mirror of
https://github.com/outbackdingo/Biohazard.git
synced 2026-01-27 10:18:27 +00:00
feat(renovate): less rebase noise,Cilium changelog
This commit is contained in:
JJGadgets
14
.github/workflows/renovate-rebase.yaml
vendored
Normal file
14
.github/workflows/renovate-rebase.yaml
vendored
Normal file
@@ -0,0 +1,14 @@
|
||||
---
|
||||
# yoinked from onedr0p and modified
|
||||
# info in comments is accurate as of 2023-11-25
|
||||
name: "Renovate (Manual Rebase Re-run)"
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: ["renovate/**"]
|
||||
|
||||
jobs:
|
||||
renovate:
|
||||
name: Renovate
|
||||
uses: ./.github/workflows/renovate.yaml
|
||||
secrets: inherit
|
||||
2
.github/workflows/renovate.yaml
vendored
2
.github/workflows/renovate.yaml
vendored
@@ -4,6 +4,7 @@
|
||||
name: "Renovate"
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
dryRun:
|
||||
@@ -35,7 +36,6 @@ env:
|
||||
RENOVATE_AUTODISCOVER_FILTER: "${{ github.repository }}" # this is to prevent forks from running Renovate against upstream repo
|
||||
RENOVATE_USERNAME: "${{ secrets.BOT_USERNAME }}[bot]"
|
||||
RENOVATE_GIT_AUTHOR: "${{ secrets.BOT_USERNAME }} <${{ secrets.BOT_API_ID }}+${{ secrets.BOT_USERNAME }}[bot]@users.noreply.github.com>" # get $BOT_API_ID from `curl -s 'https://api.github.com/users/$(BOT_USERNAME)%5Bbot%5D' | yq .id`
|
||||
RENOVATE_REBASE_WHEN: "behind-base-branch"
|
||||
|
||||
jobs:
|
||||
renovate:
|
||||
|
||||
@@ -2,11 +2,17 @@
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"packageRules": [
|
||||
// NOTE: Renovate processes rules from top to bottom, so the rules below take precedence over rules above it
|
||||
{
|
||||
"description": "Default options",
|
||||
"rebaseWhen": "conflicted",
|
||||
"automerge": false
|
||||
},
|
||||
{
|
||||
"description": "Auto merge Github Actions",
|
||||
"matchManagers": ["github-actions"],
|
||||
"automerge": true,
|
||||
"automergeType": "pr",
|
||||
"rebaseWhen": "behind-base-branch",
|
||||
"ignoreTests": true,
|
||||
"matchUpdateTypes": ["minor", "patch", "digest"]
|
||||
},
|
||||
@@ -24,6 +30,7 @@
|
||||
// "matchDatasources": ["docker"],
|
||||
"automerge": true,
|
||||
"automergeType": "pr",
|
||||
"rebaseWhen": "behind-base-branch",
|
||||
"matchFileNames": ["kube/deploy/apps/**"],
|
||||
"matchUpdateTypes": ["minor", "patch", "digest"],
|
||||
"matchCurrentVersion": "!/^0\\./", // avoid breaking changes in 0.x SemVer releases
|
||||
@@ -41,56 +48,57 @@
|
||||
"groupName": "Cilium",
|
||||
"matchPackagePatterns": ["cilium"],
|
||||
"versioning": "semver",
|
||||
"customChangelogUrl": "https://github.com/cilium/cilium",
|
||||
"separateMinorPatch": true,
|
||||
"pinDigests": false,
|
||||
"group": {
|
||||
"commitMessageTopic": "{{{groupName}}} group"
|
||||
}
|
||||
},
|
||||
// FluxCD
|
||||
{
|
||||
"description": "Flux Group",
|
||||
"groupName": "Flux",
|
||||
"matchPackagePatterns": ["fluxcd"],
|
||||
"matchDatasources": ["docker", "github-tags"],
|
||||
"versioning": "semver",
|
||||
"separateMinorPatch": true,
|
||||
"customChangelogUrl": "https://github.com/fluxcd/flux2",
|
||||
"group": {
|
||||
"commitMessageTopic": "{{{groupName}}} group"
|
||||
},
|
||||
"separateMinorPatch": true
|
||||
}
|
||||
},
|
||||
// automerge patch Flux versions
|
||||
{
|
||||
"description": "Flux Group",
|
||||
"description": "Flux Group (Automerge Patch)",
|
||||
"groupName": "Flux",
|
||||
"matchPackagePatterns": ["fluxcd"],
|
||||
"matchDatasources": ["docker", "github-tags"],
|
||||
"versioning": "semver",
|
||||
"group": {
|
||||
"commitMessageTopic": "{{{groupName}}} group"
|
||||
},
|
||||
"separateMinorPatch": true,
|
||||
"matchUpdateTypes": ["patch"],
|
||||
"automerge": true,
|
||||
"automergeType": "pr"
|
||||
"automergeType": "pr",
|
||||
"rebaseWhen": "behind-base-branch",
|
||||
"group": {
|
||||
"commitMessageTopic": "{{{groupName}}} group"
|
||||
}
|
||||
},
|
||||
// authentik
|
||||
{
|
||||
"description": "authentik Group",
|
||||
"groupName": "authentik",
|
||||
"matchPackagePatterns": ["authentik"],
|
||||
"labels": ["authentik"],
|
||||
"customChangelogUrl": "https://github.com/goauthentik/authentik",
|
||||
"automerge": false,
|
||||
"group": {
|
||||
"commitMessageTopic": "{{{groupName}}} group"
|
||||
},
|
||||
"separateMultipleMajor": true,
|
||||
"separateMinorPatch": true,
|
||||
// TODO: Helm chart uses separate key for digests, which Renovate seems to not recognize? maybe patching the image would be better?
|
||||
"pinDigests": false
|
||||
"pinDigests": false,
|
||||
"group": {
|
||||
"commitMessageTopic": "{{{groupName}}} group"
|
||||
}
|
||||
},
|
||||
// manually approve app-template major releases
|
||||
{
|
||||
"description": "Manually approve app-template major releases",
|
||||
"matchPackagePatterns": ["app-template"],
|
||||
"matchDatasources": ["helm"],
|
||||
"matchUpdateTypes": ["major"],
|
||||
@@ -111,6 +119,7 @@
|
||||
"dependencyDashboardApproval": false,
|
||||
"automerge": true,
|
||||
"automergeType": "pr",
|
||||
"rebaseWhen": "behind-base-branch",
|
||||
"separateMajorMinor": true,
|
||||
"separateMultipleMajor": true,
|
||||
"separateMinorPatch": true,
|
||||
@@ -118,8 +127,8 @@
|
||||
"commitMessagePrefix": "fix(app-template/patch): ",
|
||||
"labels": ["app-template", "patch"]
|
||||
},
|
||||
// don't automerge app-template minor releases
|
||||
{
|
||||
"description": "Don't automerge app-template minor releases",
|
||||
"matchPackagePatterns": ["app-template"],
|
||||
"matchDatasources": ["helm"],
|
||||
"matchUpdateTypes": ["minor"],
|
||||
@@ -132,15 +141,21 @@
|
||||
"commitMessagePrefix": "feat(app-template/minor): ",
|
||||
"labels": ["app-template", "major"]
|
||||
},
|
||||
// Miniflux enforce distroless images
|
||||
{
|
||||
"description": "Miniflux enforce distroless images",
|
||||
"matchPackagePatterns": ["miniflux"],
|
||||
"matchDatasources": ["docker"],
|
||||
"versionCompatibility": "^(?<version>[^-]+)(?<compatibility>-.*)?$",
|
||||
"versioning": "semver",
|
||||
"matchPackagePatterns": ["miniflux"]
|
||||
"versionCompatibility": "^(?<version>[^-]+)(?<compatibility>-.*)?$"
|
||||
},
|
||||
// configure more granular control for apps in ./kube/deploy/core
|
||||
{
|
||||
"description": "SearXNG versioning",
|
||||
"matchPackagePatterns": ["searxng"],
|
||||
"matchDatasources": ["docker"],
|
||||
"versioning": "regex:^(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)?$"
|
||||
},
|
||||
{
|
||||
"description": "Configure more granular control for apps in ./kube/deploy/core",
|
||||
"matchFileNames": ["kube/deploy/core/**"],
|
||||
"automerge": false, // enforce no automerge
|
||||
"separateMultipleMajor": true,
|
||||
@@ -152,7 +167,7 @@
|
||||
"matchPackagePatterns": ["jjgadgets/k8s-crd-extractor"],
|
||||
"matchUpdateTypes": ["major", "minor", "patch", "digest"],
|
||||
"automerge": true,
|
||||
"automergeType": "branch",
|
||||
"automergeType": "branch"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@@ -26,9 +26,9 @@ spec:
|
||||
valuesKey: "${CLUSTER_NAME:=biohazard}.yaml"
|
||||
optional: false
|
||||
values:
|
||||
image: # for Renovate changelog
|
||||
repository: "quay.io/cilium/cilium"
|
||||
tag: "v1.15.1"
|
||||
# image: # for Renovate changelog
|
||||
# repository: "quay.io/cilium/cilium"
|
||||
# tag: "v1.15.1"
|
||||
## NOTE: Cilium Agent API rate limit configuration
|
||||
### upon reboot/untaint/uncordon, burst(s) of pod creations causes Cilium to 429 rate limit pods from getting their network configuration
|
||||
### current config stolen from https://github.com/cilium/cilium/issues/24361#issuecomment-1564825275
|
||||
|
||||
Reference in New Issue
Block a user