feat: add renovate-bot
This commit is contained in:
parent
a7e964485b
commit
80dac2acbd
4 changed files with 153 additions and 0 deletions
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
* [ara-server](https://ara.recordsansible.org/)
|
* [ara-server](https://ara.recordsansible.org/)
|
||||||
* [c19d](https://gitlab.com/smsvc/c19d/)
|
* [c19d](https://gitlab.com/smsvc/c19d/)
|
||||||
|
* [removate-bot](https://github.com/renovatebot/renovate) (see [README.renovate.md](README.renovate.md))
|
||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
|
|
33
README.renovate.md
Normal file
33
README.renovate.md
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
# Renovate Bot
|
||||||
|
|
||||||
|
The baseline only applies the basic settings for renovate, but does not include any credentials or platform configuration.
|
||||||
|
|
||||||
|
Create a new secret to provide the necessary settings:
|
||||||
|
|
||||||
|
```
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: renovate-env
|
||||||
|
namespace: renovate
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
GITHUB_COM_TOKEN: 'your-github-token-here'
|
||||||
|
RENOVATE_PLATFORM: 'gitea'
|
||||||
|
RENOVATE_ENDPOINT: 'https://git.smsvc.net/'
|
||||||
|
RENOVATE_TOKEN: 'your-api-token-here'
|
||||||
|
LOG_LEVEL: info
|
||||||
|
```
|
||||||
|
|
||||||
|
You must set at least `RENOVATE_PLATFORM`, `RENOVATE_ENDPOINT` and `RENOVATE_TOKEN`.
|
||||||
|
You can set any configuration that can be set by environment variable (see References).
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
References:
|
||||||
|
|
||||||
|
- [Supported Platforms](https://docs.renovatebot.com/modules/platform/)
|
||||||
|
- [Self-Hosted configuration](https://docs.renovatebot.com/self-hosted-configuration/)
|
||||||
|
- [GitHub.com token for release notes](https://docs.renovatebot.com/getting-started/running/#githubcom-token-for-release-notes)
|
||||||
|
- [Log debug levels](https://docs.renovatebot.com/troubleshooting/#log-debug-levels)
|
74
bin/start_renovate_bot.sh
Executable file
74
bin/start_renovate_bot.sh
Executable file
|
@ -0,0 +1,74 @@
|
||||||
|
#! /bin/bash
|
||||||
|
|
||||||
|
## Author: Sebastian Mark
|
||||||
|
## CC-BY-SA (https://creativecommons.org/licenses/by-sa/4.0/deed.de)
|
||||||
|
## for civil use only
|
||||||
|
|
||||||
|
## start renovate cronjob manually
|
||||||
|
## Usage: start_renovate_bot.sh [--debug] [group/repo group/repo ...]
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
NS="renovate"
|
||||||
|
CRONJOBNAME="renovate-bot"
|
||||||
|
JOBNAME="renovate-bot-manual-$(openssl rand -hex 3)"
|
||||||
|
|
||||||
|
TMPFILE=$(mktemp)
|
||||||
|
|
||||||
|
## create a single job from cronjob
|
||||||
|
kubectl -n $NS --dry-run=client create job $JOBNAME --from=cronjob/$CRONJOBNAME -o yaml >$TMPFILE
|
||||||
|
|
||||||
|
## add debug env var
|
||||||
|
if [[ "$1" == "--debug" ]]; then
|
||||||
|
kubectl patch --local -f $TMPFILE --type='json' --patch='[
|
||||||
|
{
|
||||||
|
"op": "add",
|
||||||
|
"path": "/spec/template/spec/containers/0/env/-",
|
||||||
|
"value": { "name": "LOG_LEVEL", "value": "debug"}
|
||||||
|
}
|
||||||
|
]' -o yaml | sponge $TMPFILE
|
||||||
|
shift
|
||||||
|
fi
|
||||||
|
|
||||||
|
## limit job to passed repo(s)
|
||||||
|
if [[ $# -gt 0 ]]; then
|
||||||
|
## disable autodiscover
|
||||||
|
kubectl patch --local -f $TMPFILE --type='json' --patch='[
|
||||||
|
{
|
||||||
|
"op": "add",
|
||||||
|
"path": "/spec/template/spec/containers/0/args",
|
||||||
|
"value": ["--autodiscover=false"]
|
||||||
|
}
|
||||||
|
]' -o yaml | sponge $TMPFILE
|
||||||
|
|
||||||
|
## add each repo as single argument
|
||||||
|
for REPO in "$@"; do
|
||||||
|
kubectl patch --local -f $TMPFILE --type='json' --patch='[
|
||||||
|
{
|
||||||
|
"op": "add",
|
||||||
|
"path": "/spec/template/spec/containers/0/args/-",
|
||||||
|
"value": "'$REPO'"
|
||||||
|
}
|
||||||
|
]' -o yaml | sponge $TMPFILE
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
|
## create job
|
||||||
|
kubectl -n $NS apply -f $TMPFILE
|
||||||
|
rm $TMPFILE
|
||||||
|
|
||||||
|
## wait for corrosponding pod to be ready
|
||||||
|
PODNAME=$(kubectl -n $NS get pods --selector=job-name=$JOBNAME --no-headers -o custom-columns=":metadata.name")
|
||||||
|
kubectl -n $NS wait --for=condition=Ready pod/$PODNAME --timeout=3m
|
||||||
|
|
||||||
|
## show job logs
|
||||||
|
echo "waiting for logs...."
|
||||||
|
echo
|
||||||
|
kubectl -n $NS logs -f job/$JOBNAME
|
||||||
|
echo
|
||||||
|
|
||||||
|
echo "saving log to /tmp/${JOBNAME}.log"
|
||||||
|
kubectl -n $NS logs job/$JOBNAME &>/tmp/${JOBNAME}.log
|
||||||
|
|
||||||
|
## remove job
|
||||||
|
kubectl -n $NS delete job $JOBNAME
|
45
manifests/renovate-bot.yml
Normal file
45
manifests/renovate-bot.yml
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: renovate-bot
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
repoURL: "https://docs.renovatebot.com/helm-charts"
|
||||||
|
chart: "renovate"
|
||||||
|
targetRevision: "36.*"
|
||||||
|
helm:
|
||||||
|
values: |
|
||||||
|
fullnameOverride: "renovate-bot"
|
||||||
|
cronjob:
|
||||||
|
schedule: '@daily'
|
||||||
|
concurrencyPolicy: "Forbid"
|
||||||
|
existingSecret: "renovate-env"
|
||||||
|
renovate:
|
||||||
|
persistence:
|
||||||
|
cache:
|
||||||
|
enabled: true
|
||||||
|
storageSize: "128Mi"
|
||||||
|
config: |
|
||||||
|
{
|
||||||
|
"onboardingConfigFileName": ".renovaterc.json",
|
||||||
|
"onboardingConfig": {"extends":["local>infrastructure/renovate-config"]},
|
||||||
|
"autodiscover": true
|
||||||
|
}
|
||||||
|
destination:
|
||||||
|
server: 'https://kubernetes.default.svc'
|
||||||
|
namespace: renovate
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: true
|
||||||
|
selfHeal: true
|
||||||
|
syncOptions:
|
||||||
|
- CreateNamespace=true
|
||||||
|
retry:
|
||||||
|
limit: 5
|
||||||
|
backoff:
|
||||||
|
duration: 5s
|
||||||
|
factor: 2
|
||||||
|
maxDuration: 5m
|
Loading…
Reference in a new issue