From 60f0662cc4a89f3d9fbf042a4a778f9e09be9f12 Mon Sep 17 00:00:00 2001 From: jessebot Date: Wed, 29 May 2024 13:27:34 +0200 Subject: [PATCH] add renovatebot to run hourly in a self-hosted github action instead of using dependabot Signed-off-by: jessebot --- .github/dependabot.yml | 17 ------------ .github/renovate-config.json | 10 +++++++ .github/workflows/renovate.yml | 32 ++++++++++++++++++++++ charts/nextcloud/Chart.yaml | 1 + renovate.json | 50 ++++++++++++++++++++++++++++++++++ scripts/bump-chart-version.sh | 30 ++++++++++++++++++++ 6 files changed, 123 insertions(+), 17 deletions(-) delete mode 100644 .github/dependabot.yml create mode 100644 .github/renovate-config.json create mode 100644 .github/workflows/renovate.yml create mode 100644 renovate.json create mode 100644 scripts/bump-chart-version.sh diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 82f0828e..00000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,17 +0,0 @@ -# To get started with Dependabot version updates, you'll need to specify which -# package ecosystems to update and where the package manifests are located. -# Please see the documentation for all configuration options: -# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file - -version: 2 -updates: - - package-ecosystem: "github-actions" - directory: "/" - schedule: - # Check for updates to GitHub Actions every weekday - interval: "daily" - - - package-ecosystem: "docker" - directory: "/charts/nextcloud" - schedule: - interval: "daily" diff --git a/.github/renovate-config.json b/.github/renovate-config.json new file mode 100644 index 00000000..de0c73fc --- /dev/null +++ b/.github/renovate-config.json @@ -0,0 +1,10 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "onboarding": false, + "username": "renovate-release", + "gitAuthor": "Renovate Bot ", + "platform": "github", + "repositories": [ + "nextcloud/helm" + ] +} diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml new file mode 100644 index 00000000..dc6577b8 --- /dev/null +++ b/.github/workflows/renovate.yml @@ -0,0 +1,32 @@ +name: Renovate +on: + schedule: + # run hourly + - cron: '0 * * * *' + push: + branches: + - main + paths: + - ".github/renovate-config.json" + - ".github/workflows/renovate.yml" + - "renovate.json" + - "scripts/**" +jobs: + renovate: + runs-on: ubuntu-latest + steps: + - name: Get token + id: get_token + uses: tibdex/github-app-token@v2.1.0 + with: + private_key: ${{ secrets.PRIVATE_KEY }} + app_id: ${{ secrets.APP_ID }} + + - name: Checkout + uses: actions/checkout@v4.1.6 + + - name: Self-hosted Renovate + uses: renovatebot/github-action@v40.1.11 + with: + token: '${{ steps.get_token.outputs.token }}' + configurationFile: .github/renovate-config.json diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index 243346f3..7dd5147b 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,6 +1,7 @@ apiVersion: v2 name: nextcloud version: 4.6.8 +# renovate: image=nextcloud appVersion: 29.0.0 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: diff --git a/renovate.json b/renovate.json new file mode 100644 index 00000000..77b7a56c --- /dev/null +++ b/renovate.json @@ -0,0 +1,50 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "customManagers": [ + { + "customType": "regex", + "datasourceTemplate": "docker", + "fileMatch": [ + "(^|/)Chart\\.yaml$" + ], + "matchStrings": [ + "#\\s*renovate: image=(?.*?)\\s+appVersion:\\s*[\"']?(?[\\w+\\.\\-]*)" + ] + } + ], + "packageRules": [ + { + "description": "Fix subchart archives for helm chart", + "matchManagers": ["helmv3"], + "postUpdateOptions": ["helmUpdateSubChartArchives"] + }, + { + "description": "Fix version in Chart.yaml after helmv3 dep patch updates", + "matchManagers": ["helmv3"], + "matchUpdateTypes": ["patch"], + "bumpVersion": "patch" + }, + { + "description": "Fix version in Chart.yaml after helmv3 dep minor updates", + "matchManagers": ["helmv3"], + "matchUpdateTypes": ["minor"], + "bumpVersion": "minor" + }, + { + "description": "Fix version in Chart.yaml after helmv3 dep major updates", + "matchManagers": ["helmv3"], + "matchUpdateTypes": ["major"], + "bumpVersion": "major" + }, + { + "description": "Bump helm chart versions by a patch when updating values files. Digests, pins, rollbacks, replacements and pinDigest updates are deliberately ignored since in our use case, these need a manual decision about the version bump for the chart. This can be removed when https://github.com/renovatebot/renovate/issues/8231 is implemented and enabled.", + "matchManagers": ["helm-values", "regex"], + "postUpgradeTasks": { + "commands": [ + "bash scripts/bump-chart-version.sh '{{{updateType}}}'" + ], + "fileFilters": ["**/Chart.yaml"] + } + } + ] +} diff --git a/scripts/bump-chart-version.sh b/scripts/bump-chart-version.sh new file mode 100644 index 00000000..b1991208 --- /dev/null +++ b/scripts/bump-chart-version.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash + +set -euo pipefail + +parent_dir="$1" +update_type="$2" + +version=$(grep "^version:" "charts/${parent_dir}/Chart.yaml" | awk '{print $2}') +if [[ ! $version ]]; then + echo "No valid version was found" + exit 1 +fi + +major=$(echo "$version" | cut -d. -f1) +minor=$(echo "$version" | cut -d. -f2) +patch=$(echo "$version" | cut -d. -f3) + +if [[ "$update_type" =~ (major|replacement) ]]; then + major=$(( major + 1 )) + minor=0 + patch=0 +elif [[ "$update_type" =~ 'minor' ]]; then + minor=$(( minor + 1 )) + patch=0 +else + patch=$(( patch + 1 )) +fi + +echo "Bumping version for $parent_dir from $version to $major.$minor.$patch" +sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" "charts/${parent_dir}/Chart.yaml"