From 6a3794bddfeed511543c3b8a912729302739f6ff Mon Sep 17 00:00:00 2001
From: Bertrand Goareguer <bertrand.goareguer@gmail.com>
Date: Wed, 4 Dec 2024 07:11:41 +0000
Subject: [PATCH] fix: renovate cannot upgrade overwritten TBC Docker images
The default renovate configuration now detects overwritten TBC Docker image variables and tracks them for update
---
README.md | 33 ++++++++++++++++++++++++++++++++
kicker.json | 5 +++++
templates/gitlab-ci-renovate.yml | 28 +++++++++++++++++++++++++++
3 files changed, 66 insertions(+)
diff --git a/README.md b/README.md
index 77a61a3..da8c225 100644
--- a/README.md
+++ b/README.md
@@ -36,6 +36,7 @@ The Renovate template uses some global configuration used throughout all jobs.
| Input / Variable | Description | Default value |
| -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- |
| `image` / `RENOVATE_IMAGE` | The Docker image used to run Renovate | `registry.hub.docker.com/renovate/renovate:latest` |
+| `onboarding-config` / `RENOVATE_ONBOARDING_CONFIG` | Renovate configuration to use for onboarding Renovate | [see below](#default-onboarding-configuration) |
| :lock: `RENOVATE_TOKEN` | A GitLab access token to allow Renovate crawl your projects. [See doc](https://docs.renovatebot.com/modules/platform/gitlab/#authentication) | _none_ |
| :lock: `GITHUB_COM_TOKEN` | A GitHub access token to allow Renovate fetch changelogs. [See doc](https://docs.renovatebot.com/getting-started/running/#githubcom-token-for-changelogs) | _none_ |
@@ -70,6 +71,38 @@ Defaults values are set to manage GitLab features :
| [`RENOVATE_LOG_FILE`](https://docs.renovatebot.com/config-overview/#logging-variables) | `renovate-log.ndjson` |
| [`RENOVATE_LOG_FILE_LEVEL`](https://docs.renovatebot.com/config-overview/#logging-variables) | `debug` |
+#### Default onboarding configuration
+`
+The default [onboarding configuration](https://docs.renovatebot.com/self-hosted-configuration/#onboardingconfig) is suitable for projects using to-be-continuous:
+
+- looks for user-defined inputs and variables in your `.gitlab-ci.yml` defining Docker images (ex: `SOMETOOL_IMAGE: docker.io/sometool:1.2.2`)
+
+```json
+{
+ "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+ "extends": [
+ "config:recommended",
+ ":dependencyDashboard"
+ ],
+ "labels": [
+ "dependencies"
+ ],
+ "customManagers": [
+ {
+ "customType": "regex",
+ "fileMatch": [ "\\.gitlab-ci\\.ya?ml$" ],
+ "matchStrings": [ "\\s?_IMAGE:\\s['\"](?<registryUrls>.*?)\\/(?<depName>.*?):(?<currentValue>.*)['\"]" ],
+ "datasourceTemplate": "docker"
+ },
+ {
+ "customType": "regex",
+ "fileMatch": [ "\\.gitlab-ci\\.ya?ml$" ],
+ "matchStrings": [ "\\s?image:\\s['\"](?<registryUrls>.*?)\\/(?<depName>.*?):(?<currentValue>.*)['\"]" ],
+ "datasourceTemplate": "docker"
+ }
+ ]
+}
+```
### Dry-run implementation details
Depending on the source of a pipeline, the template will either perform your dependency updates (create/update/delete branches and MRs)
diff --git a/kicker.json b/kicker.json
index 2442ccf..8ba82c1 100644
--- a/kicker.json
+++ b/kicker.json
@@ -11,6 +11,11 @@
"description": "The Docker image used to run Renovate",
"default": "registry.hub.docker.com/renovate/renovate:latest"
},
+ {
+ "name": "RENOVATE_ONBOARDING_CONFIG",
+ "description": "Renovate configuration to use for onboarding PRs",
+ "default": "{\n \"$$schema\": \"https://docs.renovatebot.com/renovate-schema.json\",\n \"extends\": [\n \"config:recommended\",\n \":dependencyDashboard\"\n ],\n \"labels\": [\n \"dependencies\"\n ],\n \"customManagers\": [\n {\n \"customType\": \"regex\",\n \"fileMatch\": [ \"\\\\.gitlab-ci\\\\.ya?ml$\" ], \n \"matchStrings\": [ \"\\\\s?_IMAGE:\\\\s['\\\"](?<registryUrls>.*?)\\\\/(?<depName>.*?):(?<currentValue>.*)['\\\"]\" ], \n \"datasourceTemplate\": \"docker\" \n },\n {\n \"customType\": \"regex\",\n \"fileMatch\": [ \"\\\\.gitlab-ci\\\\.ya?ml$\" ], \n \"matchStrings\": [ \"\\\\s?image:\\\\s['\\\"](?<registryUrls>.*?)\\\\/(?<depName>.*?):(?<currentValue>.*)['\\\"]\" ], \n \"datasourceTemplate\": \"docker\" \n }\n ] \n}"
+ },
{
"name": "RENOVATE_TOKEN",
"description": "A GitLab access token to allow Renovate crawl your projects. [See doc](https://docs.renovatebot.com/modules/platform/gitlab/#authentication)",
diff --git a/templates/gitlab-ci-renovate.yml b/templates/gitlab-ci-renovate.yml
index 245ed47..a874e38 100644
--- a/templates/gitlab-ci-renovate.yml
+++ b/templates/gitlab-ci-renovate.yml
@@ -19,6 +19,33 @@ spec:
image:
description: The Docker image used to run Renovate
default: registry.hub.docker.com/renovate/renovate:latest
+ onboarding-config:
+ description: Renovate configuration to use for onboarding PRs
+ default: >-
+ {
+ "$$schema": "https://docs.renovatebot.com/renovate-schema.json",
+ "extends": [
+ "config:recommended",
+ ":dependencyDashboard"
+ ],
+ "labels": [
+ "dependencies"
+ ],
+ "customManagers": [
+ {
+ "customType": "regex",
+ "fileMatch": [ "\\.gitlab-ci\\.ya?ml$" ],
+ "matchStrings": [ "\\s?_IMAGE:\\s['\"](?<registryUrls>.*?)\\/(?<depName>.*?):(?<currentValue>.*)['\"]" ],
+ "datasourceTemplate": "docker"
+ },
+ {
+ "customType": "regex",
+ "fileMatch": [ "\\.gitlab-ci\\.ya?ml$" ],
+ "matchStrings": [ "\\s?image:\\s['\"](?<registryUrls>.*?)\\/(?<depName>.*?):(?<currentValue>.*)['\"]" ],
+ "datasourceTemplate": "docker"
+ }
+ ]
+ }
---
workflow:
rules:
@@ -62,6 +89,7 @@ variables:
RENOVATE_LOG_FILE: renovate-log.ndjson
RENOVATE_LOG_FILE_LEVEL: debug
LOG_LEVEL: info
+ RENOVATE_ONBOARDING_CONFIG: $[[ inputs.onboarding-config ]]
.renovate-scripts: &renovate-scripts |
# BEGSCRIPT
--
GitLab