Skip to content
Snippets Groups Projects
Commit d947dbf4 authored by Benguria Elguezabal, Gorka's avatar Benguria Elguezabal, Gorka
Browse files

Merge remote-tracking branch 'upstream/master'

# Conflicts:
#	.gitlab-ci.yml
#	CHANGELOG.md
#	README.md
#	templates/gitlab-ci-renovate.yml
parents 651e1201 39a639ea
No related branches found
No related tags found
No related merge requests found
Pipeline #169120 passed
# [1.3.0](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/renovate/compare/1.2.2...1.3.0) (2024-08-29) ## [1.4.1](https://gitlab.com/to-be-continuous/renovate/compare/1.4.0...1.4.1) (2024-12-09)
### Bug Fixes
* renovate cannot upgrade overwritten TBC Docker images ([6a3794b](https://gitlab.com/to-be-continuous/renovate/commit/6a3794bddfeed511543c3b8a912729302739f6ff))
* specifiy user agent to fix check links issue on mend.io ([2814754](https://gitlab.com/to-be-continuous/renovate/commit/2814754b05915cafb1e171df4a212f65f855c2a7))
# [1.4.0](https://gitlab.com/to-be-continuous/renovate/compare/1.3.0...1.4.0) (2024-08-30)
### Features
* standard TBC secrets decoding ([adf9450](https://gitlab.com/to-be-continuous/renovate/commit/adf9450f9392d5ec7aced16a281e23346d190622))
# [1.3.0](https://gitlab.com/to-be-continuous/renovate/compare/1.2.2...1.3.0) (2024-08-23)
### Bug Fixes ### Bug Fixes
......
...@@ -14,7 +14,7 @@ Add the following to your `.gitlab-ci.yml`: ...@@ -14,7 +14,7 @@ Add the following to your `.gitlab-ci.yml`:
```yaml ```yaml
include: include:
# include the component # include the component
- component: $CI_SERVER_FQDN/to-be-continuous/renovate/gitlab-ci-renovate@1.3.0 - component: $CI_SERVER_FQDN/to-be-continuous/renovate/gitlab-ci-renovate@1.4.1
``` ```
### Use as a CI/CD template (legacy) ### Use as a CI/CD template (legacy)
...@@ -25,7 +25,7 @@ Add the following to your `.gitlab-ci.yml`: ...@@ -25,7 +25,7 @@ Add the following to your `.gitlab-ci.yml`:
include: include:
# include the template # include the template
- project: "to-be-continuous/renovate" - project: "to-be-continuous/renovate"
ref: "1.2.2" ref: "1.4.1"
file: "/templates/gitlab-ci-renovate.yml" file: "/templates/gitlab-ci-renovate.yml"
``` ```
...@@ -72,6 +72,38 @@ Defaults values are set to manage GitLab features : ...@@ -72,6 +72,38 @@ Defaults values are set to manage GitLab features :
| [`RENOVATE_LOG_FILE`](https://docs.renovatebot.com/config-overview/#logging-variables) | `renovate-log.ndjson` | | [`RENOVATE_LOG_FILE`](https://docs.renovatebot.com/config-overview/#logging-variables) | `renovate-log.ndjson` |
| [`RENOVATE_LOG_FILE_LEVEL`](https://docs.renovatebot.com/config-overview/#logging-variables) | `debug` | | [`RENOVATE_LOG_FILE_LEVEL`](https://docs.renovatebot.com/config-overview/#logging-variables) | `debug` |
#### Default onboarding configuration
`
The default [onboarding configuration](https://docs.renovatebot.com/self-hosted-configuration/#onboardingconfig) is suitable for projects using to-be-continuous:
- looks for user-defined inputs and variables in your `.gitlab-ci.yml` defining Docker images (ex: `SOMETOOL_IMAGE: docker.io/sometool:1.2.2`)
```json
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:recommended",
":dependencyDashboard"
],
"labels": [
"dependencies"
],
"customManagers": [
{
"customType": "regex",
"fileMatch": [ "\\.gitlab-ci\\.ya?ml$" ],
"matchStrings": [ "\\s?_IMAGE:\\s['\"](?<registryUrls>.*?)\\/(?<depName>.*?):(?<currentValue>.*)['\"]" ],
"datasourceTemplate": "docker"
},
{
"customType": "regex",
"fileMatch": [ "\\.gitlab-ci\\.ya?ml$" ],
"matchStrings": [ "\\s?image:\\s['\"](?<registryUrls>.*?)\\/(?<depName>.*?):(?<currentValue>.*)['\"]" ],
"datasourceTemplate": "docker"
}
]
}
```
### Dry-run implementation details ### Dry-run implementation details
Depending on the source of a pipeline, the template will either perform your dependency updates (create/update/delete branches and MRs) Depending on the source of a pipeline, the template will either perform your dependency updates (create/update/delete branches and MRs)
......
...@@ -27,7 +27,7 @@ if [[ "$curVer" ]]; then ...@@ -27,7 +27,7 @@ if [[ "$curVer" ]]; then
log_info "Bump version from \\e[33;1m${curVer}\\e[0m to \\e[33;1m${nextVer}\\e[0m (release type: $relType)..." log_info "Bump version from \\e[33;1m${curVer}\\e[0m to \\e[33;1m${nextVer}\\e[0m (release type: $relType)..."
# replace in README # replace in README
sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\/ref: \$nextVer\/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\"/ref: \"$nextVer\"/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next
mv -f README.md.next README.md mv -f README.md.next README.md
# replace in template and variants # replace in template and variants
......
...@@ -11,6 +11,11 @@ ...@@ -11,6 +11,11 @@
"description": "The Docker image used to run Renovate", "description": "The Docker image used to run Renovate",
"default": "registry.hub.docker.com/renovate/renovate:latest" "default": "registry.hub.docker.com/renovate/renovate:latest"
}, },
{
"name": "RENOVATE_ONBOARDING_CONFIG",
"description": "Renovate configuration to use for onboarding PRs",
"default": "{\n \"$$schema\": \"https://docs.renovatebot.com/renovate-schema.json\",\n \"extends\": [\n \"config:recommended\",\n \":dependencyDashboard\"\n ],\n \"labels\": [\n \"dependencies\"\n ],\n \"customManagers\": [\n {\n \"customType\": \"regex\",\n \"fileMatch\": [ \"\\\\.gitlab-ci\\\\.ya?ml$\" ], \n \"matchStrings\": [ \"\\\\s?_IMAGE:\\\\s['\\\"](?<registryUrls>.*?)\\\\/(?<depName>.*?):(?<currentValue>.*)['\\\"]\" ], \n \"datasourceTemplate\": \"docker\" \n },\n {\n \"customType\": \"regex\",\n \"fileMatch\": [ \"\\\\.gitlab-ci\\\\.ya?ml$\" ], \n \"matchStrings\": [ \"\\\\s?image:\\\\s['\\\"](?<registryUrls>.*?)\\\\/(?<depName>.*?):(?<currentValue>.*)['\\\"]\" ], \n \"datasourceTemplate\": \"docker\" \n }\n ] \n}"
},
{ {
"name": "RENOVATE_TOKEN", "name": "RENOVATE_TOKEN",
"description": "A GitLab access token to allow Renovate crawl your projects. [See doc](https://docs.renovatebot.com/modules/platform/gitlab/#authentication)", "description": "A GitLab access token to allow Renovate crawl your projects. [See doc](https://docs.renovatebot.com/modules/platform/gitlab/#authentication)",
......
############################# Requests ############################
# User agent to send with each request.
user_agent = "Mozilla/version Gecko/version Firefox/version"
...@@ -27,6 +27,33 @@ spec: ...@@ -27,6 +27,33 @@ spec:
description: tags to filter applicable runners for renovate-depcheck job description: tags to filter applicable runners for renovate-depcheck job
default: [] default: []
type: array type: array
onboarding-config:
description: Renovate configuration to use for onboarding PRs
default: >-
{
"$$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:recommended",
":dependencyDashboard"
],
"labels": [
"dependencies"
],
"customManagers": [
{
"customType": "regex",
"fileMatch": [ "\\.gitlab-ci\\.ya?ml$" ],
"matchStrings": [ "\\s?_IMAGE:\\s['\"](?<registryUrls>.*?)\\/(?<depName>.*?):(?<currentValue>.*)['\"]" ],
"datasourceTemplate": "docker"
},
{
"customType": "regex",
"fileMatch": [ "\\.gitlab-ci\\.ya?ml$" ],
"matchStrings": [ "\\s?image:\\s['\"](?<registryUrls>.*?)\\/(?<depName>.*?):(?<currentValue>.*)['\"]" ],
"datasourceTemplate": "docker"
}
]
}
--- ---
workflow: workflow:
rules: rules:
...@@ -70,6 +97,7 @@ variables: ...@@ -70,6 +97,7 @@ variables:
RENOVATE_LOG_FILE: renovate-log.ndjson RENOVATE_LOG_FILE: renovate-log.ndjson
RENOVATE_LOG_FILE_LEVEL: debug RENOVATE_LOG_FILE_LEVEL: debug
LOG_LEVEL: info LOG_LEVEL: info
RENOVATE_ONBOARDING_CONFIG: $[[ inputs.onboarding-config ]]
.renovate-scripts: &renovate-scripts | .renovate-scripts: &renovate-scripts |
# BEGSCRIPT # BEGSCRIPT
...@@ -219,7 +247,79 @@ variables: ...@@ -219,7 +247,79 @@ variables:
log_info "... done" log_info "... done"
} }
# evaluate and export a secret
# - $1: secret variable name
function eval_secret() {
name=$1
value=$(eval echo "\$${name}")
case "$value" in
@b64@*)
decoded=$(mktemp)
errors=$(mktemp)
if echo "$value" | cut -c6- | base64 -d > "${decoded}" 2> "${errors}"
then
# shellcheck disable=SC2086
export ${name}="$(cat ${decoded})"
log_info "Successfully decoded base64 secret \\e[33;1m${name}\\e[0m"
else
fail "Failed decoding base64 secret \\e[33;1m${name}\\e[0m:\\n$(sed 's/^/... /g' "${errors}")"
fi
;;
@hex@*)
decoded=$(mktemp)
errors=$(mktemp)
if echo "$value" | cut -c6- | sed 's/\([0-9A-F]\{2\}\)/\\\\x\1/gI' | xargs printf > "${decoded}" 2> "${errors}"
then
# shellcheck disable=SC2086
export ${name}="$(cat ${decoded})"
log_info "Successfully decoded hexadecimal secret \\e[33;1m${name}\\e[0m"
else
fail "Failed decoding hexadecimal secret \\e[33;1m${name}\\e[0m:\\n$(sed 's/^/... /g' "${errors}")"
fi
;;
@url@*)
url=$(echo "$value" | cut -c6-)
if command -v curl > /dev/null
then
decoded=$(mktemp)
errors=$(mktemp)
if curl -s -S -f --connect-timeout 5 -o "${decoded}" "$url" 2> "${errors}"
then
# shellcheck disable=SC2086
export ${name}="$(cat ${decoded})"
log_info "Successfully curl'd secret \\e[33;1m${name}\\e[0m"
else
log_warn "Failed getting secret \\e[33;1m${name}\\e[0m:\\n$(sed 's/^/... /g' "${errors}")"
fi
elif command -v wget > /dev/null
then
decoded=$(mktemp)
errors=$(mktemp)
if wget -T 5 -O "${decoded}" "$url" 2> "${errors}"
then
# shellcheck disable=SC2086
export ${name}="$(cat ${decoded})"
log_info "Successfully wget'd secret \\e[33;1m${name}\\e[0m"
else
log_warn "Failed getting secret \\e[33;1m${name}\\e[0m:\\n$(sed 's/^/... /g' "${errors}")"
fi
else
fail "Couldn't get secret \\e[33;1m${name}\\e[0m: no http client found"
fi
;;
esac
}
function eval_all_secrets() {
encoded_vars=$(env | grep -v '^scoped__' | awk -F '=' '/^[a-zA-Z0-9_]*=@(b64|hex|url)@/ {print $1}')
for var in $encoded_vars
do
eval_secret "$var"
done
}
unscope_variables unscope_variables
eval_all_secrets
# ENDSCRIPT # ENDSCRIPT
...@@ -239,7 +339,7 @@ stages: ...@@ -239,7 +339,7 @@ stages:
image: $RENOVATE_IMAGE image: $RENOVATE_IMAGE
services: services:
- name: "$TBC_TRACKING_IMAGE" - name: "$TBC_TRACKING_IMAGE"
command: ["--service", "renovate", "1.3.0"] command: ["--service", "renovate", "1.4.1"]
variables: variables:
RENOVATE_BASE_DIR: $CI_PROJECT_DIR RENOVATE_BASE_DIR: $CI_PROJECT_DIR
RENOVATE_CACHE_DIR: $CI_PROJECT_DIR/.cache/renovate RENOVATE_CACHE_DIR: $CI_PROJECT_DIR/.cache/renovate
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment