Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: add renovate #1262

Merged
merged 1 commit into from
Dec 4, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
97 changes: 97 additions & 0 deletions .github/renovate-config.json5
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
{
$schema: "https://docs.renovatebot.com/renovate-schema.json",
branchPrefix: "grafanarenovatebot/",
customDatasources: {
"kubectl": {
"defaultRegistryUrlTemplate": "https://cdn.dl.k8s.io/release/stable.txt",
"format": "plain",
"transformTemplates": [
"{\"releases\": [releases . {\"version\": $substring(version, 1)}]}",
],
},
"helm": {
"defaultRegistryUrlTemplate": "https://api.github.com/repos/helm/helm/releases",
"format": "json",
"transformTemplates": [
"{\"releases\": [$.tag_name . {\"version\": $substring($, 1)}]}",
],
},
"kustomize": {
"defaultRegistryUrlTemplate": "https://api.github.com/repos/kubernetes-sigs/kustomize/releases",
"format": "json",
"transformTemplates": [
"{\"releases\": [$$ [$match(tag_name, /kustomize.*/) and $not(draft) and $not(prerelease) ] . {\"version\": $substringAfter(tag_name, \"/v\")}]}",
],
},
},

customManagers: [
{
"customType": "regex",
"fileMatch": ["Dockerfile"],
"matchStrings": [
"ARG KUBECTL_VERSION=(?<currentValue>\\S+)",
],
"datasourceTemplate": "custom.kubectl",
"depNameTemplate": "kubectl",
},
{
"customType": "regex",
"fileMatch": ["Dockerfile"],
"matchStrings": [
"ARG HELM_VERSION=(?<currentValue>\\S+)",
],
"datasourceTemplate": "custom.helm",
"depNameTemplate": "helm",
"versioningTemplate": "semver",
},
{
"customType": "regex",
"fileMatch": ["Dockerfile"],
"matchStrings": [
"ARG KUSTOMIZE_VERSION=(?<currentValue>\\S+)",
],
"datasourceTemplate": "custom.kustomize",
"depNameTemplate": "kustomize",
"versioningTemplate": "semver",
},
],
dependencyDashboard: false,
enabledManagers: ["custom.regex"],
forkProcessing: "enabled",
globalExtends: [":pinDependencies", "config:best-practices"],
onboarding: false,
osvVulnerabilityAlerts: true,
packageRules: [
{
labels: ["update-major"],
matchUpdateTypes: ["major"],
},
{
labels: ["update-minor"],
matchUpdateTypes: ["minor"],
},
{
automerge: true,
labels: ["automerge-patch"],
matchUpdateTypes: ["patch"],
},
{
labels: ["update-digest"],
matchUpdateTypes: ["digest"],
},
{
// Run the custom matcher on early Monday mornings (UTC)
schedule: "* 0-4 * * 1",
matchPackageNames: ["ghcr.io/renovatebot/renovate"],
},
],
platformCommit: "enabled",
rebaseWhen: "behind-base-branch",
requireConfig: "optional",
vulnerabilityAlerts: {
automerge: true,
enabled: true,
labels: ["automerge-security-update"],
},
}
21 changes: 1 addition & 20 deletions .github/workflows/acceptance-tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,30 +21,11 @@ jobs:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: "Determine dependency versions"
id: "versions"
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
const helmRelease = await github.rest.repos.getLatestRelease({
'owner': 'helm',
'repo': 'helm',
});
core.setOutput('helm', helmRelease.data.tag_name);
console.log('Helm version', helmRelease.data.tag_name);
const kustomizeReleases = await github.rest.repos.listReleases({
'owner': 'kubernetes-sigs',
'repo': 'kustomize',
});
const kustomizeRelease = kustomizeReleases.data.filter(release => release.tag_name.startsWith('kustomize') && !release.draft && !release.prerelease).map(release => release.tag_name.split('/')[1])[0];
console.log('Kustomize version', kustomizeRelease);
core.setOutput('kustomize', kustomizeRelease);

- name: Call Dagger Function
id: dagger
uses: dagger/dagger-for-github@e5153f5610d82ac9f3f848f3a25ad9d696641068 # v7.0.1
with:
version: "0.14.0"
verb: call
dagger-flags: "--silent"
args: "acceptance-tests --root-dir .:source-files --acceptance-tests-dir ./acceptance-tests --kustomize-version ${{ steps.versions.outputs.kustomize }} --helm-version ${{ steps.versions.outputs.helm }}"
args: "acceptance-tests --root-dir .:source-files --acceptance-tests-dir ./acceptance-tests"
30 changes: 0 additions & 30 deletions .github/workflows/docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,34 +36,7 @@ env:
type=semver,pattern={{version}},value=${{ inputs.tag }},enable=${{ inputs.tag != '' }}

jobs:
determine-versions:
runs-on: ubuntu-latest
outputs:
helm: ${{ steps.versions.outputs.helm }}
kustomize: ${{ steps.versions.outputs.kustomize }}
steps:
- name: "Determine dependency versions"
id: "versions"
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
const helmRelease = await github.rest.repos.getLatestRelease({
'owner': 'helm',
'repo': 'helm',
});
core.setOutput('helm', helmRelease.data.tag_name);
console.log('Helm version', helmRelease.data.tag_name);
const kustomizeReleases = await github.rest.repos.listReleases({
'owner': 'kubernetes-sigs',
'repo': 'kustomize',
});
const kustomizeRelease = kustomizeReleases.data.filter(release => release.tag_name.startsWith('kustomize') && !release.draft && !release.prerelease).map(release => release.tag_name.split('/')[1])[0];
console.log('Kustomize version', kustomizeRelease);
core.setOutput('kustomize', kustomizeRelease);

build:
needs:
- determine-versions
strategy:
fail-fast: false
matrix:
Expand Down Expand Up @@ -98,9 +71,6 @@ jobs:
context: .
labels: ${{ steps.meta.outputs.labels }}
outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=${{ github.event_name == 'push' }}
build-args: |
HELM_VERSION=${{ needs.determine-versions.outputs.helm }}
KUSTOMIZE_VERSION=${{ needs.determine-versions.outputs.kustomize }}

- name: Export digest
id: digest
Expand Down
79 changes: 79 additions & 0 deletions .github/workflows/renovate.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
name: Renovate
on:
schedule:
# Offset by 12 minutes to avoid busy times on the hour
- cron: 12 */4 * * *

pull_request:
paths:
- .github/renovate-config.json5
- .github/workflows/renovate.yml
types:
- edited
- opened
- ready_for_review
- synchronize

push:
branches:
- main
paths:
- .github/renovate-config.json5
- .github/workflows/renovate.yml

workflow_dispatch:
inputs:
dry-run:
description: "Run Renovate in dry-run mode"
required: false
default: false
type: boolean

jobs:
renovate:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
timeout-minutes: 5

steps:
- name: Checkout Code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
sparse-checkout: |
.github/renovate-config.json5

- name: Retrieve renovate secrets
id: get-secrets
uses: grafana/shared-workflows/actions/get-vault-secrets@97c6f45f01d4bca8a3b1acfe397113ce88858a81 # get-vault-secrets-v1.0.1
with:
common_secrets: |
GRAFANA_RENOVATE_APP_ID=grafana-renovate-app:app-id
GRAFANA_RENOVATE_PRIVATE_KEY=grafana-renovate-app:private-key

- name: Generate token
id: generate-token
uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
with:
app-id: ${{ env.GRAFANA_RENOVATE_APP_ID }}
private-key: ${{ env.GRAFANA_RENOVATE_PRIVATE_KEY }}

- name: Self-hosted Renovate
uses: renovatebot/github-action@936628dfbff213ab2eb95033c5e123cfcaf09ebb # v41.0.5
with:
configurationFile: .github/renovate-config.json5
# renovate: datasource=docker depName=ghcr.io/renovatebot/renovate
renovate-version: 39.42.4@sha256:c5d718e312cdacc0746e37f13c215ff498be28c51e50efd24c070ae29f5b636a
token: ${{ steps.generate-token.outputs.token }}
env:
LOG_LEVEL: ${{ github.event_name == 'pull_request' && 'debug' || 'info' }}
# For pull requests, this means we'll get the dependencies of the PR's
# branch, so you can fix/change things and see the results in the PR's
# run. By default, Renovate will clone the main/default branch.
RENOVATE_BASE_BRANCHES: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || null }}
# Dry run if the event is pull_request, or workflow_dispatch AND the dry-run input is true
RENOVATE_DRY_RUN: ${{ (github.event_name == 'pull_request' || (github.event_name == 'workflow_dispatch' && github.event.inputs.dry-run == 'true')) && 'full' || null }}
RENOVATE_PLATFORM: github
RENOVATE_REPOSITORIES: ${{ github.repository }}
RENOVATE_USERNAME: GrafanaRenovateBot
20 changes: 8 additions & 12 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
# download kubectl
FROM golang:1.23.3-alpine AS kubectl
ARG KUBECTL_VERSION=1.31.3
RUN apk add --no-cache curl
RUN export VERSION=$(curl -s https://cdn.dl.k8s.io/release/stable.txt) &&\
export OS=$(go env GOOS) && \
RUN export OS=$(go env GOOS) && \
export ARCH=$(go env GOARCH) &&\
curl -o /usr/local/bin/kubectl -L https://cdn.dl.k8s.io/release/${VERSION}/bin/${OS}/${ARCH}/kubectl &&\
curl -o /usr/local/bin/kubectl -L https://cdn.dl.k8s.io/release/v${KUBECTL_VERSION}/bin/${OS}/${ARCH}/kubectl &&\
chmod +x /usr/local/bin/kubectl

# build jsonnet-bundler
Expand All @@ -19,25 +19,21 @@ RUN apk add --no-cache git make bash &&\

FROM golang:1.23.3-alpine AS helm
WORKDIR /tmp/helm
ARG HELM_VERSION
ARG HELM_VERSION=3.16.3
RUN apk add --no-cache jq curl
RUN export OS=$(go env GOOS) && \
export ARCH=$(go env GOARCH) &&\
if [[ -z ${HELM_VERSION} ]]; then export HELM_VERSION=$(curl --silent "https://api.github.com/repos/helm/helm/releases" | jq -r '.[0].tag_name'); fi && \
curl -SL "https://get.helm.sh/helm-${HELM_VERSION}-${OS}-${ARCH}.tar.gz" > helm.tgz && \
curl -SL "https://get.helm.sh/helm-v${HELM_VERSION}-${OS}-${ARCH}.tar.gz" > helm.tgz && \
tar -xvf helm.tgz --strip-components=1

FROM golang:1.23.3-alpine AS kustomize
WORKDIR /tmp/kustomize
ARG KUSTOMIZE_VERSION
ARG KUSTOMIZE_VERSION=5.5.0
RUN apk add --no-cache jq curl
# Get the latest version of kustomize
# Releases are filtered by their name since the kustomize repository exposes multiple products in the releases
RUN export OS=$(go env GOOS) &&\
export ARCH=$(go env GOARCH) &&\
if [[ -z ${KUSTOMIZE_VERSION} ]]; then export KUSTOMIZE_VERSION=$(curl --silent "https://api.github.com/repos/kubernetes-sigs/kustomize/releases" | jq -r '[ .[] | select(.name | startswith("kustomize")) ] | .[0].tag_name | split("/")[1]'); fi && \
echo "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_${OS}_${ARCH}.tar.gz" && \
curl -SL "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_${OS}_${ARCH}.tar.gz" > kustomize.tgz && \
echo "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_${OS}_${ARCH}.tar.gz" && \
curl -SL "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_${OS}_${ARCH}.tar.gz" > kustomize.tgz && \
tar -xvf kustomize.tgz

FROM golang:1.23.3 AS build
Expand Down
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ test:
go test ./... -bench=. -benchmem

acceptance-tests:
dagger call acceptance-tests --root-dir .:source-files --acceptance-tests-dir ./acceptance-tests --kustomize-version "" --helm-version ""
dagger call acceptance-tests --root-dir .:source-files --acceptance-tests-dir ./acceptance-tests

# Compilation
dev:
Expand Down
48 changes: 8 additions & 40 deletions dagger/dagger.gen.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading
Loading