feat: use renovatebot

This brings the following improvements: 1. Faster updates 2. Keep lint and test dependencies up to date 3. Keep hadolint up to date Fixes: #98 Closes: #96
jbergstroem · Nov 3, 2022 · 8461798 · 8461798
1 parent aed0be7
commit 8461798
Show file tree

Hide file tree

Showing 6 changed files with 109 additions and 30 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
diff --git a/.github/matcher-actionlint.json b/.github/matcher-actionlint.json
@@ -0,0 +1,17 @@
+{
+  "problemMatcher": [
+    {
+      "owner": "actionlint",
+      "pattern": [
+        {
+          "regexp": "^(?:\\x1b\\[\\d+m)?(.+?)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*: (?:\\x1b\\[\\d+m)*(.+?)(?:\\x1b\\[\\d+m)* \\[(.+?)\\]$",
+          "file": 1,
+          "line": 2,
+          "column": 3,
+          "message": 4,
+          "code": 5
+        }
+      ]
+    }
+  ]
+}
diff --git a/.github/matcher-shellcheck.json b/.github/matcher-shellcheck.json
@@ -0,0 +1,18 @@
+{
+  "problemMatcher": [
+    {
+      "owner": "shellcheck",
+      "pattern": [
+        {
+          "regexp": "^(.+):(\\d+):(\\d+):\\s(note|warning|error):\\s(.*)\\s\\[(SC\\d+)\\]$",
+          "file": 1,
+          "line": 2,
+          "column": 3,
+          "severity": 4,
+          "message": 5,
+          "code": 6
+        }
+      ]
+    }
+  ]
+}
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -0,0 +1,42 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "baseBranches": ["main"],
+  "extends": [
+    ":separateMajorReleases",
+    ":rebaseStalePrs",
+    ":disableRateLimiting",
+    ":semanticCommits",
+    "group:allNonMajor"
+  ],
+  "enabledManagers": ["dockerfile", "github-actions", "regex"],
+  "commitMessageAction": "",
+  "commitMessageTopic": "{{depName}}",
+  "commitMessageExtra": "{{#if isMajor}}v{{{newMajor}}}{{else}}{{#if isSingleVersion}}v{{{newVersion}}}{{else}}{{{newValue}}}{{/if}}{{/if}}",
+  "regexManagers": [
+    {
+      "fileMatch": ["^\\.github/workflows/[^/]+\\.yml$"],
+      "matchStrings": [
+        "version: \"(?<currentValue>.*?)\"\\s+run: curl -Ls \"https://github.com/(?<depName>.*?)/releases/download.*"
+      ],
+      "datasourceTemplate": "github-releases",
+      "extractVersionTemplate": "^v(?<version>.*)$"
+    },
+    {
+      "fileMatch": ["^\\.github/workflows/[^/]+\\.yml$"],
+      "matchStrings": ["node-version: \"(?<currentValue>.*?)\"\\n"],
+      "depNameTemplate": "actions/node-versions",
+      "datasourceTemplate": "github-releases"
+    },
+    {
+      "fileMatch": ["^action\\.yml$"],
+      "matchStrings": ["version:\\s+default: (?<currentValue>.*?)\\n"],
+      "depNameTemplate": "hadolint/hadolint",
+      "datasourceTemplate": "github-releases",
+      "extractVersionTemplate": "default: (?<version>.*)$"
+    }
+  ],
+  "labels": ["type: dependencies"],
+  "prBodyTemplate": "{{{header}}}{{{table}}}{{{notes}}}{{{changelogs}}}{{{controls}}}{{{footer}}}",
+  "prHeader": "",
+  "prFooter": ""
+}
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -4,6 +4,8 @@ on:
     paths:
       # actionlint
       - ".github/workflows/*.yml"
+      # renovate
+      - ".github/renovate.json"
       # prettier
       - "**.md"
       - "**.yml"
@@ -12,47 +14,53 @@ on:
       - "**.sh"
 
 jobs:
+  validate-renovate-config:
+    name: Validate renovate config
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v3.1.0
+      - name: validate
+        uses: rinchsan/renovate-config-validator@v0.0.12
+        with:
+          pattern: ".github/renovate.json"
   actionlint:
-    name: actionlint
+    name: Actionlint
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v3.1.0
       - name: Install Actionlint
         env:
-          ACTIONLINT_VERSION: 1.6.18
-        run: |
-          wget -q -O- "https://github.com/rhysd/actionlint/releases/download/v${ACTIONLINT_VERSION}/actionlint_${ACTIONLINT_VERSION}_linux_amd64.tar.gz" | tar -x -z -C . actionlint && \
-          mv actionlint /usr/local/bin
+          version: "1.6.22"
+        run: curl -Ls "https://github.com/rhysd/actionlint/releases/download/v${{ env.version }}/actionlint_${{ env.version }}_linux_amd64.tar.gz" | sudo tar -x -z -C /usr/local/bin actionlint
       - name: Run Actionlint
         run: |
-          actionlint -format '{{range $err := .}}::error file={{$err.Filepath}},line={{$err.Line}},col={{$err.Column}}::{{$err.Message}}{{end}}' -ignore 'SC2016:' .github/workflows/*.yml
-
+          echo "::add-matcher::.github/matcher-actionlint.json"
+          actionlint -color
   prettier:
-    name: prettier
     runs-on: ubuntu-22.04
+    name: Prettier
     steps:
       - uses: actions/checkout@v3.1.0
       - uses: actions/setup-node@v3.5.1
         with:
-          node-version: 18
-      - name: install prettier
+          node-version: "18.11.0"
+      - name: Install prettier
         run: npm install -g prettier
-      - name: run prettier
+      - name: Run prettier
         run: prettier -c .
   shellcheck:
-    name: shellcheck
     runs-on: ubuntu-22.04
-    env:
-      SHELLCHECK_VERSION: 0.8.0
+    name: Shellcheck
     steps:
       - uses: actions/checkout@v3.1.0
-      - name: install shellcheck
+      - name: Install Shellcheck
+        env:
+          version: "0.8.0"
+        run: curl -Ls "https://github.com/koalaman/shellcheck/releases/download/v${{ env.version }}/shellcheck-v${{ env.version }}.linux.x86_64.tar.xz" | sudo tar -x -J --wildcards --strip-components=1 -C /usr/local/bin "shellcheck*/shellcheck"
+      - name: Verify shell scripts
         run: |
-          wget -q -O - "https://github.com/koalaman/shellcheck/releases/download/v${{ env.SHELLCHECK_VERSION }}/shellcheck-v${{ env.SHELLCHECK_VERSION }}.linux.x86_64.tar.xz" | tar -x -J --strip-components=1 -C . shellcheck-v${{ env.SHELLCHECK_VERSION }}/shellcheck && \
-          sudo mv shellcheck /usr/local/bin/
-      - name: verify shell scripts
-        # shellcheck source path is assumed to be the "root" git directory
-        run: shellcheck hadolint.sh lib/*.sh test/*.sh
+          echo "::add-matcher::.github/matcher-shellcheck.json"
+          shellcheck -f gcc -S warning hadolint.sh lib/*.sh test/*.sh
   shfmt:
     name: shfmt
     runs-on: ubuntu-22.04

diff --git a/action.yml b/action.yml
@@ -4,29 +4,29 @@ author: "Johan Bergström <bugs@bergstroem.nu>"
 
 inputs:
   dockerfile:
+    default: "./Dockerfile"
     description: Path to Dockerfile(s). Accepts shell expansions (`**/Dockerfile`)
     required: true
-    default: "./Dockerfile"
   config_file:
     description: Path to optional config (hadolint defaults to read `./hadolint.yml` if it exists)
     required: false
   error_level:
+    default: 0
     description: Fail CI based on hadolint output (`-1` never, `0` error, `1` warning, `2` info/style)
     required: false
-    default: 0
   annotate:
+    default: true
     description: Annotate code inline in the github PR viewer (`true`/`false`)
     required: true
-    default: true
   output_format:
     description: Output format (choose between `checkstyle`, `codeclimate`, `gitlab_codeclimate`, `json` or `tty`)
     required: false
   hadolint_path:
     description: Absolute path to hadolint binary. Left unset means it can be found in `$PATH`
     required: false
   version:
-    description: Use a specific version of Hadolint
     default: 2.10.0
+    description: Use a specific version of Hadolint
     required: true
 
 outputs: