diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..b6330b2 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,7 @@ +[*] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = true diff --git a/.gitea/actions/release-git-tag/action.yaml b/.gitea/actions/release-git-tag/action.yaml new file mode 100644 index 0000000..c7e3fab --- /dev/null +++ b/.gitea/actions/release-git-tag/action.yaml @@ -0,0 +1,15 @@ +name: Release Git tag +description: Release the Git tag + +inputs: + tag: + description: The tag to release + required: true + +runs: + using: "composite" + steps: + - shell: bash + run: | + git tag ${{ inputs.tag }} + git push origin ${{ inputs.tag }} diff --git a/.gitea/workflows/cd.yaml b/.gitea/workflows/cd.yaml new file mode 100644 index 0000000..629e7ae --- /dev/null +++ b/.gitea/workflows/cd.yaml @@ -0,0 +1,23 @@ +name: CD + +on: + push: + branches: + - main + +jobs: + release: + name: Release + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v5 + with: + fetch-depth: 0 + - name: Increment tag + id: tag + uses: https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment@0.1.1 + with: + token: ${{ secrets.GITEA_TOKEN }} + - uses: ./.gitea/actions/release-git-tag + with: + tag: ${{ steps.tag.outputs.new-tag }} diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml new file mode 100644 index 0000000..63ac466 --- /dev/null +++ b/.gitea/workflows/ci.yaml @@ -0,0 +1,23 @@ +name: CI + +on: + pull_request: + +jobs: + test: + name: Test + runs-on: ubuntu-latest + strategy: + matrix: + json-file: + - "action.json" + - "k8s.json" + - "helm.json" + - "common.json" + - "docker-compose.json" + steps: + - uses: actions/checkout@v5 + - name: Validate "${{ matrix.json-file }}" + uses: https://gitea.t000-n.de/t.behrendt/validate-json-by-json-schema-action@0.1.2 + with: + json-file: "./${{ matrix.json-file }}" diff --git a/.gitea/workflows/prerelease.yaml b/.gitea/workflows/prerelease.yaml new file mode 100644 index 0000000..0226d22 --- /dev/null +++ b/.gitea/workflows/prerelease.yaml @@ -0,0 +1,22 @@ +name: Prerelease + +on: + workflow_dispatch: + +jobs: + prerelease: + name: Prerelease + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v5 + with: + fetch-depth: 0 + - name: Increment tag + id: tag + uses: https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment@0.1.1 + with: + token: ${{ secrets.GITEA_TOKEN }} + prerelease: true + - uses: ./.gitea/actions/release-git-tag + with: + tag: ${{ steps.tag.outputs.new-tag }} diff --git a/README.md b/README.md index a187c71..f87657a 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,37 @@ -# renovate-configs +# Renovate configs -Reusable renovate config for T00N \ No newline at end of file +Reusable renovate configs, covering a number of use cases and opinionated "best practices". + +Usage: + +Your renovate.json + +```json +{ + "extends": [ + "local>t.behrendt/renovate-configs:helm#1.0.0", + "local>t.behrendt/renovate-configs:k8s#1.0.0" + ] +} +``` + +## Common + +Sets defaults such as the dependency dashboard. + +## k8s + +Keeps OCI image references for k8s deployments up-to-date. Requires the k8s manifests to be in the "./k8s" directory. + +## Helm + +Keeps the chart itself up-to-date as well as image references in chart values. +Requires values to be in the "./values" directory. Supports both yaml and yaml.gotmpl for secrets. + +## Action + +Keeps your Gitea actions up-to-date. Also always pins to a commit hash, prevening attack vectors utilizing tag reusal. + +## Docker Compose + +Keeps Docker Compose service images up-to-date. Also always pins to a digest hash. diff --git a/action.json b/action.json new file mode 100644 index 0000000..6eb904f --- /dev/null +++ b/action.json @@ -0,0 +1,9 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "packageRules": [ + { + "matchManagers": ["github-actions"], + "addLabels": ["deps", "action"] + } + ] +} diff --git a/common.json b/common.json new file mode 100644 index 0000000..02ae055 --- /dev/null +++ b/common.json @@ -0,0 +1,4 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "dependencyDashboard": true +} diff --git a/docker-compose.json b/docker-compose.json new file mode 100644 index 0000000..fcbcf53 --- /dev/null +++ b/docker-compose.json @@ -0,0 +1,9 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "docker-compose": { + "digest": { + "enabled": true + }, + "addLabels": ["deps", "docker-compose"] + } +} diff --git a/helm.json b/helm.json new file mode 100644 index 0000000..0e09f7f --- /dev/null +++ b/helm.json @@ -0,0 +1,17 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "helm-values": { + "fileMatch": ["(^|/)values/.*\\.ya?ml$", "(^|/)values/.*\\.ya?ml\\.gotmpl$"] + }, + "packageRules": [ + { + "matchManagers": ["helm-values"], + "versioning": "docker", + "separateMinorPatch": true + } + ], + "helmfile": { + "enabled": true, + "addLabels": ["deps", "helm"] + } +} diff --git a/k8s.json b/k8s.json new file mode 100644 index 0000000..daa72dc --- /dev/null +++ b/k8s.json @@ -0,0 +1,8 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "kubernetes": { + "enabled": true, + "fileMatch": ["^k8s/*\\.json$"], + "labels": ["deps", "k8s"] + } +} diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..497e477 --- /dev/null +++ b/renovate.json @@ -0,0 +1,6 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "local>t.behrendt/renovate-configs:common" + ] +}