From 419477fffa532e1811d5725377ec797ade749853 Mon Sep 17 00:00:00 2001 From: Jory Irving Date: Mon, 8 Jan 2024 08:20:16 -0700 Subject: [PATCH] chore: switch to GHA renovate --- .github/renovate.json5 | 34 +++--------- .github/renovate/autoMerge.json5 | 13 ----- .github/renovate/commitMessage.json5 | 12 ----- .github/renovate/labels.json5 | 29 ----------- .github/renovate/semanticCommits.json5 | 62 ---------------------- .github/workflows/publish.yaml | 29 ++++++++--- .github/workflows/renovate.yaml | 71 ++++++++++++++++++++++++++ 7 files changed, 99 insertions(+), 151 deletions(-) delete mode 100644 .github/renovate/autoMerge.json5 delete mode 100644 .github/renovate/commitMessage.json5 delete mode 100644 .github/renovate/labels.json5 delete mode 100644 .github/renovate/semanticCommits.json5 create mode 100644 .github/workflows/renovate.yaml diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 42a10a7..f6e4584 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -1,34 +1,14 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ - "config:base", + "config:recommended", "docker:enableMajor", - ":disableRateLimiting", ":dependencyDashboard", - ":semanticCommits", - ":enablePreCommit", - ":automergeDigest", - ":automergeBranch", - "github>LilDrunkenSmurf/containers//.github/renovate/autoMerge.json5", - "github>LilDrunkenSmurf/containers//.github/renovate/commitMessage.json5", - "github>LilDrunkenSmurf/containers//.github/renovate/labels.json5", - "github>LilDrunkenSmurf/containers//.github/renovate/semanticCommits.json5", - "helpers:pinGitHubActionDigests" + ":disableRateLimiting", + ":semanticCommits" ], - "dependencyDashboard": true, + "onboarding": false, + "requireConfig": "optional", "dependencyDashboardTitle": "Renovate Dashboard 🤖", - "suppressNotifications": ["prIgnoreNotification"], - "rebaseWhen": "conflicted", - "pre-commit": { - "enabled": true - }, - "regexManagers": [ - { - "fileMatch": ["(^|/)Dockerfile$"], - "matchStrings": [ - "datasource=(?.*?) depName=(?.*?) versioning=(?.*?)\\sARG .*?_VERSION=(?v.*)\\s" - ], - "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}" - } - ] -} + "suppressNotifications": ["prEditedNotification", "prIgnoreNotification"] +} \ No newline at end of file diff --git a/.github/renovate/autoMerge.json5 b/.github/renovate/autoMerge.json5 deleted file mode 100644 index da30e58..0000000 --- a/.github/renovate/autoMerge.json5 +++ /dev/null @@ -1,13 +0,0 @@ -{ - "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "packageRules": [ - { - "description": "Auto merge GitHub Actions", - "matchManagers": ["github-actions"], - "automerge": true, - "automergeType": "branch", - "ignoreTests": true, - "matchUpdateTypes": ["minor", "patch", "digest"] - } - ] -} diff --git a/.github/renovate/commitMessage.json5 b/.github/renovate/commitMessage.json5 deleted file mode 100644 index 52ae185..0000000 --- a/.github/renovate/commitMessage.json5 +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "commitMessageTopic": "{{depName}}", - "commitMessageExtra": "to {{newVersion}}", - "commitMessageSuffix": "", - "packageRules": [ - { - "matchDatasources": ["docker"], - "commitMessageTopic": "image {{depName}}" - } - ] -} diff --git a/.github/renovate/labels.json5 b/.github/renovate/labels.json5 deleted file mode 100644 index fccbfa8..0000000 --- a/.github/renovate/labels.json5 +++ /dev/null @@ -1,29 +0,0 @@ -{ - "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "packageRules": [ - { - "matchUpdateTypes": ["major"], - "labels": ["type/major"] - }, - { - "matchUpdateTypes": ["minor"], - "labels": ["type/minor"] - }, - { - "matchUpdateTypes": ["patch"], - "labels": ["type/patch"] - }, - { - "matchDatasources": ["docker"], - "addLabels": ["renovate/container"] - }, - { - "matchDatasources": ["github-releases", "github-tags"], - "addLabels": ["renovate/github-release"] - }, - { - "matchManagers": ["github-actions"], - "addLabels": ["renovate/github-action"] - } - ] -} diff --git a/.github/renovate/semanticCommits.json5 b/.github/renovate/semanticCommits.json5 deleted file mode 100644 index 9ba0ef1..0000000 --- a/.github/renovate/semanticCommits.json5 +++ /dev/null @@ -1,62 +0,0 @@ -{ - "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "packageRules": [ - { - "matchDatasources": ["docker"], - "matchUpdateTypes": ["major"], - "commitMessagePrefix": "feat(container)!: " - }, - { - "matchDatasources": ["docker"], - "matchUpdateTypes": ["minor"], - "semanticCommitType": "feat", - "semanticCommitScope": "container" - }, - { - "matchDatasources": ["docker"], - "matchUpdateTypes": ["patch"], - "semanticCommitType": "fix", - "semanticCommitScope": "container" - }, - { - "matchDatasources": ["docker"], - "matchUpdateTypes": ["digest"], - "semanticCommitType": "chore", - "semanticCommitScope": "container" - }, - { - "matchDatasources": ["github-releases", "github-tags"], - "matchUpdateTypes": ["major"], - "commitMessagePrefix": "feat(github-release)!: " - }, - { - "matchDatasources": ["github-releases", "github-tags"], - "matchUpdateTypes": ["minor"], - "semanticCommitType": "feat", - "semanticCommitScope": "github-release" - }, - { - "matchDatasources": ["github-releases", "github-tags"], - "matchUpdateTypes": ["patch"], - "semanticCommitType": "fix", - "semanticCommitScope": "github-release" - }, - { - "matchManagers": ["github-actions"], - "matchUpdateTypes": ["major"], - "commitMessagePrefix": "feat(github-action)!: " - }, - { - "matchManagers": ["github-actions"], - "matchUpdateTypes": ["minor"], - "semanticCommitType": "feat", - "semanticCommitScope": "github-action" - }, - { - "matchManagers": ["github-actions"], - "matchUpdateTypes": ["patch"], - "semanticCommitType": "fix", - "semanticCommitScope": "github-action" - } - ] -} diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 596dec3..6954251 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -13,8 +13,21 @@ jobs: outputs: apps: ${{ steps.set-matrix.outputs.apps }} steps: - - name: Checkout code - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + - name: Lowercase repository owner + shell: bash + run: echo "LOWERCASE_REPO_OWNER=${GITHUB_REPOSITORY_OWNER,,}" >> $GITHUB_ENV + + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: "${{ secrets.BOT_APP_ID }}" + private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + + - name: Checkout + uses: actions/checkout@v4 + with: + token: "${{ steps.app-token.outputs.token }}" - name: Collect changed files uses: dorny/paths-filter@v2 @@ -45,10 +58,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + uses: actions/checkout@v4 - name: Login to ghcr - uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2 + uses: docker/login-action@v2 with: registry: ghcr.io username: ${{ github.actor }} @@ -56,18 +69,18 @@ jobs: - name: Container meta id: meta - uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4 + uses: docker/metadata-action@v4 with: images: | - ghcr.io/${{ github.repository_owner }}/${{ matrix.app }} + ghcr.io/${{ env.LOWERCASE_REPO_OWNER }}/${{ matrix.app }} tags: | type=sha, format=long - name: Build and push to ghcr - uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9 # v4 + uses: docker/build-push-action@v4 with: context: . file: 'apps/${{ matrix.app }}/Dockerfile' push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} \ No newline at end of file + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml new file mode 100644 index 0000000..7fbc6b8 --- /dev/null +++ b/.github/workflows/renovate.yaml @@ -0,0 +1,71 @@ +--- + name: "Renovate" + + on: + workflow_dispatch: + inputs: + dryRun: + description: Dry Run + default: "false" + required: false + logLevel: + description: Log Level + default: debug + required: false + version: + description: Renovate version + default: latest + required: false + schedule: + - cron: "0 * * * *" + push: + branches: ["main"] + paths: + - .github/renovate.json5 + + concurrency: + group: ${{ github.workflow }}-${{ github.event.number || github.ref }} + cancel-in-progress: true + + # Retrieve BOT_USER_ID via `curl -s "https://api.github.com/users/${BOT_USERNAME}%5Bbot%5D" | jq .id` + env: + RENOVATE_PLATFORM: github + RENOVATE_PLATFORM_COMMIT: true + RENOVATE_ONBOARDING_CONFIG_FILE_NAME: .github/renovate.json5 + RENOVATE_AUTODISCOVER: true + RENOVATE_AUTODISCOVER_FILTER: "${{ github.repository }}" + RENOVATE_USERNAME: "${{ secrets.BOT_USERNAME }}[bot]" + RENOVATE_GIT_AUTHOR: "${{ secrets.BOT_USERNAME }} <${{ secrets.BOT_USER_ID }}+${{ secrets.BOT_USERNAME }}[bot]@users.noreply.github.com>" + WORKFLOW_RENOVATE_DRY_RUN: false + WORKFLOW_RENOVATE_LOG_LEVEL: debug + WORKFLOW_RENOVATE_VERSION: latest + + jobs: + renovate: + name: Renovate + runs-on: ubuntu-latest + steps: + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: "${{ secrets.BOT_APP_ID }}" + private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + + - name: Checkout + uses: actions/checkout@v4 + with: + token: "${{ steps.app-token.outputs.token }}" + + - name: Override default config from dispatch variables + shell: bash + run: | + echo "RENOVATE_DRY_RUN=${{ github.event.inputs.dryRun || env.WORKFLOW_RENOVATE_DRY_RUN }}" >> $GITHUB_ENV + echo "LOG_LEVEL=${{ github.event.inputs.logLevel || env.WORKFLOW_RENOVATE_LOG_LEVEL }}" >> $GITHUB_ENV + + - name: Renovate + uses: renovatebot/github-action@v39.2.4 + with: + configurationFile: "${{ env.RENOVATE_ONBOARDING_CONFIG_FILE_NAME }}" + token: "${{ steps.app-token.outputs.token }}" + renovate-version: "${{ github.event.inputs.version || env.WORKFLOW_RENOVATE_VERSION }}" \ No newline at end of file