From 5fa07ebe86eb9572da6928fd9cf4472e95e66fef Mon Sep 17 00:00:00 2001 From: jessebot Date: Wed, 29 May 2024 13:27:34 +0200 Subject: [PATCH 1/6] add renovatebot to run hourly in a self-hosted github action instead of using dependabot Signed-off-by: jessebot --- .github/dependabot.yml | 17 ------------ .github/renovate-config.json | 10 +++++++ .github/workflows/renovate.yml | 32 ++++++++++++++++++++++ charts/nextcloud/Chart.yaml | 1 + renovate.json | 50 ++++++++++++++++++++++++++++++++++ scripts/bump-chart-version.sh | 30 ++++++++++++++++++++ 6 files changed, 123 insertions(+), 17 deletions(-) delete mode 100644 .github/dependabot.yml create mode 100644 .github/renovate-config.json create mode 100644 .github/workflows/renovate.yml create mode 100644 renovate.json create mode 100644 scripts/bump-chart-version.sh diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 82f0828e..00000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,17 +0,0 @@ -# To get started with Dependabot version updates, you'll need to specify which -# package ecosystems to update and where the package manifests are located. -# Please see the documentation for all configuration options: -# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file - -version: 2 -updates: - - package-ecosystem: "github-actions" - directory: "/" - schedule: - # Check for updates to GitHub Actions every weekday - interval: "daily" - - - package-ecosystem: "docker" - directory: "/charts/nextcloud" - schedule: - interval: "daily" diff --git a/.github/renovate-config.json b/.github/renovate-config.json new file mode 100644 index 00000000..de0c73fc --- /dev/null +++ b/.github/renovate-config.json @@ -0,0 +1,10 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "onboarding": false, + "username": "renovate-release", + "gitAuthor": "Renovate Bot ", + "platform": "github", + "repositories": [ + "nextcloud/helm" + ] +} diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml new file mode 100644 index 00000000..dc6577b8 --- /dev/null +++ b/.github/workflows/renovate.yml @@ -0,0 +1,32 @@ +name: Renovate +on: + schedule: + # run hourly + - cron: '0 * * * *' + push: + branches: + - main + paths: + - ".github/renovate-config.json" + - ".github/workflows/renovate.yml" + - "renovate.json" + - "scripts/**" +jobs: + renovate: + runs-on: ubuntu-latest + steps: + - name: Get token + id: get_token + uses: tibdex/github-app-token@v2.1.0 + with: + private_key: ${{ secrets.PRIVATE_KEY }} + app_id: ${{ secrets.APP_ID }} + + - name: Checkout + uses: actions/checkout@v4.1.6 + + - name: Self-hosted Renovate + uses: renovatebot/github-action@v40.1.11 + with: + token: '${{ steps.get_token.outputs.token }}' + configurationFile: .github/renovate-config.json diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index 243346f3..7dd5147b 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,6 +1,7 @@ apiVersion: v2 name: nextcloud version: 4.6.8 +# renovate: image=nextcloud appVersion: 29.0.0 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: diff --git a/renovate.json b/renovate.json new file mode 100644 index 00000000..77b7a56c --- /dev/null +++ b/renovate.json @@ -0,0 +1,50 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "customManagers": [ + { + "customType": "regex", + "datasourceTemplate": "docker", + "fileMatch": [ + "(^|/)Chart\\.yaml$" + ], + "matchStrings": [ + "#\\s*renovate: image=(?.*?)\\s+appVersion:\\s*[\"']?(?[\\w+\\.\\-]*)" + ] + } + ], + "packageRules": [ + { + "description": "Fix subchart archives for helm chart", + "matchManagers": ["helmv3"], + "postUpdateOptions": ["helmUpdateSubChartArchives"] + }, + { + "description": "Fix version in Chart.yaml after helmv3 dep patch updates", + "matchManagers": ["helmv3"], + "matchUpdateTypes": ["patch"], + "bumpVersion": "patch" + }, + { + "description": "Fix version in Chart.yaml after helmv3 dep minor updates", + "matchManagers": ["helmv3"], + "matchUpdateTypes": ["minor"], + "bumpVersion": "minor" + }, + { + "description": "Fix version in Chart.yaml after helmv3 dep major updates", + "matchManagers": ["helmv3"], + "matchUpdateTypes": ["major"], + "bumpVersion": "major" + }, + { + "description": "Bump helm chart versions by a patch when updating values files. Digests, pins, rollbacks, replacements and pinDigest updates are deliberately ignored since in our use case, these need a manual decision about the version bump for the chart. This can be removed when https://github.com/renovatebot/renovate/issues/8231 is implemented and enabled.", + "matchManagers": ["helm-values", "regex"], + "postUpgradeTasks": { + "commands": [ + "bash scripts/bump-chart-version.sh '{{{updateType}}}'" + ], + "fileFilters": ["**/Chart.yaml"] + } + } + ] +} diff --git a/scripts/bump-chart-version.sh b/scripts/bump-chart-version.sh new file mode 100644 index 00000000..b1991208 --- /dev/null +++ b/scripts/bump-chart-version.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash + +set -euo pipefail + +parent_dir="$1" +update_type="$2" + +version=$(grep "^version:" "charts/${parent_dir}/Chart.yaml" | awk '{print $2}') +if [[ ! $version ]]; then + echo "No valid version was found" + exit 1 +fi + +major=$(echo "$version" | cut -d. -f1) +minor=$(echo "$version" | cut -d. -f2) +patch=$(echo "$version" | cut -d. -f3) + +if [[ "$update_type" =~ (major|replacement) ]]; then + major=$(( major + 1 )) + minor=0 + patch=0 +elif [[ "$update_type" =~ 'minor' ]]; then + minor=$(( minor + 1 )) + patch=0 +else + patch=$(( patch + 1 )) +fi + +echo "Bumping version for $parent_dir from $version to $major.$minor.$patch" +sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" "charts/${parent_dir}/Chart.yaml" From 6ad09aea634513aaf9972870d81dbd3bc4afe09e Mon Sep 17 00:00:00 2001 From: jessebot Date: Wed, 29 May 2024 13:37:26 +0200 Subject: [PATCH 2/6] update renovate GHA workflow to use github recommended action Signed-off-by: jessebot --- .github/workflows/renovate.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml index dc6577b8..6ebcabe1 100644 --- a/.github/workflows/renovate.yml +++ b/.github/workflows/renovate.yml @@ -17,10 +17,12 @@ jobs: steps: - name: Get token id: get_token - uses: tibdex/github-app-token@v2.1.0 + uses: actions/create-github-app-token@v1 with: - private_key: ${{ secrets.PRIVATE_KEY }} - app_id: ${{ secrets.APP_ID }} + private-key: ${{ secrets.private_key }} + app-id: ${{ secrets.app_id }} + owner: ${{ github.repository_owner }} + repositories: 'helm' - name: Checkout uses: actions/checkout@v4.1.6 From 1093db457d76435a7731b66dc41e03f79050ab64 Mon Sep 17 00:00:00 2001 From: jessebot Date: Wed, 29 May 2024 16:03:19 +0200 Subject: [PATCH 3/6] fix on parameter to use pull_request directly Signed-off-by: jessebot --- .github/workflows/lint-test.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 14c37ceb..808ef177 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -1,8 +1,7 @@ name: Lint and Test Charts -on: - pull_request: - paths: +on: pull_request + jobs: changes: runs-on: ubuntu-latest-low From 02b8ca4e144bac5aefe2ea8a72ab5ac1955ed2b4 Mon Sep 17 00:00:00 2001 From: jessebot Date: Fri, 31 May 2024 08:14:49 +0200 Subject: [PATCH 4/6] bumps chart a patch version to please linter Signed-off-by: jessebot --- charts/nextcloud/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index 7dd5147b..282a4296 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: nextcloud -version: 4.6.8 +version: 4.6.9 # renovate: image=nextcloud appVersion: 29.0.0 description: A file sharing server that puts the control and security of your own data back into your hands. From e2ad1db9c6248a1197d7fb152e99953c37bc8063 Mon Sep 17 00:00:00 2001 From: jessebot Date: Fri, 31 May 2024 09:53:17 +0200 Subject: [PATCH 5/6] add allowedPostUpgradeCommand Signed-off-by: jessebot --- .github/renovate-config.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/renovate-config.json b/.github/renovate-config.json index de0c73fc..74aca577 100644 --- a/.github/renovate-config.json +++ b/.github/renovate-config.json @@ -6,5 +6,6 @@ "platform": "github", "repositories": [ "nextcloud/helm" - ] + ], + "allowedPostUpgradeCommands": ["^scripts"] } From f2258c83a9133f21a9efa559a719ad5396a08845 Mon Sep 17 00:00:00 2001 From: jessebot Date: Fri, 31 May 2024 11:20:19 +0200 Subject: [PATCH 6/6] remove options for app-token that aren't needed and use official github exactly for id Signed-off-by: jessebot --- .github/workflows/renovate.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml index 6ebcabe1..6d89ac54 100644 --- a/.github/workflows/renovate.yml +++ b/.github/workflows/renovate.yml @@ -1,7 +1,7 @@ name: Renovate on: schedule: - # run hourly + # This should be every hour - cron: '0 * * * *' push: branches: @@ -16,13 +16,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - id: get_token + id: app-token uses: actions/create-github-app-token@v1 with: - private-key: ${{ secrets.private_key }} - app-id: ${{ secrets.app_id }} - owner: ${{ github.repository_owner }} - repositories: 'helm' + private-key: ${{ secrets.PRIVATE_KEY }} + app-id: ${{ secrets.APP_ID }} - name: Checkout uses: actions/checkout@v4.1.6 @@ -30,5 +28,4 @@ jobs: - name: Self-hosted Renovate uses: renovatebot/github-action@v40.1.11 with: - token: '${{ steps.get_token.outputs.token }}' configurationFile: .github/renovate-config.json