diff --git a/.github/labeler.yaml b/.github/labeler.yaml new file mode 100644 index 0000000..a4b6897 --- /dev/null +++ b/.github/labeler.yaml @@ -0,0 +1,31 @@ +--- +# Areas +area/ansible: + - changed-files: + - any-glob-to-any-file: "ansible/**/*" +area/docs: + - changed-files: + - any-glob-to-any-file: + - "docs/**/*" + - "README.md" +area/github: + - changed-files: + - any-glob-to-any-file: ".github/**/*" +area/kubernetes: + - changed-files: + - any-glob-to-any-file: "kubernetes/**/*" +area/taskfile: + - changed-files: + - any-glob-to-any-file: + - ".taskfiles/**/*" + - "Taskfile.yaml" +area/terraform: + - changed-files: + - any-glob-to-any-file: "terraform/**/*" +# Clusters +cluster/main: + - changed-files: + - any-glob-to-any-file: "kubernetes/main/**/*" +cluster/storage: + - changed-files: + - any-glob-to-any-file: "kubernetes/storage/**/*" diff --git a/.github/labels.yml b/.github/labels.yml index 56ab9ac..c4a5670 100644 --- a/.github/labels.yml +++ b/.github/labels.yml @@ -86,3 +86,51 @@ - name: "minor" color: 0e8a16 description: "This PR causes a minor version bump in the version number." + +# Areas +- name: area/ansible + color: "0e8a16" +- name: area/docs + color: "0e8a16" +- name: area/github + color: "0e8a16" +- name: area/kubernetes + color: "0e8a16" +- name: area/taskfile + color: "0e8a16" +- name: area/terraform + color: "0e8a16" +# Clusters +- name: cluster/main + color: "ffc300" +- name: cluster/storage + color: "ffc300" +# Renovate Types +- name: renovate/ansible + color: "027fa0" +- name: renovate/container + color: "027fa0" +- name: renovate/github-action + color: "027fa0" +- name: renovate/grafana-dashboard + color: "027fa0" +- name: renovate/github-release + color: "027fa0" +- name: renovate/helm + color: "027fa0" +- name: renovate/terraform + color: "027fa0" +# Semantic Types +- name: type/digest + color: "ffeC19" +- name: type/patch + color: "ffeC19" +- name: type/minor + color: "ff9800" +- name: type/major + color: "f6412d" +# Uncategorized +- name: community + color: "370fb2" +- name: hold + color: "ee0701" diff --git a/.github/renovate/autoMerge.json5 b/.github/renovate/autoMerge.json5 new file mode 100644 index 0000000..73d3cdc --- /dev/null +++ b/.github/renovate/autoMerge.json5 @@ -0,0 +1,21 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "packageRules": [ + { + "description": ["Auto-merge container digests updates for trusted containers"], + "matchDatasources": ["docker"], + "automerge": true, + "automergeType": "branch", + "matchUpdateTypes": ["digest"], + "matchPackagePatterns": ["ghcr.io/bjw-s", "ghcr.io/onedr0p"] + }, + { + "description": ["Auto-merge GitHub Actions for minor and patch"], + "matchManagers": ["github-actions"], + "matchDatasources": ["github-tags"], + "automerge": true, + "automergeType": "branch", + "matchUpdateTypes": ["minor", "patch"] + } + ] +} diff --git a/.github/renovate/commitMessage.json5 b/.github/renovate/commitMessage.json5 new file mode 100644 index 0000000..3fea628 --- /dev/null +++ b/.github/renovate/commitMessage.json5 @@ -0,0 +1,16 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "to {{newVersion}}", + "commitMessageSuffix": "", + "packageRules": [ + { + "matchDatasources": ["helm"], + "commitMessageTopic": "chart {{depName}}" + }, + { + "matchDatasources": ["docker"], + "commitMessageTopic": "image {{depName}}" + } + ] +} diff --git a/.github/renovate/labels.json5 b/.github/renovate/labels.json5 new file mode 100644 index 0000000..e359566 --- /dev/null +++ b/.github/renovate/labels.json5 @@ -0,0 +1,49 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "packageRules": [ + { + "matchUpdateTypes": ["major"], + "labels": ["type/major"] + }, + { + "matchUpdateTypes": ["minor"], + "labels": ["type/minor"] + }, + { + "matchUpdateTypes": ["patch"], + "labels": ["type/patch"] + }, + { + "matchUpdateTypes": ["digest"], + "labels": ["type/digest"] + }, + { + "matchDatasources": ["docker"], + "addLabels": ["renovate/container"] + }, + { + "matchDatasources": ["helm"], + "addLabels": ["renovate/helm"] + }, + { + "matchDatasources": ["galaxy", "galaxy-collection"], + "addLabels": ["renovate/ansible"] + }, + { + "matchDatasources": ["terraform-provider"], + "addLabels": ["renovate/terraform"] + }, + { + "matchDatasources": ["github-releases", "github-tags"], + "addLabels": ["renovate/github-release"] + }, + { + "matchManagers": ["github-actions"], + "addLabels": ["renovate/github-action"] + }, + { + "matchDatasources": ["pypi"], + "addLabels": ["renovate/pip"] + } + ] +} diff --git a/.github/renovate/semanticCommits.json5 b/.github/renovate/semanticCommits.json5 new file mode 100644 index 0000000..5d8bbb8 --- /dev/null +++ b/.github/renovate/semanticCommits.json5 @@ -0,0 +1,151 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "packageRules": [ + { + "matchDatasources": ["docker"], + "matchUpdateTypes": ["major"], + "commitMessagePrefix": "feat(container)!: ", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": " ( {{currentVersion}} → {{newVersion}} )" + }, + { + "matchDatasources": ["docker"], + "matchUpdateTypes": ["minor"], + "semanticCommitType": "feat", + "semanticCommitScope": "container", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" + }, + { + "matchDatasources": ["docker"], + "matchUpdateTypes": ["patch"], + "semanticCommitType": "fix", + "semanticCommitScope": "container", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" + }, + { + "matchDatasources": ["docker"], + "matchUpdateTypes": ["digest"], + "semanticCommitType": "chore", + "semanticCommitScope": "container", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentDigestShort}} → {{newDigestShort}} )" + }, + { + "matchDatasources": ["helm"], + "matchUpdateTypes": ["major"], + "commitMessagePrefix": "feat(helm)!: ", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" + }, + { + "matchDatasources": ["helm"], + "matchUpdateTypes": ["minor"], + "semanticCommitType": "feat", + "semanticCommitScope": "helm", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" + }, + { + "matchDatasources": ["helm"], + "matchUpdateTypes": ["patch"], + "semanticCommitType": "fix", + "semanticCommitScope": "helm", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" + }, + { + "matchDatasources": ["galaxy", "galaxy-collection"], + "matchUpdateTypes": ["major"], + "commitMessagePrefix": "feat(ansible)!: ", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" + }, + { + "matchDatasources": ["galaxy", "galaxy-collection"], + "matchUpdateTypes": ["minor"], + "semanticCommitType": "feat", + "semanticCommitScope": "ansible", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" + }, + { + "matchDatasources": ["galaxy", "galaxy-collection"], + "matchUpdateTypes": ["patch"], + "semanticCommitType": "fix", + "semanticCommitScope": "ansible", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" + }, + { + "matchDatasources": ["terraform-provider"], + "matchUpdateTypes": ["major"], + "commitMessagePrefix": "feat(terraform)!: ", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" + }, + { + "matchDatasources": ["terraform-provider"], + "matchUpdateTypes": ["minor"], + "semanticCommitType": "feat", + "semanticCommitScope": "terraform", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" + }, + { + "matchDatasources": ["terraform-provider"], + "matchUpdateTypes": ["patch"], + "semanticCommitType": "fix", + "semanticCommitScope": "terraform", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" + }, + { + "matchDatasources": ["github-releases", "github-tags"], + "matchUpdateTypes": ["major"], + "commitMessagePrefix": "feat(github-release)!: ", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" + }, + { + "matchDatasources": ["github-releases", "github-tags"], + "matchUpdateTypes": ["minor"], + "semanticCommitType": "feat", + "semanticCommitScope": "github-release", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" + }, + { + "matchDatasources": ["github-releases", "github-tags"], + "matchUpdateTypes": ["patch"], + "semanticCommitType": "fix", + "semanticCommitScope": "github-release", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" + }, + { + "matchManagers": ["github-actions"], + "matchUpdateTypes": ["major"], + "commitMessagePrefix": "feat(github-action)!: ", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" + }, + { + "matchManagers": ["github-actions"], + "matchUpdateTypes": ["minor"], + "semanticCommitType": "feat", + "semanticCommitScope": "github-action", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" + }, + { + "matchManagers": ["github-actions"], + "matchUpdateTypes": ["patch"], + "semanticCommitType": "fix", + "semanticCommitScope": "github-action", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" + } + ] +} diff --git a/.github/workflows/sync-labels-to-own-projects.yml b/.github/workflows/sync-labels-to-own-projects.yml index bb2da11..b26656b 100644 --- a/.github/workflows/sync-labels-to-own-projects.yml +++ b/.github/workflows/sync-labels-to-own-projects.yml @@ -9,6 +9,8 @@ on: - .github/labels.yml - .github/workflows/sync-labels-to-own-projects.yml workflow_dispatch: + schedule: + - cron: "0 0 * * *" # Every day at midnight jobs: sync-labels: diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index c1a0790..8c7da12 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json name: Sync labels on: @@ -12,6 +13,9 @@ on: workflow_call: workflow_dispatch: +permissions: + issues: write + jobs: labels: name: ♻️ Sync labels diff --git a/renovate-config.json b/renovate-config.json index da933b5..d853da6 100644 --- a/renovate-config.json +++ b/renovate-config.json @@ -2,33 +2,38 @@ "$schema": "https://docs.renovatebot.com/renovate-schema.json", "description": "Renovate config for projects ivuorinen manages", "extends": [ - "config:base", - ":preserveSemverRanges", + "config:recommended", ":enableVulnerabilityAlerts", - ":semanticCommits", ":labels(dependencies)", ":maintainLockFilesWeekly", - "schedule:nonOfficeHours", - "docker:disableMajor", - "npm:unpublishSafe", + ":preserveSemverRanges", + ":semanticCommits", + ":timezone(Europe/Helsinki)", + "github>ivuorinen/.github//.github/renovate/autoMerge.json5", + "github>ivuorinen/.github//.github/renovate/commitMessage.json5", + "github>ivuorinen/.github//.github/renovate/labels.json5", + "github>ivuorinen/.github//.github/renovate/semanticCommits.json5", + "docker:enableMajor", "group:recommended", + "npm:unpublishSafe", "replacements:all", + "schedule:nonOfficeHours", "workarounds:all" ], - "dependencyDashboardLabels": ["no-stale"], + "dependencyDashboardLabels": [ + "no-stale" + ], "lockFileMaintenance": { - "extends": ["group:all"], + "extends": [ + "group:all" + ], "commitMessageAction": "Update" }, "packageRules": [ { - "matchUpdateTypes": ["patch"], - "matchCurrentVersion": "!/^0/", - "groupName": "devDependencies (patch)", - "automerge": true - }, - { - "matchPackagePatterns": ["eslint"], + "matchPackagePatterns": [ + "eslint" + ], "groupName": "eslint" } ], @@ -37,9 +42,18 @@ }, "assigneesFromCodeOwners": true, "configMigration": true, - "separateMinorPatch": false, + "dependencyDashboardTitle": "Renovate Dashboard 🤖", + "ignorePaths": [ + "**/*.sops.*", + "**/.archive/**" + ], "separateMajorMinor": true, + "separateMinorPatch": false, "separateMultipleMajor": true, + "suppressNotifications": [ + "prEditedNotification", + "prIgnoreNotification" + ], "vulnerabilityAlerts": { "enabled": true },