Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(config): migrate renovate config #1651

Closed
wants to merge 1 commit into from
+125 −152
Closed

chore(config): migrate renovate config #1651

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
277 changes: 125 additions & 152 deletions .github/renovate.json5
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,186 +1,159 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:base",
":gitSignOff",
"helpers:pinGitHubActionDigests"
$schema: 'https://docs.renovatebot.com/renovate-schema.json',
extends: [
'config:recommended',
':gitSignOff',
'helpers:pinGitHubActionDigests',
],
// This ensures that the gitAuthor and gitSignOff fields match
"gitAuthor": "renovate[bot] <[email protected]>",
"includePaths": [
".github/workflows/**",
"go.mod",
"go.sum",
"Makefile",
gitAuthor: 'renovate[bot] <[email protected]>',
includePaths: [
'.github/workflows/**',
'go.mod',
'go.sum',
'Makefile',
],
postUpdateOptions: [
"gomodTidy"
'gomodTidy',
],
"ignoreDeps": [
"github.com/cilium/cilium"
ignoreDeps: [
'github.com/cilium/cilium',
],
"pinDigests": true,
"prHourlyLimit": 2, // do not open more than two pull requests an hour
"prConcurrentLimit": 5, // do not open more than five PRs per branch at a time
"schedule": ["before 6am on tuesday"], // only run renovate part of the day tuesday
"separateMajorMinor": true,
"separateMultipleMajor": true,
"separateMinorPatch": true,
"pruneStaleBranches": true,
"baseBranches": [
"main",
pinDigests: true,
prHourlyLimit: 2,
prConcurrentLimit: 5,
schedule: [
'on friday',
],
"vulnerabilityAlerts": {
"enabled": true
},
"labels": [
"kind/enhancement",
"release-note/misc",
"priority/release-blocker"
separateMajorMinor: true,
separateMultipleMajor: true,
separateMinorPatch: true,
pruneStaleBranches: true,
baseBranches: [
'main',
],
// uncomment after renovate onboarding is merged and renovate PRs are merged
"schedule": [
"on friday"
vulnerabilityAlerts: {
enabled: true,
},
labels: [
'kind/enhancement',
'release-note/misc',
'priority/release-blocker',
],
"stopUpdatingLabel": "renovate/stop-updating",
"packageRules": [
// Based on https://docs.renovatebot.com/key-concepts/automerge/#automerge-non-major-updates
// and tetragon's automerge config.
stopUpdatingLabel: 'renovate/stop-updating',
packageRules: [
{
"matchPackageNames": [
"go", // golang version directive upgrade in go.mod
],
// list of trusted packages that can automerge
"matchPackagePrefixes": [
"docker.io/library/", // official Docker images
"github.com/golang/", // Golang official org
"golang.org/x/", // Golang official experimental org
"google.golang.org/", // Google official repo for api/genproto/grpc/protobuf
"github.com/google/", // Google official github org
"k8s.io/", // Kubernetes official repo
"sigs.k8s.io/", // Kubernetes official SIG repo
],
// auto merge non-major updates
"matchUpdateTypes": [
"minor",
"patch",
"pin",
"pinDigest"
],
"automerge": true
matchPackageNames: [
'go',
'docker.io/library/{/,}**',
'github.com/golang/{/,}**',
'golang.org/x/{/,}**',
'google.golang.org/{/,}**',
'github.com/google/{/,}**',
'k8s.io/{/,}**',
'sigs.k8s.io/{/,}**',
],
matchUpdateTypes: [
'minor',
'patch',
'pin',
'pinDigest',
],
automerge: true,
},
{
"groupName": "all github action dependencies",
"groupSlug": "all-github-action",
"matchPaths": [
".github/workflows/**"
],
"matchUpdateTypes": [
"major",
"minor",
"digest",
"patch",
"pin",
"pinDigest"
groupName: 'all github action dependencies',
groupSlug: 'all-github-action',
matchFileNames: [
'.github/workflows/**',
],
matchUpdateTypes: [
'major',
'minor',
'digest',
'patch',
'pin',
'pinDigest',
],
},
{
"groupName": "all go dependencies main",
"groupSlug": "all-go-deps-main",
"matchFiles": [
"go.mod",
"go.sum"
],
"postUpdateOptions": [
// update source import paths on major updates
"gomodUpdateImportPaths",
],
"matchUpdateTypes": [
"major",
"minor",
"digest",
"patch",
"pin",
"pinDigest"
groupName: 'all go dependencies main',
groupSlug: 'all-go-deps-main',
matchFileNames: [
'go.mod',
'go.sum',
],
postUpdateOptions: [
'gomodUpdateImportPaths',
],
matchUpdateTypes: [
'major',
'minor',
'digest',
'patch',
'pin',
'pinDigest',
],
matchBaseBranches: [
"main"
]
'main',
],
},
{
"enabled": false,
"matchPackageNames": [
// All of these packages are maintained on a Cilium fork. Thus, we don't
// want to update them automatically.
"go.universe.tf/metallb",
"github.com/cilium/metallb",
"github.com/miekg/dns",
"github.com/cilium/dns",
"sigs.k8s.io/controller-tools",
"github.com/cilium/controller-tools",
"k8s.io/client-go",
"github.com/cilium/client-go",
// We update this dependency manually together with envoy proxy updates
"github.com/cilium/proxy",
// We need v1.0.6-0.20210604193023-d5e0c0615ace from pflag, but
// renovate wants to downgrade to 1.0.5. Can be removed if pflag ever
// tags a new release.
"github.com/spf13/pflag",
],
"matchPackagePatterns": [
// k8s dependencies will be updated manually along with tests
"k8s.io/*",
"sigs.k8s.io/*"
]
enabled: false,
matchPackageNames: [
'go.universe.tf/metallb',
'github.com/cilium/metallb',
'github.com/miekg/dns',
'github.com/cilium/dns',
'sigs.k8s.io/controller-tools',
'github.com/cilium/controller-tools',
'k8s.io/client-go',
'github.com/cilium/client-go',
'github.com/cilium/proxy',
'github.com/spf13/pflag',
'/k8s.io/*/',
'/sigs.k8s.io/*/',
],
},
{
// Update Go version used in images, CI, in the same group
"groupName": "golang",
"matchPackageNames": [
"docker.io/library/golang",
"library/golang",
"go",
"golang"
groupName: 'golang',
matchPackageNames: [
'docker.io/library/golang',
'library/golang',
'go',
'golang',
],
},
{
"groupName": "alpine",
// Restrict the alpine version that can be used on stable branches
"matchPackageNames": [
"docker.io/library/alpine"
groupName: 'alpine',
matchPackageNames: [
'docker.io/library/alpine',
],
},
{
// Group golangci-lint updates to overrule grouping of version updates in the GHA files.
// Without this, golangci-lint updates are not in sync for GHA files and other usages.
"groupName": "golangci-lint",
"matchDepNames": [
"golangci/golangci-lint"
]
groupName: 'golangci-lint',
matchDepNames: [
'golangci/golangci-lint',
],
},
],
"regexManagers": [
customManagers: [
{
"fileMatch": [
"^\\.github/workflows/[^/]+\\.ya?ml$"
],
// This regex manages version strings in GitHub actions workflow files,
// similar to the examples shown here:
// https://docs.renovatebot.com/modules/manager/regex/#advanced-capture
"matchStrings": [
"# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)\\s+.+(?:version|VERSION): +['\"]?(?<currentValue>[^\\s'\"]+)['\"]?"
]
customType: 'regex',
fileMatch: [
'^\\.github/workflows/[^/]+\\.ya?ml$',
],
matchStrings: [
'# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)\\s+.+(?:version|VERSION): +[\'"]?(?<currentValue>[^\\s\'"]+)[\'"]?',
],
},
{
"fileMatch": [
"^Makefile$"
],
// This regex manages version strings in the Makefile,
// similar to the examples shown here:
// https://docs.renovatebot.com/modules/manager/regex/#advanced-capture
"matchStrings": [
"# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)\\s+.+_VERSION = (?<currentValue>.*)\\s+.+_SHA = (?<currentDigest>sha256:[a-f0-9]+)"
]
customType: 'regex',
fileMatch: [
'^Makefile$',
],
matchStrings: [
'# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)\\s+.+_VERSION = (?<currentValue>.*)\\s+.+_SHA = (?<currentDigest>sha256:[a-f0-9]+)',
],
},
]
],
}