ThomasTSteinbach
113b568b41
## Intent README was missing the new preset and didn't mention digest pinning support in kubernetes-deployment. ## Details - Add regex-ungroup-pin-digests section explaining the Renovate bug workaround - Update kubernetes-deployment section: mention two managers, digest pinning support |
||
|---|---|---|
| automerge-all-but-major.json | ||
| common.json | ||
| dagger-module-deps.json | ||
| dagger.json | ||
| default.json | ||
| dockerfile-versions.json | ||
| forgejo-reusable-workflows.json | ||
| kubernetes-deployment.json | ||
| README.md | ||
| regex-ungroup-pin-digests.json | ||
| step-by-step-upgrades.json | ||
| ubuntu-docker-versioning.json | ||
| update-renovate-tools.json | ||
renovate-config
This repository contains shared Renovate presets for all repos on git.xarif.de.
Usage
Add a renovate.json to your project extending the presets you need:
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["local>infra/renovate-config:common"]
}
commonis the baseline for all repos.- Add topic-specific presets on top as needed.
Dagger repos
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"local>infra/renovate-config:common",
"local>infra/renovate-config:dagger"
]
}
Dagger repos that consume shared modules
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"local>infra/renovate-config:common",
"local>infra/renovate-config:dagger",
"local>infra/renovate-config:dagger-module-deps"
]
}
Preset Description
automerge-all-but-major
Included in common.
Affects all non-major updates.
Enabled Auto Merge for them.
common
Includes multiple other presets. Have a look into the configuration.
dockerfile-versions
Included in common.
The same like customManagers:dockerfileVersions, but also for Dockerfiles in nested directories.
Update _VERSION variables in Dockerfiles.
Example:
# renovate: datasource=github-releases packageName=kubernetes/kubernetes
ENV KUBECTL_VERSION=v1.23.0
RUN curl -LO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl"
Allows to define (see template fields documentation):
- datasource (mandatory)
- packageName (optional)
- lookupName/packageName (optional)
- versioning (optional)
- extractVersion (optional)
- registryUrl (optiomal)
More Information: https://docs.renovatebot.com/modules/manager/regex/#advanced-capture
dagger
For all repos using the Dagger CI/CD engine.
Tracks:
- Dagger engine version in
dagger.json(engineVersionfield) via a custom regex manager againstdagger/daggerGitHub releases. - Commit message separation for engine vs Go SDK updates.
dagger-module-deps
For repos that consume shared Dagger modules (i.e. have dependencies in dagger.json).
Tracks the pin commit SHA for each dependency via the git-refs datasource. When new commits land on the tracked branch, Renovate opens a PR to update the pin.
kubernetes-deployment
For Kubernetes repos under https://git.xarif.de/kubernetes.
Recreates vendored charts/ directory via kustomize build --enable-helm postUpgradeTask. Enables the Kubernetes manager for root YAML files but ignores charts/.
Includes two custom regex managers for Docker images that Renovate's built-in managers can't detect — specifically inline image: registry/repo:tag in values.yaml or IMAGE="registry/repo:tag" in shell scripts. Annotate the line above the image reference with a # renovate: comment to opt in:
# values.yaml
extraContainers:
- name: my-sidecar
# renovate: datasource=docker
image: registry.gitlab.com/xarif/docker/my-image:v1.0.0
# kustomize-build.sh
# renovate: datasource=docker
IMAGE="git.xarif.de/docker/my-image:latest"
Digest pinning is supported — Renovate will add @sha256:... after the tag. Existing digests are updated on subsequent runs.
Supported comment fields (same as dockerfile-versions):
datasource(mandatory, typicallydocker)depName(optional, overrides the image name)versioning(optional)
regex-ungroup-pin-digests
Included in common.
Works around a Renovate bug where multiple custom regex dependencies in the same file cause "depName mismatch" errors when grouped into a single renovate/pin-dependencies branch. Applying replacements sequentially shifts byte offsets, causing subsequent matches to find the wrong dependency.
This preset sets groupName: null for pinDigest updates from custom regex managers, giving each dependency its own branch.
step-by-step-upgrades
Included in common.
Ensures that Renovate won't skip minor and major versions.
Affects all minor and major upgrades.
Does the following to them:
- Update minor versions step-by-step (e.g. 1.0.x -> 1.1.x -> 1.2.x and NOT 1.0.x -> 1.2.x)
- Update major versions step-by-step (e.g. 1.x -> 2.x -> 3.x and NOT 1.x -> 3.x)
update-renovate-tools
Included in common.
Update binaries installed by Renovate itself.
Affects:
- renovate.json
Example:
With following configuration in your renovate.json, this preset would update kustomize and helm.
"postUpgradeTasks": {
"commands": [
"install-tool kustomize v5.3.0",
"install-tool helm v3.17.0",
"rm -rf argocd/charts",
"kustomize build --enable-helm argocd"
]
}