jessebot
72342cde80
move renovate.json to the root dir and allow ignoring tests for merging GHA patch/minor updates only switch the appVersion in Chart.yaml to a specific sha tag that should actually work, until pixelfed does another official release set the securityContext and podSecurityContext to run as user 33, which is www-data to solve security root escalation issue Signed-off-by: jessebot <jessebot@linux.com>
35 lines
1.3 KiB
JSON
35 lines
1.3 KiB
JSON
{
|
|
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
|
"customManagers": [
|
|
{
|
|
"customType": "regex",
|
|
"datasourceTemplate": "docker",
|
|
"fileMatch": [
|
|
"(^|/)Chart\\.yaml$"
|
|
],
|
|
"matchStrings": [
|
|
"#\\s*renovate: image=(?<depName>.*?)\\s+appVersion:\\s*[\"']?(?<currentValue>[\\w+\\.\\-]*)"
|
|
]
|
|
}
|
|
],
|
|
"packageRules": [
|
|
{
|
|
"description": "Bump helm chart versions by a patch when updating values files. Digests, pins, rollbacks, replacements and pinDigest updates are deliberately ignored since in our use case, these need a manual decision about the version bump for the chart. This can be removed when https://github.com/renovatebot/renovate/issues/8231 is implemented and enabled.",
|
|
"matchManagers": ["helm-values", "regex"],
|
|
"postUpgradeTasks": {
|
|
"commands": [
|
|
"scripts/bump-chart-version.sh '{{{parentDir}}}' '{{{updateType}}}'"
|
|
],
|
|
"fileFilters": ["**/Chart.yaml"],
|
|
"executionMode": "branch"
|
|
}
|
|
},
|
|
{
|
|
"matchManagers": ["github-actions"],
|
|
"matchUpdateTypes": ["patch", "minor"],
|
|
"automerge": true,
|
|
"ignoreTests": true
|
|
}
|
|
]
|
|
}
|