diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 82f0828e..00000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,17 +0,0 @@ -# To get started with Dependabot version updates, you'll need to specify which -# package ecosystems to update and where the package manifests are located. -# Please see the documentation for all configuration options: -# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file - -version: 2 -updates: - - package-ecosystem: "github-actions" - directory: "/" - schedule: - # Check for updates to GitHub Actions every weekday - interval: "daily" - - - package-ecosystem: "docker" - directory: "/charts/nextcloud" - schedule: - interval: "daily" diff --git a/.github/renovate-config.json b/.github/renovate-config.json new file mode 100644 index 00000000..74aca577 --- /dev/null +++ b/.github/renovate-config.json @@ -0,0 +1,11 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "onboarding": false, + "username": "renovate-release", + "gitAuthor": "Renovate Bot ", + "platform": "github", + "repositories": [ + "nextcloud/helm" + ], + "allowedPostUpgradeCommands": ["^scripts"] +} diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index ded95bf8..ebd59237 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -1,8 +1,7 @@ name: Lint and Test Charts -on: - pull_request: - paths: +on: pull_request + jobs: changes: runs-on: ubuntu-latest-low diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml new file mode 100644 index 00000000..6d89ac54 --- /dev/null +++ b/.github/workflows/renovate.yml @@ -0,0 +1,31 @@ +name: Renovate +on: + schedule: + # This should be every hour + - cron: '0 * * * *' + push: + branches: + - main + paths: + - ".github/renovate-config.json" + - ".github/workflows/renovate.yml" + - "renovate.json" + - "scripts/**" +jobs: + renovate: + runs-on: ubuntu-latest + steps: + - name: Get token + id: app-token + uses: actions/create-github-app-token@v1 + with: + private-key: ${{ secrets.PRIVATE_KEY }} + app-id: ${{ secrets.APP_ID }} + + - name: Checkout + uses: actions/checkout@v4.1.6 + + - name: Self-hosted Renovate + uses: renovatebot/github-action@v40.1.11 + with: + configurationFile: .github/renovate-config.json diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index dae94e71..446377d7 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,6 +1,7 @@ apiVersion: v2 name: nextcloud -version: 5.2.1 +version: 5.2.2 +# renovate: image=nextcloud appVersion: 29.0.3 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: diff --git a/renovate.json b/renovate.json new file mode 100644 index 00000000..77b7a56c --- /dev/null +++ b/renovate.json @@ -0,0 +1,50 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "customManagers": [ + { + "customType": "regex", + "datasourceTemplate": "docker", + "fileMatch": [ + "(^|/)Chart\\.yaml$" + ], + "matchStrings": [ + "#\\s*renovate: image=(?.*?)\\s+appVersion:\\s*[\"']?(?[\\w+\\.\\-]*)" + ] + } + ], + "packageRules": [ + { + "description": "Fix subchart archives for helm chart", + "matchManagers": ["helmv3"], + "postUpdateOptions": ["helmUpdateSubChartArchives"] + }, + { + "description": "Fix version in Chart.yaml after helmv3 dep patch updates", + "matchManagers": ["helmv3"], + "matchUpdateTypes": ["patch"], + "bumpVersion": "patch" + }, + { + "description": "Fix version in Chart.yaml after helmv3 dep minor updates", + "matchManagers": ["helmv3"], + "matchUpdateTypes": ["minor"], + "bumpVersion": "minor" + }, + { + "description": "Fix version in Chart.yaml after helmv3 dep major updates", + "matchManagers": ["helmv3"], + "matchUpdateTypes": ["major"], + "bumpVersion": "major" + }, + { + "description": "Bump helm chart versions by a patch when updating values files. Digests, pins, rollbacks, replacements and pinDigest updates are deliberately ignored since in our use case, these need a manual decision about the version bump for the chart. This can be removed when https://github.com/renovatebot/renovate/issues/8231 is implemented and enabled.", + "matchManagers": ["helm-values", "regex"], + "postUpgradeTasks": { + "commands": [ + "bash scripts/bump-chart-version.sh '{{{updateType}}}'" + ], + "fileFilters": ["**/Chart.yaml"] + } + } + ] +} diff --git a/scripts/bump-chart-version.sh b/scripts/bump-chart-version.sh new file mode 100644 index 00000000..b1991208 --- /dev/null +++ b/scripts/bump-chart-version.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash + +set -euo pipefail + +parent_dir="$1" +update_type="$2" + +version=$(grep "^version:" "charts/${parent_dir}/Chart.yaml" | awk '{print $2}') +if [[ ! $version ]]; then + echo "No valid version was found" + exit 1 +fi + +major=$(echo "$version" | cut -d. -f1) +minor=$(echo "$version" | cut -d. -f2) +patch=$(echo "$version" | cut -d. -f3) + +if [[ "$update_type" =~ (major|replacement) ]]; then + major=$(( major + 1 )) + minor=0 + patch=0 +elif [[ "$update_type" =~ 'minor' ]]; then + minor=$(( minor + 1 )) + patch=0 +else + patch=$(( patch + 1 )) +fi + +echo "Bumping version for $parent_dir from $version to $major.$minor.$patch" +sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" "charts/${parent_dir}/Chart.yaml"