets-store"
# readOnly: true
@@ -294,7 +300,7 @@ service:
type: ClusterIP
port: 80
annotations:
- { }
+ {}
# cloud.google.com/load-balancer-type: "Internal"
ingress:
@@ -305,11 +311,11 @@ ingress:
# ingressClassName: nginx
annotations:
- { }
+ {}
# kubernetes.io/tls-acme: "true"
hosts:
- mend-renovate.local
- tls: [ ]
+ tls: []
# - secretName: mend-renovate-tls
# hosts:
# - mend-renovate.local
diff --git a/renovate.json b/renovate.json
index 489d978e..476bcbbc 100644
--- a/renovate.json
+++ b/renovate.json
@@ -4,7 +4,12 @@
":pinDigestsDisabled"
],
"packageRules": [{
- "packageNames": ["ghcr.io/mend/renovate-ce"],
+ "groupName": "Update Mend Renovate docker images",
+ "packageNames": [
+ "ghcr.io/mend/renovate-ce",
+ "ghcr.io/mend/renovate-ee-server",
+ "ghcr.io/mend/renovate-ee-worker"
+ ],
"versioning": "docker",
"automerge": true
}],