diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index 6c62ad0e0f257..a7ab33199c48a 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -14,7 +14,7 @@ on: env: # Golang version to use across CI steps # renovate: datasource=golang-version packageName=golang - GOLANG_VERSION: '1.23.1' + GOLANG_VERSION: '1.23.2' concurrency: group: ${{ github.workflow }}-${{ github.ref }} diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index e7e9e77b7a7ab..c9727562b390e 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -53,7 +53,7 @@ jobs: with: # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) # renovate: datasource=golang-version packageName=golang - go-version: 1.23.1 + go-version: 1.23.2 platforms: ${{ needs.set-vars.outputs.platforms }} push: false @@ -70,7 +70,7 @@ jobs: ghcr_image_name: ghcr.io/argoproj/argo-cd/argocd:${{ needs.set-vars.outputs.image-tag }} # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) # renovate: datasource=golang-version packageName=golang - go-version: 1.23.1 + go-version: 1.23.2 platforms: ${{ needs.set-vars.outputs.platforms }} push: true secrets: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 43aa01735b7f2..ab49819359683 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -11,7 +11,7 @@ permissions: {} env: # renovate: datasource=golang-version packageName=golang - GOLANG_VERSION: '1.23.1' # Note: go-version must also be set in job argocd-image.with.go-version + GOLANG_VERSION: '1.23.2' # Note: go-version must also be set in job argocd-image.with.go-version jobs: argocd-image: @@ -25,7 +25,7 @@ jobs: quay_image_name: quay.io/argoproj/argocd:${{ github.ref_name }} # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) # renovate: datasource=golang-version packageName=golang - go-version: 1.23.1 + go-version: 1.23.2 platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le push: true secrets: diff --git a/Dockerfile b/Dockerfile index 758bd5756364e..ca99b8be19f9e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ ARG BASE_IMAGE=docker.io/library/ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8 # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image # Also used as the image in CI jobs so needs all dependencies #################################################################################################### -FROM docker.io/library/golang:1.23.1@sha256:4f063a24d429510e512cc730c3330292ff49f3ade3ae79bda8f84a24fa25ecb0 AS builder +FROM docker.io/library/golang:1.23.2@sha256:adee809c2d0009a4199a11a1b2618990b244c6515149fe609e2788ddf164bd10 AS builder RUN echo 'deb http://archive.debian.org/debian buster-backports main' >> /etc/apt/sources.list @@ -101,7 +101,7 @@ RUN HOST_ARCH=$TARGETARCH NODE_ENV='production' NODE_ONLINE_ENV='online' NODE_OP #################################################################################################### # Argo CD Build stage which performs the actual build of Argo CD binaries #################################################################################################### -FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.23.1@sha256:4f063a24d429510e512cc730c3330292ff49f3ade3ae79bda8f84a24fa25ecb0 AS argocd-build +FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.23.2@sha256:adee809c2d0009a4199a11a1b2618990b244c6515149fe609e2788ddf164bd10 AS argocd-build WORKDIR /go/src/github.com/argoproj/argo-cd diff --git a/renovate-presets/README.md b/renovate-presets/README.md new file mode 100644 index 0000000000000..7427c9b9d8190 --- /dev/null +++ b/renovate-presets/README.md @@ -0,0 +1,64 @@ +# Renovate shared presets + +This folder contains shared presets. +It also improve separation of concerns between packageRules in a single file quickly become hard to maintain. + +# How to use a preset + +1. Add the preset to your renovate.json file: + +```json +{ + //json + "extends": [ + "github>argoproj/argo-cd//renovate-presets:argoproj" +] +} +``` + +### Note : + +It would make sense to move this folder to a new repository in the future. + +Benefits: +- Improved feedback loop for configuration changes, no need to wait for a PR to be merged into master. +- Avoid polluting git history. +- Avoids consuming the repository's CI/CD resources. +- The `renovate.json` in each repository can be simplified to only include a single presets : + ```json + { + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "github>argoproj/renovate-presets//argoproj/renovate.json5" + ], + // rules are empty and this file won't need to be modified again. + "packageRules": [] + } + ``` +Inconvenient: +- Owners of a repository can impact the configuration of all repositories. Use codeowners to prevent this. + +Example of repo structure : +```shell +. +├── README.md +├── .github/CODEOWNERS +├── common.json5 # common presets for all repositories +├── fix/ +│ └── openssf-merge-confidence-columns.json5 +├── custom-managers/ +│ ├── bash.json5 +│ └── yaml.json5 +└── argoproj/ # organization + ├── argo-cd/ # repository + ├── devtools.json5 # rules specific to the devtool (CI and dev environment...) + ├── doc.json5 # rules specific to the doc written with mkdoc. + ├── # etc... + └── renovate.json5 # A single preset referenced from the repository argopro/argo-cd. + ├── argo-rollouts/ # repository + │ ── renovate.json5 + + + + +``` diff --git a/renovate-presets/commons.json5 b/renovate-presets/commons.json5 new file mode 100644 index 0000000000000..a1608f321bc68 --- /dev/null +++ b/renovate-presets/commons.json5 @@ -0,0 +1,55 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "description": "Contains rules that makes sense to enforce by default.", + "dependencyDashboard": true, + "dependencyDashboardOSVVulnerabilitySummary": "all", + "osvVulnerabilityAlerts": true, + "extends": [ + "config:best-practices", + "customManagers:dockerfileVersions", + "security:openssf-scorecard", + "mergeConfidence:all-badges", + "github>argoproj/argo-cd//renovate-presets/fix/openssf-merge-confidence-columns.json5", + ], + "packageRules": [ + { + "description": "Define labels used for all PRs", + "matchPackageNames": [ + "*" + ], + "labels": [ + "dependencies" + ] + }, + { + "description": "Define labels of the dependency dashboard issues.", + "dependencyDashboardLabels": [ + "dependencies", + ] + }, + { + "description": "Add labels for PRs related to javascript", + "matchDatasources": [ + "node-version", + "npm" + ], + "addLabels": [ + "javascript" + ] + }, + { + "description": "Add labels for PRs related to go", + "matchDatasources": [ + "golang-version", + "go" + ], + "addLabels": [ + "go" + ] + }, + { + "description": "Define the label to make Renovate stop updating a PR.", + "stopUpdatingLabel": "dependencies:stop-updating" + } + ] +} \ No newline at end of file diff --git a/renovate-presets/custom-managers/yaml.json5 b/renovate-presets/custom-managers/yaml.json5 index 70cc6629ef756..8729f611c8ea7 100644 --- a/renovate-presets/custom-managers/yaml.json5 +++ b/renovate-presets/custom-managers/yaml.json5 @@ -2,7 +2,7 @@ "$schema": "https://docs.renovatebot.com/renovate-schema.json", "customManagers": [ { - "description": "A generic custom manager for updating any yaml fields ending by *version: case incensitive", + "description": "A generic custom manager for updating any yaml fields ending by 'version:' (case insensitive)", "customType": "regex", "fileMatch": [ ".github\\/workflows.+\\.(?:yml|yaml)$" diff --git a/renovate-presets/devtool.json5 b/renovate-presets/devtool.json5 new file mode 100644 index 0000000000000..eaf6a365168b5 --- /dev/null +++ b/renovate-presets/devtool.json5 @@ -0,0 +1,72 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "description": "Rules specific to the devtool (CI, dev environment...)", + "packageRules": [ + { + "description": "Enable updates from specified datasources", + "matchDatasources": [ + "node-version", + "golang-version" + ], + "enabled": true + }, + { + "description": "Enable updates from specified go modules", + "matchDatasources": [ + "go" + ], + "matchPackageNames": [ + "github.com/golangci/golangci-lint" + ], + "enabled": true + }, + { + "description": "Enable updates from specified docker images", + "matchDatasources": [ + "docker" + ], + "matchPackageNames": [ + "docker.io/library/node", + "docker.io/library/golang" + ], + "enabled": true + }, + { + "description": "Group golang-version packages", + "groupName": "golang version", + "matchDepNames": [ + "go", + "golang", + "docker.io/golang", + "docker.io/library/golang" + ], + "separateMajorMinor": true + }, + { + "description": "Group node-version packages", + "groupName": "node version", + "matchDepNames": [ + "node", + "docker.io/library/node" + ], + "separateMajorMinor": true + }, + { + "description": "Separate major into their PRs", + "matchDatasources": [ + "node-version", + "golang-version" + ], + "separateMultipleMajor": true + }, + { + "description": "Example: reduce noise by automerging safe pkgs. Multiple match fields can be used to reduce the scope of this rule...", + "matchUpdateTypes": [ + "patch", + "pin", + "digest" + ], + "automerge": false + } + ] +} diff --git a/renovate-presets/fix/disable-all-updates.json5 b/renovate-presets/fix/disable-all-updates.json5 new file mode 100644 index 0000000000000..83f88bba8ebd9 --- /dev/null +++ b/renovate-presets/fix/disable-all-updates.json5 @@ -0,0 +1,13 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "description": "Contains rules specific to the devtool (CI and dev environment...)", + "packageRules": [ + { + "description": "Disable all updates to avoid conflicts with dependabot, then enable what you need.", + "matchPackageNames": [ + "*" + ], + "enabled": false + } + ] +} diff --git a/renovate.json b/renovate.json index 228b3d77f4616..a621aaa1676e4 100644 --- a/renovate.json +++ b/renovate.json @@ -1,113 +1,10 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "dependencyDashboard": true, - "dependencyDashboardOSVVulnerabilitySummary": "all", - "osvVulnerabilityAlerts": true, - "reviewersFromCodeOwners": true, "extends": [ - "config:best-practices", - "customManagers:dockerfileVersions", - "security:openssf-scorecard", - "mergeConfidence:all-badges", - "github>argoproj/argo-cd//renovate-presets/fix/openssf-merge-confidence-columns.json5", + "github>ggjulio/argo-cd//renovate-presets/commons.json5", "github>argoproj/argo-cd//renovate-presets/custom-managers/shell.json5", - "github>argoproj/argo-cd//renovate-presets/custom-managers/yaml.json5" - ], - "packageRules": [ - { - "description": "Disable all updates to avoid conflicts with dependabot, then enable what we want", - "matchPackageNames": [ - "*" - ], - "enabled": false - }, - { - "description": "Add label dependencies to all PRs", - "matchPackageNames": [ - "*" - ], - "labels": [ - "dependencies" - ] - }, - { - "description": "Enable node-version", - "matchDatasources": [ - "node-version" - ], - "addLabels": [ - "javascript" - ], - "enabled": true - }, - { - "description": "Enable golang-version", - "matchDatasources": [ - "golang-version" - ], - "addLabels": [ - "go" - ], - "enabled": true - }, - { - "description": "Enable some go modules", - "matchDatasources": [ - "go" - ], - "matchPackageNames": [ - "go", - "github.com/golangci/golangci-lint" - ], - "addLabels": [ - "go" - ], - "enabled": true - }, - { - "description": "Enable bump of golang version in go.mod", - "matchDatasources": [ - "golang-version" - ], - "rangeStrategy": "bump" - }, - { - "description": "Enable some docker images", - "matchDatasources": [ - "docker" - ], - "matchPackageNames": [ - "docker.io/library/node", - "docker.io/library/golang" - ], - "enabled": true - }, - { - "description": "Group golang-version packages", - "groupName": "golang version", - "matchDepNames": [ - "go", - "golang", - "docker.io/golang", - "docker.io/library/golang" - ] - }, - { - "description": "Group node-version packages", - "groupName": "node version", - "matchDepNames": [ - "node", - "docker.io/library/node" - ] - }, - { - "description": "an example to reduce noise by automerging pkgs that are safe to merge, multiple match fields can be used to reduce the scope of this rule...)", - "matchUpdateTypes": [ - "patch", - "pin", - "digest" - ], - "automerge": false - } + "github>argoproj/argo-cd//renovate-presets/custom-managers/yaml.json5", + "github>ggjulio/argo-cd//renovate-presets/fix/disable-all-updates.json5", + "github>ggjulio/argo-cd//renovate-presets/devtool.json5" ] }