diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 6ba988b35a..0000000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,56 +0,0 @@ -version: 2 -updates: - - package-ecosystem: github-actions - directory: / - schedule: - interval: daily - groups: - actions: - update-types: - - "major" - - "minor" - - "patch" - - - package-ecosystem: gomod - directory: / - schedule: - interval: daily - groups: - go: - update-types: - - "major" - - "minor" - - "patch" - - - package-ecosystem: docker - directory: /build - schedule: - interval: daily - groups: - docker-images: - update-types: - - "major" - - "minor" - - "patch" - - - package-ecosystem: docker - directory: /tests - schedule: - interval: daily - groups: - docker-tests: - update-types: - - "major" - - "minor" - - "patch" - - - package-ecosystem: pip - directory: / - schedule: - interval: weekly - groups: - python: - update-types: - - "major" - - "minor" - - "patch" diff --git a/.github/labeler.yml b/.github/labeler.yml index 35d11bfbeb..818d9e2dbf 100644 --- a/.github/labeler.yml +++ b/.github/labeler.yml @@ -29,7 +29,7 @@ documentation: - head-branch: ['^docs?/'] dependencies: - - head-branch: ['^deps?/', '^dependabot/', '^renovate/', 'pre-commit-ci-update-config'] + - head-branch: ['^deps?/', '^dependabot/', '^renovate/', '^mend/', 'pre-commit-ci-update-config'] helm_chart: - head-branch: ['^helm/', '^chart/'] diff --git a/.github/scripts/copy-images.sh b/.github/scripts/copy-images.sh index bb3a2240ea..d2ea58ac86 100755 --- a/.github/scripts/copy-images.sh +++ b/.github/scripts/copy-images.sh @@ -6,8 +6,12 @@ set -eo pipefail export ROOTDIR=$(git rev-parse --show-toplevel || echo ".") SKOPEO_BIN=skopeo + if [ -n "$CI" ]; then - SKOPEO_BIN="docker run --rm -v $HOME/.docker/config.json:/tmp/auth.json $(grep skopeo "${ROOTDIR}/tests/Dockerfile" | grep FROM | cut -d ' ' -f 2)" + SKOPEO_IMAGE=quay.io/skopeo/stable + # renovate: datasource=docker depName=quay.io/skopeo/stable + SKOPEO_VERSION=v1.20.0-immutable + SKOPEO_BIN="docker run --rm -v $HOME/.docker/config.json:/tmp/auth.json ${SKOPEO_IMAGE}:${SKOPEO_VERSION}" fi ## Setup inputs diff --git a/.github/scripts/exclude_ci_files.txt b/.github/scripts/exclude_ci_files.txt index 79fb3e2db5..8aa59ef9dc 100644 --- a/.github/scripts/exclude_ci_files.txt +++ b/.github/scripts/exclude_ci_files.txt @@ -1,5 +1,4 @@ .github/actionlint.yaml -.github/dependabot.yml .github/labeler.yml .github/PULL_REQUEST_TEMPLATE.md .github/release.yml @@ -26,8 +25,6 @@ .github/workflows/cherry-pick.yml .github/workflows/codeql-analysis.yml .github/workflows/create-release-branch.yml -.github/workflows/dependabot-auto-merge.yml -.github/workflows/dependabot-hugo.yml .github/workflows/dependency-review.yml .github/workflows/dockerhub-description.yml .github/workflows/docs-build-push.yml diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml deleted file mode 100644 index 91b594017f..0000000000 --- a/.github/workflows/dependabot-auto-merge.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Dependabot auto-merge -on: pull_request_target - -permissions: - contents: read - -jobs: - dependabot: - runs-on: ubuntu-24.04 - if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }} - permissions: - pull-requests: write - contents: write - steps: - - name: Dependabot metadata - id: dependabot-metadata - uses: dependabot/fetch-metadata@08eff52bf64351f401fb50d4972fa95b9f2c2d1b # v2.4.0 - - - name: Enable auto-merge for Dependabot PRs - run: gh pr merge --auto --squash "$PR_URL" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/f5-cla.yml b/.github/workflows/f5-cla.yml index 7f2c1d6c52..ec2123a734 100644 --- a/.github/workflows/f5-cla.yml +++ b/.github/workflows/f5-cla.yml @@ -43,7 +43,7 @@ jobs: remote-repository-name: "f5-cla-data" path-to-signatures: "signatures/beta/signatures.json" # Comma separated list of usernames for maintainers or any other individuals who should not be prompted for a CLA. - allowlist: bot* + allowlist: bot*,renovate,mend # Do not lock PRs after a merge. lock-pullrequest-aftermerge: false env: diff --git a/Makefile b/Makefile index 00e087f223..6e581c02ba 100644 --- a/Makefile +++ b/Makefile @@ -17,6 +17,8 @@ override DOCKER_BUILD_OPTIONS += --build-arg IC_VERSION=$(VERSION) --build-arg P ARCH ?= amd64 ## The architecture of the image or binary. For example: amd64, arm64, ppc64le, s390x. Not all architectures are supported for all targets GOOS ?= linux ## The OS of the binary. For example linux, darwin TELEMETRY_ENDPOINT ?= oss.edge.df.f5.com:443 +# renovate: datasource=docker depName=golangci/golangci-lint +GOLANGCI_LINT_VERSION ?= v2.5.0 ## The version of golangci-lint to use # Additional flags added here can be accessed in main.go. # e.g. `main.version` maps to `var version` in main.go @@ -50,7 +52,7 @@ all: test lint verify-codegen update-crds debian-image .PHONY: lint lint: ## Run linter @git fetch - docker run --pull always --rm -v $(shell pwd):/kubernetes-ingress -w /kubernetes-ingress -v $(shell go env GOCACHE):/cache/go -e GOCACHE=/cache/go -e GOLANGCI_LINT_CACHE=/cache/go -v $(shell go env GOPATH)/pkg:/go/pkg golangci/golangci-lint:latest git diff -p origin/main > /tmp/diff.patch && golangci-lint --color always run -v --new-from-patch=/tmp/diff.patch + docker run --pull always --rm -v $(shell pwd):/kubernetes-ingress -w /kubernetes-ingress -v $(shell go env GOCACHE):/cache/go -e GOCACHE=/cache/go -e GOLANGCI_LINT_CACHE=/cache/go -v $(shell go env GOPATH)/pkg:/go/pkg golangci/golangci-lint:$(GOLANGCI_LINT_VERSION) git diff -p origin/main > /tmp/diff.patch && golangci-lint --color always run -v --new-from-patch=/tmp/diff.patch .PHONY: lint-python lint-python: ## Run linter for python tests diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000000..a8e76236b3 --- /dev/null +++ b/renovate.json @@ -0,0 +1,219 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "packageRules": [ + { + "enabled": false, + "matchPackageNames": [ + "boto3" + ], + "matchUpdateTypes": [ + "patch" + ] + }, + { + "addLabels": [ + "go" + ], + "matchDatasources": [ + "go", + "golang-version" + ] + }, + { + "addLabels": [ + "python" + ], + "matchDatasources": [ + "pypi" + ] + }, + { + "addLabels": [ + "javascript" + ], + "matchDatasources": [ + "npm" + ], + "rangeStrategy": "bump" + }, + { + "addLabels": [ + "docker" + ], + "matchDatasources": [ + "docker" + ] + }, + { + "addLabels": [ + "helm" + ], + "matchDatasources": [ + "helm" + ] + }, + { + "addLabels": [ + "github_actions" + ], + "matchManagers": [ + "github-actions" + ] + }, + { + "matchPackageNames": [ + "/private-registry\\.nginx\\.com/", + "/registry\\.redhat\\.io/", + "/nginxdemos\\/nginx-hello/" + ], + "matchDatasources": [ + "docker", + "kubernetes" + ], + "enabled": false + } + ], + "kubernetes": { + "managerFilePatterns": [ + "/bundle/manifests/.+\\.yaml$/", + "/bundle/tests/scorecard/.+\\.yaml$/", + "/config/.+\\.yaml$/", + "/examples/.+\\.yaml$/", + "/helm-charts/nginx-ingress/crds/.+\\.yaml$/", + "/helm-charts/nginx-ingress/templates/.+\\.yaml$/" + ] + }, + "customManagers": [ + { + "customType": "regex", + "description": "Update env variable version in Github Actions workflow", + "managerFilePatterns": [ + "/.github/workflows/.+\\.ya?ml$/" + ], + "matchStrings": [ + "\\s+.+?: (?.+?) # renovate: datasource=(?[a-z-]+?) depName=(?.+?)(?: (?:packageName|lookupName)=(?.+?))?(?: versioning=(?[a-z-]+?))?\\s" + ] + }, + { + "customType": "regex", + "description": "Update Operator SDK version in bundle Dockerfile", + "managerFilePatterns": [ + "/bundle\\.Dockerfile$/" + ], + "matchStrings": [ + "# renovate: datasource=(?[a-z-]+?) depName=(?.+?)(?: (?:packageName|lookupName)=(?.+?))?(?: versioning=(?[a-z-]+?))?\\sLABEL operators.operatorframework.io.metrics.builder=operator-sdk-(?.+?)\\s" + ] + }, + { + "customType": "regex", + "description": "Update _VERSION variables in shell scripts and Makefiles", + "managerFilePatterns": [ + "/\\.sh$/", + "/Makefile$/" + ], + "matchStrings": [ + "# renovate: datasource=(?[a-z-]+?) depName=(?.+?)?(?: (?:packageName|lookupName)=(?.+?))?(?: versioning=(?[a-z-]+?))?\\s+\\w+?_VERSION\\s*\\??=\\s*(?.+?)\\s" + ] + }, + { + "customType": "regex", + "description": "Update _VERSION variables in Dockerfiles", + "managerFilePatterns": [ + "(^|/|\\.)Dockerfile$", + "(^|/)Dockerfile\\.[^/]*$" + ], + "matchStrings": [ + "# renovate: datasource=(?[a-z-]+?) depName=(?.+?)(?: (?:packageName|lookupName)=(?.+?))?(?: versioning=(?[a-z-]+?))?\\s(?:ENV|ARG) .+?_VERSION=(?.+?)\\s" + ] + }, + { + "customType": "regex", + "datasourceTemplate": "github-tags", + "description": "Update Github Action references in the Markdown files", + "managerFilePatterns": [ + "\\.md$" + ], + "matchStrings": [ + "\\suses: (?[\\w-]+/[\\w-]+)(?/.*)?@(?v\\d+\\.\\d+\\.\\d+)", + "\\suses: (?[\\w-]+/[\\w-]+)(?/.*)?@(?[a-z0-9]{40}|[a-z0-9]{64}) # (?v\\d+\\.\\d+\\.\\d+)" + ], + "versioningTemplate": "semver" + }, + { + "customType": "regex", + "description": "Update `version:` and `_VERSION:` variables in github workflows", + "managerFilePatterns": [ + "^\\.github\\/workflows\\/\\w+\\.ya?ml$" + ], + "matchStrings": [ + "\\s+(?:[[:word:]]-)?version: (?.+?) # renovate: datasource=(?.+?) depName=(?.+?)(?: (?:packageName|lookupName)=(?.+?))?(?: versioning=(?.+?))?\\s", + "\\s*[[:word:]]+?_VERSION=(?.+?) # renovate: datasource=(?.+?) depName=(?.+?)(?: (?:packageName|lookupName)=(?.+?))?(?: versioning=(?.+?))?\\s" + ] + }, + { + "customType": "regex", + "description": "Update `Version:` in go files", + "managerFilePatterns": [ + "\\.go$" + ], + "matchStrings": [ + "// renovate: datasource=(?[a-z-]+?) depName=(?.+?)(?: registryUrl=(?.+?))?(?: (?:packageName|lookupName)=(?.+?))?(?: versioning=(?[a-z-]+?))?\\s.+?Version :?= \"(?.+?)\"\\s" + ], + "versioningTemplate": "{{#if versioning}}{{versioning}}{{else}}semver{{/if}}" + }, + { + "customType": "regex", + "description": "Update Packer and Packer Plugin versions in Packer files", + "datasourceTemplate": "github-tags", + "depNameTemplate": "{{#if depName}}{{#if (containsString depName \"hashicorp/\")}}{{{replace \"hashicorp/\" \"hashicorp/packer-plugin-\" depName}}}{{else}}{{{depName}}}{{/if}}{{else}}hashicorp/packer{{/if}}", + "managerFilePatterns": [ + "\\.pkr\\.hcl" + ], + "matchStrings": [ + "required_version[\\s]+=[\\s]+\"=?(?\\S*)\"", + "source[\\s]+=[\\s]+\"github.com/(?\\S*)\"[\\s]+version[\\s]+=[\\s]+\"(?\\S*)\"", + "version[\\s]+=[\\s]+\"(?\\S*)[\\s]+source[\\s]+=[\\s]+\"github.com/(?\\S*)\"" + ] + } + ], + "timezone": "Europe/Dublin", + "automerge": true, + "automergeStrategy": "squash", + "commitBodyTable": true, + "configMigration": true, + "customDatasources": { + "nginx-plus": { + "defaultRegistryUrlTemplate": "https://raw.githubusercontent.com/lucacome/renovate-datasource/main/nginx-plus/releases.json", + "format": "json" + } + }, + "extends": [ + "schedule:daily", + "config:recommended", + "docker:enableMajor", + "helpers:pinGitHubActionDigests", + ":gitSignOff", + ":maintainLockFilesMonthly", + ":disableRateLimiting", + ":semanticCommitsDisabled" + ], + "ignorePaths": [ + "**/node_modules/**" + ], + "ignorePresets": [ + ":ignoreModulesAndTests" + ], + "labels": [ + "dependencies" + ], + "postUpdateOptions": [ + "gomodTidy", + "gomodUpdateImportPaths", + "yarnDedupeHighest", + "npmDedupe" + ], + "pre-commit": { + "enabled": true + }, + "rebaseWhen": "behind-base-branch" +} diff --git a/tests/Dockerfile b/tests/Dockerfile index dee87611c8..d0e5f85985 100644 --- a/tests/Dockerfile +++ b/tests/Dockerfile @@ -1,10 +1,4 @@ # syntax=docker/dockerfile:1.16 -# this is here so we can grab the latest version of kind and have dependabot keep it up to date -FROM kindest/node:v1.34.0@sha256:7416a61b42b1662ca6ca89f02028ac133a309a2a30ba309614e8ec94d976dc5a - -# this is here so we can grab the latest version of skopeo and have dependabot keep it up to date -FROM quay.io/skopeo/stable:v1.20.0-immutable@sha256:519b95573a7490eb4740c8180d3dc33d86417222956e655719e74d3509586a33 - FROM python:3.13-bookworm@sha256:f64a1db27d5d0fdcb48a54c553e67b0ec920c8a1ef0b627e87b8d3d73dc003fb RUN apt-get update \ diff --git a/tests/Makefile b/tests/Makefile index 80a9ac807d..d0ed0ccc39 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -19,7 +19,8 @@ REGISTRY ?= docker.io ## The registry where the image is loca PREFIX ?= nginx/nginx-ingress ## The name of the image. For example, nginx/nginx-ingress TAG ?= edge ## The tag of the image. For example, edge K8S_CLUSTER_NAME ?= local ## The name used when creating/using a Kind Kubernetes cluster -K8S_CLUSTER_VERSION ?= $(shell grep -m1 'FROM kindest/node' < ${DOCKERFILEPATH} | cut -d ':' -f 2 | sed -e 's/^v//' | cut -d '@' -f 1) ## The version used when creating a Kind Kubernetes cluster +# renovate: datasource=docker depName=kindest/node +K8S_CLUSTER_VERSION ?= v1.34.0 K8S_TIMEOUT ?= 75s ## The timeout used when creating a Kind Kubernetes cluster AD_SECRET ?= PLUS_JWT ?=