Renovate workflow (#122)

* add renovate * initial renovate setup * empty file to enable the bot * clarify * newline * update groups * update excecutionMode * bump app once, even if multiple deps are changed * update filters * restrict more * use bugclerk as author * mount socket and add script
2026-01-08 04:03:51 -05:00 · 2024-08-29 21:33:13 +03:00
parent 01cccd1623
commit 0e93a7bf8d
5 changed files with 126 additions and 0 deletions
--- a/.github/renovate-config.js
+++ b/.github/renovate-config.js
@@ -0,0 +1,68 @@
+module.exports = {
+  extends: [],
+  // https://docs.renovatebot.com/self-hosted-configuration/#dryrun
+  dryRun: false,
+  // https://docs.renovatebot.com/configuration-options/#gitauthor
+  gitAuthor: "bugclerk <bugclerk@ixsystems.com>",
+  // https://docs.renovatebot.com/self-hosted-configuration/#onboarding
+  onboarding: false,
+  // https://docs.renovatebot.com/configuration-options/#dependencydashboard
+  dependencyDashboard: true,
+  // https://docs.renovatebot.com/self-hosted-configuration/#platform
+  platform: "github",
+  // https://docs.renovatebot.com/self-hosted-configuration/#repositories
+  repositories: ["truenas/apps"],
+  // https://docs.renovatebot.com/self-hosted-configuration/#allowpostupgradecommandtemplating
+  allowPostUpgradeCommandTemplating: true,
+  // https://docs.renovatebot.com/self-hosted-configuration/#allowedpostupgradecommands
+  // TODO: Restrict this.
+  allowedPostUpgradeCommands: ["^.*"],
+  enabledManagers: ["regex", "github-actions"],
+  customManagers: [
+    {
+      // Match only ix_values.yaml files in the ix-dev directory
+      fileMatch: ["^ix-dev/.*/ix_values\\.yaml$"],
+      // Matches the repository name and the tag of each image
+      matchStrings: [
+        '\\s{4}repository: (?<depName>[^\\s]+)\\n\\s{4}tag: "?(?<currentValue>[^\\s"]+)"?',
+      ],
+      // Use the docker datasource on matched images
+      datasourceTemplate: "docker",
+    },
+  ],
+  packageRules: [
+    {
+      matchManagers: ["regex"],
+      matchDatasources: ["docker"],
+      postUpgradeTasks: {
+        // What to "git add" after the commands are run
+        fileFilters: [
+          "ix-dev/**/app.yaml", // For the version update
+          "ix-dev/**/templates/**", // For the app lib versioned dir
+        ],
+        // Execute the following commands for every dep.
+        executionMode: "update",
+        commands: [
+          "./.github/scripts/renovate_bump.sh {{{packageFileDir}}} {{{updateType}}}",
+        ],
+      },
+    },
+    {
+      matchDatasources: ["docker"],
+      matchUpdateTypes: ["major"],
+      labels: ["major"],
+    },
+    {
+      matchDatasources: ["docker"],
+      matchUpdateTypes: ["minor"],
+      groupName: "updates-patch-minor",
+      labels: ["minor"],
+    },
+    {
+      matchDatasources: ["docker"],
+      matchUpdateTypes: ["patch"],
+      groupName: "updates-patch-minor",
+      labels: ["patch"],
+    },
+  ],
+};
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -0,0 +1 @@
+{}
--- a/.github/scripts/renovate_bump.sh
+++ b/.github/scripts/renovate_bump.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+app_path=$1
+update_type=$2
+log_path="./renovate.log"
+
+if [[ -z "$app_path" ]]; then
+  echo "Missing app_path"
+  exit 1
+fi
+
+if [[ -z "$update_type" ]]; then
+  echo "Missing update_type"
+  exit 1
+fi
+
+if grep "{{{packageFileDir}}}" "$log_path"; then
+  exit 0
+fi
+
+docker run --quiet --rm \
+  --platform linux/amd64 \
+  -v ./:/workspace \
+  ghcr.io/truenas/apps_validation:latest app_bump_version \
+  --path /workspace/"$app_path" \
+  --bump "$update_type"
+
+echo "$app_path" >>"$log_path"
--- a/.github/workflows/renovate.yaml
+++ b/.github/workflows/renovate.yaml
@@ -0,0 +1,26 @@
+name: Renovate
+
+on:
+  workflow_dispatch:
+
+concurrency:
+  group: renovate
+  cancel-in-progress: false
+
+jobs:
+  renovate:
+    runs-on: actions-runner-large
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4.1.7
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Self-hosted Renovate
+        uses: renovatebot/github-action@v40.2.5
+        env:
+          RENOVATE_PR_HOURLY_LIMIT: 10
+        with:
+          configurationFile: .github/renovate-config.js
+          # TODO: https://github.com/renovatebot/github-action/tree/main?tab=readme-ov-file
+          token: ${{ secrets.RENOVATE_TOKEN }}
+          mount-docker-socket: true
--- a/cspell.config.yaml
+++ b/cspell.config.yaml
@@ -22,6 +22,8 @@ words:
  - cpus
  - creds
  - cuda
+  - datasource
+  - datasources
  - ddns
  - ddnss
  - desec
@@ -177,6 +179,7 @@ words:
  - tailscaled
  - tautulli
  - tdarr
+  - templating
  - tensorchord
  - tftpd
  - tmpfs