fix: renovate cannot upgrade overwritten TBC Docker images

The default renovate configuration now detects overwritten TBC Docker image variables and tracks them for update

README.md

@@ -36,6 +36,7 @@ The Renovate template uses some global configuration used throughout all jobs.
 | Input / Variable           | Description                                                                                                                                               | Default value                                      |
 | -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- |
 | `image` / `RENOVATE_IMAGE` | The Docker image used to run Renovate                                                                                                                     | `registry.hub.docker.com/renovate/renovate:latest` |
+| `onboarding-config` / `RENOVATE_ONBOARDING_CONFIG` | Renovate configuration to use for onboarding Renovate                                                                                                                     | [see below](#default-onboarding-configuration) |
 | :lock: `RENOVATE_TOKEN`    | A GitLab access token to allow Renovate crawl your projects. [See doc](https://docs.renovatebot.com/modules/platform/gitlab/#authentication)              | _none_                                             |
 | :lock: `GITHUB_COM_TOKEN`  | A GitHub access token to allow Renovate fetch changelogs. [See doc](https://docs.renovatebot.com/getting-started/running/#githubcom-token-for-changelogs) | _none_                                             |
 
@@ -70,6 +71,38 @@ Defaults values are set to manage GitLab features :
 | [`RENOVATE_LOG_FILE`](https://docs.renovatebot.com/config-overview/#logging-variables)                       | `renovate-log.ndjson`                     |
 | [`RENOVATE_LOG_FILE_LEVEL`](https://docs.renovatebot.com/config-overview/#logging-variables)                 | `debug`                                   |
 
+#### Default onboarding configuration
+`
+The default [onboarding configuration](https://docs.renovatebot.com/self-hosted-configuration/#onboardingconfig) is suitable for projects using to-be-continuous:
+
+- looks for user-defined inputs and variables in your `.gitlab-ci.yml` defining Docker images (ex: `SOMETOOL_IMAGE: docker.io/sometool:1.2.2`)
+
+```json
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended",
+    ":dependencyDashboard"
+  ],
+  "labels": [
+    "dependencies"
+  ],
+  "customManagers": [
+    {
+      "customType": "regex",
+      "fileMatch": [ "\\.gitlab-ci\\.ya?ml$" ], 
+      "matchStrings": [ "\\s?_IMAGE:\\s['\"](?<registryUrls>.*?)\\/(?<depName>.*?):(?<currentValue>.*)['\"]" ], 
+      "datasourceTemplate": "docker" 
+    },
+    {
+      "customType": "regex",
+      "fileMatch": [ "\\.gitlab-ci\\.ya?ml$" ], 
+      "matchStrings": [ "\\s?image:\\s['\"](?<registryUrls>.*?)\\/(?<depName>.*?):(?<currentValue>.*)['\"]" ], 
+      "datasourceTemplate": "docker" 
+    }
+  ] 
+}
+```
 ### Dry-run implementation details
 
 Depending on the source of a pipeline, the template will either perform your dependency updates (create/update/delete branches and MRs)

kicker.json

@@ -11,6 +11,11 @@
       "description": "The Docker image used to run Renovate",
       "default": "registry.hub.docker.com/renovate/renovate:latest"
     },
+    {
+      "name": "RENOVATE_ONBOARDING_CONFIG",
+      "description": "Renovate configuration to use for onboarding PRs",
+      "default": "{\n  \"$$schema\": \"https://docs.renovatebot.com/renovate-schema.json\",\n  \"extends\": [\n    \"config:recommended\",\n    \":dependencyDashboard\"\n  ],\n \"labels\": [\n   \"dependencies\"\n  ],\n  \"customManagers\": [\n    {\n      \"customType\": \"regex\",\n      \"fileMatch\": [ \"\\\\.gitlab-ci\\\\.ya?ml$\" ], \n      \"matchStrings\": [ \"\\\\s?_IMAGE:\\\\s['\\\"](?<registryUrls>.*?)\\\\/(?<depName>.*?):(?<currentValue>.*)['\\\"]\" ], \n      \"datasourceTemplate\": \"docker\" \n    },\n    {\n      \"customType\": \"regex\",\n      \"fileMatch\": [ \"\\\\.gitlab-ci\\\\.ya?ml$\" ], \n      \"matchStrings\": [ \"\\\\s?image:\\\\s['\\\"](?<registryUrls>.*?)\\\\/(?<depName>.*?):(?<currentValue>.*)['\\\"]\" ], \n      \"datasourceTemplate\": \"docker\" \n    }\n  ] \n}"
+    },
     {
       "name": "RENOVATE_TOKEN",
       "description": "A GitLab access token to allow Renovate crawl your projects. [See doc](https://docs.renovatebot.com/modules/platform/gitlab/#authentication)",

templates/gitlab-ci-renovate.yml

@@ -19,6 +19,33 @@ spec:
     image:
       description: The Docker image used to run Renovate
       default: registry.hub.docker.com/renovate/renovate:latest
+    onboarding-config:
+      description: Renovate configuration to use for onboarding PRs
+      default: >-
+        {
+          "$$schema": "https://docs.renovatebot.com/renovate-schema.json",
+          "extends": [
+            "config:recommended",
+            ":dependencyDashboard"
+          ],
+         "labels": [
+           "dependencies"
+          ],
+          "customManagers": [
+            {
+              "customType": "regex",
+              "fileMatch": [ "\\.gitlab-ci\\.ya?ml$" ], 
+              "matchStrings": [ "\\s?_IMAGE:\\s['\"](?<registryUrls>.*?)\\/(?<depName>.*?):(?<currentValue>.*)['\"]" ], 
+              "datasourceTemplate": "docker" 
+            },
+            {
+              "customType": "regex",
+              "fileMatch": [ "\\.gitlab-ci\\.ya?ml$" ], 
+              "matchStrings": [ "\\s?image:\\s['\"](?<registryUrls>.*?)\\/(?<depName>.*?):(?<currentValue>.*)['\"]" ], 
+              "datasourceTemplate": "docker" 
+            }
+          ] 
+        }
 ---
 workflow:
   rules:
@@ -62,6 +89,7 @@ variables:
   RENOVATE_LOG_FILE: renovate-log.ndjson
   RENOVATE_LOG_FILE_LEVEL: debug
   LOG_LEVEL: info
+  RENOVATE_ONBOARDING_CONFIG: $[[ inputs.onboarding-config ]]
 
 .renovate-scripts: &renovate-scripts |
   # BEGSCRIPT