Compare commits

...

18 commits

Author SHA1 Message Date
javiertury
3d3301fe16
Merge be61d66295 into 19a99d2ca9 2025-01-07 09:11:53 +01:00
Gabriel-Ladzaretti
19a99d2ca9
feat(config): add repo phase enviorment config (#33360)
Some checks are pending
Build / setup (push) Waiting to run
Build / setup-build (push) Waiting to run
Build / prefetch (push) Blocked by required conditions
Build / lint-eslint (push) Blocked by required conditions
Build / lint-prettier (push) Blocked by required conditions
Build / lint-docs (push) Blocked by required conditions
Build / lint-other (push) Blocked by required conditions
Build / (push) Blocked by required conditions
Build / codecov (push) Blocked by required conditions
Build / coverage-threshold (push) Blocked by required conditions
Build / test-success (push) Blocked by required conditions
Build / build (push) Blocked by required conditions
Build / build-docs (push) Blocked by required conditions
Build / test-e2e (push) Blocked by required conditions
Build / release (push) Blocked by required conditions
Code scanning / CodeQL-Build (push) Waiting to run
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
whitesource-scan / WS_SCAN (push) Waiting to run
2025-01-07 06:56:48 +00:00
Johannes Feichtner
80faed3ffe
fix(gradle): avoid heuristic matching of gradle feature variant capabilities (#33438) 2025-01-07 06:53:48 +00:00
renovate[bot]
a8766ee50b
chore(deps): update dependency markdownlint-cli2 to v0.17.1 (#33441)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-01-07 05:17:14 +00:00
renovate[bot]
bbc4fb8bb9
build(deps): update dependency yaml to v2.7.0 (#33440)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-01-07 05:11:10 +00:00
RahulGautamSingh
a67c45f9d6
fix(config): encrypted field validation (#33382)
Some checks are pending
Build / setup (push) Waiting to run
Build / setup-build (push) Waiting to run
Build / prefetch (push) Blocked by required conditions
Build / lint-eslint (push) Blocked by required conditions
Build / lint-prettier (push) Blocked by required conditions
Build / lint-docs (push) Blocked by required conditions
Build / lint-other (push) Blocked by required conditions
Build / (push) Blocked by required conditions
Build / codecov (push) Blocked by required conditions
Build / coverage-threshold (push) Blocked by required conditions
Build / test-success (push) Blocked by required conditions
Build / build (push) Blocked by required conditions
Build / build-docs (push) Blocked by required conditions
Build / test-e2e (push) Blocked by required conditions
Build / release (push) Blocked by required conditions
Code scanning / CodeQL-Build (push) Waiting to run
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
whitesource-scan / WS_SCAN (push) Waiting to run
Co-authored-by: Rhys Arkins <rhys@arkins.net>
2025-01-06 18:55:03 +00:00
renovate[bot]
cfcd53a887
chore(deps): update dependency memfs to v4.15.2 (#33436)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-01-06 18:34:10 +00:00
HonkingGoose
2745b8d6f3
docs: disable announcement bar for v39 release notes (#33429) 2025-01-06 18:19:46 +00:00
renovate[bot]
0e2b1c0d2d
chore(deps): update linters to v8.19.0 (#33435)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-01-06 18:11:22 +00:00
renovate[bot]
89a9251f20
fix(deps): update ghcr.io/renovatebot/base-image docker tag to v9.28.1 (#33432)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-01-06 13:10:11 +00:00
renovate[bot]
864199651b
fix(deps): update ghcr.io/containerbase/sidecar docker tag to v13.5.8 (#33427)
Some checks are pending
Build / coverage-threshold (push) Blocked by required conditions
Build / test-success (push) Blocked by required conditions
Build / lint-eslint (push) Blocked by required conditions
Build / lint-prettier (push) Blocked by required conditions
Build / setup (push) Waiting to run
Build / setup-build (push) Waiting to run
Build / prefetch (push) Blocked by required conditions
Build / lint-docs (push) Blocked by required conditions
Build / lint-other (push) Blocked by required conditions
Build / (push) Blocked by required conditions
Build / codecov (push) Blocked by required conditions
Build / build (push) Blocked by required conditions
Build / build-docs (push) Blocked by required conditions
Build / test-e2e (push) Blocked by required conditions
Build / release (push) Blocked by required conditions
Code scanning / CodeQL-Build (push) Waiting to run
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
whitesource-scan / WS_SCAN (push) Waiting to run
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-01-06 11:04:24 +00:00
renovate[bot]
dbd6924452
chore(deps): update ghcr.io/containerbase/devcontainer docker tag to v13.5.8 (#33426)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-01-06 10:58:45 +00:00
renovate[bot]
9ed41b0899
chore(deps): update dependency renovatebot/github-action to v41.0.8 (#33425)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-01-06 10:58:44 +00:00
renovate[bot]
47d7b1429f
chore(deps): update dependency @swc/core to v1.10.4 (#33423)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-01-06 04:57:12 +00:00
renovate[bot]
be31692f07
chore(deps): lock file maintenance (#33420)
Some checks are pending
Build / coverage-threshold (push) Blocked by required conditions
Build / test-success (push) Blocked by required conditions
Build / setup (push) Waiting to run
Build / setup-build (push) Waiting to run
Build / prefetch (push) Blocked by required conditions
Build / lint-eslint (push) Blocked by required conditions
Build / lint-prettier (push) Blocked by required conditions
Build / lint-docs (push) Blocked by required conditions
Build / lint-other (push) Blocked by required conditions
Build / (push) Blocked by required conditions
Build / codecov (push) Blocked by required conditions
Build / build (push) Blocked by required conditions
Build / build-docs (push) Blocked by required conditions
Build / test-e2e (push) Blocked by required conditions
Build / release (push) Blocked by required conditions
Code scanning / CodeQL-Build (push) Waiting to run
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
whitesource-scan / WS_SCAN (push) Waiting to run
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-01-06 01:14:35 +00:00
renovate[bot]
dd1675a930
docs: update references to renovate/renovate (#33419)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-01-06 01:11:48 +00:00
javiertury
be61d66295 fix(gitea): stop PR cache pagination if zero items 2024-12-16 07:46:36 +01:00
javiertury
e7fcaec9e0 fix(gitea): use configured endpoint in PR cache (#32825) 2024-12-15 14:26:54 +01:00
18 changed files with 555 additions and 407 deletions

View file

@ -1 +1 @@
FROM ghcr.io/containerbase/devcontainer:13.5.7
FROM ghcr.io/containerbase/devcontainer:13.5.8

View file

@ -307,7 +307,7 @@ Renovate will get the credentials with the [`google-auth-library`](https://www.n
service_account: ${{ env.SERVICE_ACCOUNT }}
- name: renovate
uses: renovatebot/github-action@v41.0.7
uses: renovatebot/github-action@v41.0.8
env:
RENOVATE_HOST_RULES: |
[
@ -478,7 +478,7 @@ Make sure to install the Google Cloud SDK into the custom image, as you need the
For example:
```Dockerfile
FROM renovate/renovate:39.86.0
FROM renovate/renovate:39.91.0
# Include the "Docker tip" which you can find here https://cloud.google.com/sdk/docs/install
# under "Installation" for "Debian/Ubuntu"
RUN ...

View file

@ -25,8 +25,8 @@ It builds `latest` based on the `main` branch and all SemVer tags are published
```sh title="Example of valid tags"
docker run --rm renovate/renovate
docker run --rm renovate/renovate:39
docker run --rm renovate/renovate:39.86
docker run --rm renovate/renovate:39.86.0
docker run --rm renovate/renovate:39.91
docker run --rm renovate/renovate:39.91.0
```
<!-- prettier-ignore -->
@ -62,7 +62,7 @@ spec:
- name: renovate
# Update this to the latest available and then enable Renovate on
# the manifest
image: renovate/renovate:39.86.0
image: renovate/renovate:39.91.0
args:
- user/repo
# Environment Variables
@ -121,7 +121,7 @@ spec:
template:
spec:
containers:
- image: renovate/renovate:39.86.0
- image: renovate/renovate:39.91.0
name: renovate-bot
env: # For illustration purposes, please use secrets.
- name: RENOVATE_PLATFORM
@ -367,7 +367,7 @@ spec:
containers:
- name: renovate
# Update this to the latest available and then enable Renovate on the manifest
image: renovate/renovate:39.86.0
image: renovate/renovate:39.91.0
volumeMounts:
- name: ssh-key-volume
readOnly: true

View file

@ -23,6 +23,13 @@ For more information see [the OpenTelemetry docs](opentelemetry.md).
If set to any value, Renovate will always paginate requests to GitHub fully, instead of stopping after 10 pages.
## `RENOVATE_STATIC_REPO_CONFIG`
If set to a _valid_ `JSON` string containing a _valid_ Renovate configuration, it will be applied to the repository config before resolving the actual configuration file within the repository.
> [!warning]
> An invalid value will result in the scan being aborted.
## `RENOVATE_X_DOCKER_HUB_DISABLE_LABEL_LOOKUP`
If set to any value, Renovate will skip attempting to get release labels (e.g. gitRef, sourceUrl) from manifest annotations for `https://index.docker.io`.

View file

@ -12,6 +12,7 @@ describe('config/decrypt', () => {
beforeEach(() => {
config = {};
GlobalConfig.reset();
delete process.env.MEND_HOSTED;
delete process.env.RENOVATE_X_ENCRYPTED_STRICT;
});
@ -34,8 +35,19 @@ describe('config/decrypt', () => {
it('throws exception if encrypted found but no privateKey', async () => {
config.encrypted = { a: '1' };
process.env.RENOVATE_X_ENCRYPTED_STRICT = 'true';
process.env.RENOVATE_X_ENCRYPTED_STRICT = 'true';
await expect(decryptConfig(config, repository)).rejects.toThrow(
'config-validation',
);
});
// coverage
it('throws exception if encrypted found but no privateKey- Mend Hosted', async () => {
config.encrypted = { a: '1' };
process.env.MEND_HOSTED = 'true';
process.env.RENOVATE_X_ENCRYPTED_STRICT = 'true';
await expect(decryptConfig(config, repository)).rejects.toThrow(
'config-validation',
);

View file

@ -179,6 +179,12 @@ export async function decryptConfig(
error.validationSource = 'config';
error.validationError = 'Encrypted config unsupported';
error.validationMessage = `This config contains an encrypted object at location \`$.${key}\` but no privateKey is configured. To support encrypted config, the Renovate administrator must configure a \`privateKey\` in Global Configuration.`;
if (process.env.MEND_HOSTED === 'true') {
error.validationMessage = `Mend-hosted Renovate Apps no longer support the use of encrypted secrets in Renovate file config (e.g. renovate.json).
Please migrate all secrets to the Developer Portal using the web UI available at https://developer.mend.io/
Refer to migration documents here: https://docs.renovatebot.com/mend-hosted/migrating-secrets/`;
}
throw error;
} else {
logger.error('Found encrypted data but no privateKey');

View file

@ -516,7 +516,7 @@ const options: RenovateOptions[] = [
description:
'Change this value to override the default Renovate sidecar image.',
type: 'string',
default: 'ghcr.io/containerbase/sidecar:13.5.7',
default: 'ghcr.io/containerbase/sidecar:13.5.8',
globalOnly: true,
},
{

View file

@ -759,12 +759,13 @@ describe('modules/manager/gradle/parser', () => {
describe('heuristic dependency matching', () => {
it.each`
input | output
${'("foo", "bar", "1.2.3")'} | ${{ depName: 'foo:bar', currentValue: '1.2.3' }}
${'("foo", "bar", "1.2.3", "4.5.6")'} | ${null}
${'(["foo", "bar", "1.2.3"])'} | ${null}
${'someMethod("foo", "bar", "1.2.3")'} | ${{ depName: 'foo:bar', currentValue: '1.2.3' }}
${'listOf("foo", "bar", "baz")'} | ${null}
input | output
${'("foo", "bar", "1.2.3")'} | ${{ depName: 'foo:bar', currentValue: '1.2.3' }}
${'("foo", "bar", "1.2.3", "4.5.6")'} | ${null}
${'(["foo", "bar", "1.2.3"])'} | ${null}
${'someMethod("foo", "bar", "1.2.3")'} | ${{ depName: 'foo:bar', currentValue: '1.2.3' }}
${'listOf("foo", "bar", "baz")'} | ${null}
${'java { registerFeature(foo) { capability("foo", "bar", "1.2.3") } }'} | ${null}
`('$input', ({ input, output }) => {
const { deps } = parseGradle(input);
expect(deps).toMatchObject([output].filter(is.truthy));

View file

@ -4,6 +4,7 @@ import type { Ctx } from '../types';
import {
GRADLE_PLUGINS,
cleanupTempVars,
qDotOrBraceExpr,
qTemplateString,
qValueMatcher,
storeInTokenMap,
@ -204,4 +205,6 @@ export const qDependencies = q.alt(
qKotlinShortNotationDependencies,
qKotlinMapNotationDependencies,
qImplicitGradlePlugin,
// avoid heuristic matching of gradle feature variant capabilities
qDotOrBraceExpr('java', q.sym<Ctx>('registerFeature').tree()),
);

View file

@ -118,13 +118,16 @@ export class GiteaPrCache {
}
private async sync(http: GiteaHttp): Promise<GiteaPrCache> {
const query = getQueryString({
const urlPath = `${API_PATH}/repos/${this.repo}/pulls`;
const queryParams = {
state: 'all',
sort: 'recentupdate',
});
};
let page: number = 1;
const query = getQueryString(queryParams);
let url: string | undefined =
`${API_PATH}/repos/${this.repo}/pulls?${query}`;
`${urlPath}?${query}`;
while (url) {
const res: HttpResponse<PR[]> = await http.getJson<PR[]>(url, {
@ -133,11 +136,17 @@ export class GiteaPrCache {
});
const needNextPage = this.reconcile(res.body);
if (!needNextPage) {
const nextUrl: string | undefined = parseLinkHeader(res.headers.link)?.next?.url;
if (!needNextPage || res.body.length === 0 || nextUrl === undefined) {
break;
}
url = parseLinkHeader(res.headers.link)?.next?.url;
page += 1;
const query = getQueryString({
...queryParams,
page
});
url = `${urlPath}?${query}`;
}
this.updateItems();

View file

@ -121,16 +121,10 @@ export async function getConfig(
inputEnv: NodeJS.ProcessEnv,
configEnvKey = 'RENOVATE_CONFIG',
): Promise<AllConfig> {
let env = normalizePrefixes(inputEnv, inputEnv.ENV_PREFIX);
env = massageConvertedExperimentalVars(env);
env = renameEnvKeys(env);
// massage the values of migrated configuration keys
env = massageEnvKeyValues(env);
const options = getOptions();
const env = prepareEnv(inputEnv);
const config = await parseAndValidateOrExit(env, configEnvKey);
const options = getOptions();
config.hostRules ??= [];
for (const option of options) {
@ -235,7 +229,15 @@ export async function getConfig(
return config;
}
async function parseAndValidateOrExit(
export function prepareEnv(inputEnv: NodeJS.ProcessEnv): NodeJS.ProcessEnv {
let env = normalizePrefixes(inputEnv, inputEnv.ENV_PREFIX);
env = massageConvertedExperimentalVars(env);
env = renameEnvKeys(env);
// massage the values of migrated configuration keys
return massageEnvKeyValues(env);
}
export async function parseAndValidateOrExit(
env: NodeJS.ProcessEnv,
configEnvKey: string,
): Promise<AllConfig> {

View file

@ -0,0 +1,46 @@
import type { AllConfig } from '../../../config/types';
import { mergeStaticRepoEnvConfig } from './config';
describe('workers/repository/init/config', () => {
describe('mergeRepoEnvConfig()', () => {
type MergeRepoEnvTestCase = {
name: string;
env: NodeJS.ProcessEnv;
currentConfig: AllConfig;
wantConfig: AllConfig;
};
const testCases: MergeRepoEnvTestCase[] = [
{
name: 'it does nothing',
env: {},
currentConfig: { repositories: ['some/repo'] },
wantConfig: { repositories: ['some/repo'] },
},
{
name: 'it merges env with the current config',
env: { RENOVATE_STATIC_REPO_CONFIG: '{"dependencyDashboard":true}' },
currentConfig: { repositories: ['some/repo'] },
wantConfig: {
dependencyDashboard: true,
repositories: ['some/repo'],
},
},
{
name: 'it ignores env with other renovate specific configuration options',
env: { RENOVATE_CONFIG: '{"dependencyDashboard":true}' },
currentConfig: { repositories: ['some/repo'] },
wantConfig: { repositories: ['some/repo'] },
},
];
it.each(testCases)(
'$name',
async ({ env, currentConfig, wantConfig }: MergeRepoEnvTestCase) => {
const got = await mergeStaticRepoEnvConfig(currentConfig, env);
expect(got).toEqual(wantConfig);
},
);
});
});

View file

@ -1,4 +1,7 @@
import type { RenovateConfig } from '../../../config/types';
import is from '@sindresorhus/is';
import { mergeChildConfig } from '../../../config';
import type { AllConfig, RenovateConfig } from '../../../config/types';
import { parseAndValidateOrExit } from '../../global/config/parse/env';
import { checkOnboardingBranch } from '../onboarding/branch';
import { mergeInheritedConfig } from './inherited';
import { mergeRenovateConfig } from './merge';
@ -10,7 +13,24 @@ export async function getRepoConfig(
let config = { ...config_ };
config.baseBranch = config.defaultBranch;
config = await mergeInheritedConfig(config);
config = await mergeStaticRepoEnvConfig(config, process.env);
config = await checkOnboardingBranch(config);
config = await mergeRenovateConfig(config);
return config;
}
export async function mergeStaticRepoEnvConfig(
config: AllConfig,
env: NodeJS.ProcessEnv,
): Promise<AllConfig> {
const repoEnvConfig = await parseAndValidateOrExit(
env,
'RENOVATE_STATIC_REPO_CONFIG',
);
if (!is.nonEmptyObject(repoEnvConfig)) {
return config;
}
return mergeChildConfig(config, repoEnvConfig);
}

View file

@ -250,7 +250,7 @@
"validate-npm-package-name": "6.0.0",
"vuln-vects": "1.1.0",
"xmldoc": "1.3.0",
"yaml": "2.6.1",
"yaml": "2.7.0",
"zod": "3.24.1"
},
"optionalDependencies": {
@ -269,7 +269,7 @@
"@openpgp/web-stream-tools": "0.1.3",
"@renovate/eslint-plugin": "file:tools/eslint",
"@semantic-release/exec": "6.0.3",
"@swc/core": "1.10.3",
"@swc/core": "1.10.4",
"@types/auth-header": "1.0.6",
"@types/aws4": "1.11.6",
"@types/better-sqlite3": "7.6.12",
@ -311,8 +311,8 @@
"@types/url-join": "4.0.3",
"@types/validate-npm-package-name": "4.0.2",
"@types/xmldoc": "1.1.9",
"@typescript-eslint/eslint-plugin": "8.18.2",
"@typescript-eslint/parser": "8.18.2",
"@typescript-eslint/eslint-plugin": "8.19.0",
"@typescript-eslint/parser": "8.19.0",
"aws-sdk-client-mock": "4.1.0",
"callsite": "1.0.0",
"common-tags": "1.8.2",
@ -335,8 +335,8 @@
"jest-mock": "29.7.0",
"jest-mock-extended": "3.0.7",
"jest-snapshot": "29.7.0",
"markdownlint-cli2": "0.17.0",
"memfs": "4.15.1",
"markdownlint-cli2": "0.17.1",
"memfs": "4.15.2",
"nock": "13.5.6",
"npm-run-all2": "7.0.2",
"nyc": "17.1.0",

View file

@ -386,13 +386,13 @@ files = [
[[package]]
name = "pygments"
version = "2.18.0"
version = "2.19.0"
requires_python = ">=3.8"
summary = "Pygments is a syntax highlighting package written in Python."
groups = ["default"]
files = [
{file = "pygments-2.18.0-py3-none-any.whl", hash = "sha256:b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a"},
{file = "pygments-2.18.0.tar.gz", hash = "sha256:786ff802f32e91311bff3889f6e9a86e81505fe99f2735bb6d60ae0c5004f199"},
{file = "pygments-2.19.0-py3-none-any.whl", hash = "sha256:4755e6e64d22161d5b61432c0600c923c5927214e7c956e31c23923c89251a9b"},
{file = "pygments-2.19.0.tar.gz", hash = "sha256:afc4146269910d4bdfabcd27c24923137a74d562a23a320a41a55ad303e19783"},
]
[[package]]

File diff suppressed because it is too large Load diff

View file

@ -5,19 +5,19 @@ ARG BASE_IMAGE_TYPE=slim
# --------------------------------------
# slim image
# --------------------------------------
FROM ghcr.io/renovatebot/base-image:9.28.0@sha256:9d687b1dcb570c96c15c89b34709c819b76ec28bdc7d89eca3e9a73cca3db4a4 AS slim-base
FROM ghcr.io/renovatebot/base-image:9.28.1@sha256:d012a79a5f3dc6e6067c46016405064b30fbaaac954597318a7a2122ef807444 AS slim-base
# --------------------------------------
# full image
# --------------------------------------
FROM ghcr.io/renovatebot/base-image:9.28.0-full@sha256:8158e260c0999da25fb404a50ffaf47b9a90b2550ae6d2112736c4b370a8f507 AS full-base
FROM ghcr.io/renovatebot/base-image:9.28.1-full@sha256:422a843cbf6c1a3730fab9e89877bf04c49d329501a5b998488078cc6153fc03 AS full-base
ENV RENOVATE_BINARY_SOURCE=global
# --------------------------------------
# build image
# --------------------------------------
FROM --platform=$BUILDPLATFORM ghcr.io/renovatebot/base-image:9.28.0@sha256:9d687b1dcb570c96c15c89b34709c819b76ec28bdc7d89eca3e9a73cca3db4a4 AS build
FROM --platform=$BUILDPLATFORM ghcr.io/renovatebot/base-image:9.28.1@sha256:d012a79a5f3dc6e6067c46016405064b30fbaaac954597318a7a2122ef807444 AS build
# We want a specific node version here
# renovate: datasource=node-version

View file

@ -59,7 +59,7 @@ theme:
# The custom_dir points to the overrides folder, this folder has the code for our announcement bar.
# The easiest way to disable the announcement bar is to comment out the custom_dir: overrides entry in this mkdocs.yml file.
# https://squidfunk.github.io/mkdocs-material/customization/#setup-and-theme-structure
custom_dir: overrides
# custom_dir: overrides
logo: 'assets/images/logo.png'
favicon: 'assets/images/logo.png'