Merge branch 'main' into feat/27485-bitbucket-task-autocomplete

.devcontainer/Dockerfile

@@ -1 +1 @@
-FROM ghcr.io/containerbase/devcontainer:11.11.6
+FROM ghcr.io/containerbase/devcontainer:11.11.8

.github/workflows/build.yml

@@ -683,7 +683,7 @@ jobs:
           show-progress: false
 
       - name: docker-config
-        uses: containerbase/internal-tools@8547f01d73522b44482b8757716e4e1d73cf3a66 # v3.4.7
+        uses: containerbase/internal-tools@950c21f000798710a192f614a1188cf091dece89 # v3.4.10
         with:
           command: docker-config
 

docs/usage/docker.md

@@ -307,7 +307,7 @@ Renovate will get the credentials with the [`google-auth-library`](https://www.n
     service_account: ${{ env.SERVICE_ACCOUNT }}
 
 - name: renovate
-  uses: renovatebot/[email protected].6
+  uses: renovatebot/[email protected].7
   env:
     RENOVATE_HOST_RULES: |
       [
@@ -427,33 +427,67 @@ If you have dependencies on Google Container Registry (and Artifact Registry) yo
 
 ##### Using short-lived access token / Gitlab CI / Google Cloud
 
-Assume you are running GitLab CI in the Google Cloud, and you are storing your Docker images in the Google Container Registry (GCR).
+For this example, assume that you want to:
 
-Access to the GCR uses Bearer token based authentication.
-This token can be obtained by running `gcloud auth print-access-token`, which requires the Google Cloud SDK to be installed.
+- Run the GitLab CI in the Google Cloud
+- Store your Docker images in the Google Container Registry (GCR)
 
-The token expires after 60 minutes so you cannot store it in a variable for subsequent builds (like you can with `RENOVATE_TOKEN`).
+###### Accessing the Google Container Registry
 
-When running Renovate in this context the Google access token must be retrieved and injected into the `hostRules` configuration just before Renovate is started.
+Accessing the GCR uses Bearer token based authentication.
 
-_This documentation gives **a few hints** on **a possible way** to achieve this end result._
+First, install the Google Cloud SDK.
+Then get the token by running: `gcloud auth print-access-token`.
 
-The basic approach is that you create a custom image and then run Renovate as one of the stages of your project.
-To make this run independent of any user you should use a [`Project Access Token`](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html) (with Scopes: `api`, `read_api` and `write_repository`) for the project and use this as the `RENOVATE_TOKEN` variable for GitLab CI.
-See also the [renovate-runner repository on GitLab](https://gitlab.com/renovate-bot/renovate-runner) where `.gitlab-ci.yml` configuration examples can be found.
+###### Short-lived GCR Bearer tokens
 
-To get access to the token a custom Renovate Docker image is needed that includes the Google Cloud SDK.
-The Dockerfile to create such an image can look like this:
+The GCR Bearer token expires after 60 minutes.
+This means you can _not_ re-use the token in a later build.
+
+Instead, _before_ Renovate starts in the GCR context, you must:
+
+1. Fetch the Google access token
+1. Inject the token into the `hostRules` configuration
+
+The following text explains one way to fetch the token, and inject it into Renovate.
+
+###### Basic approach
+
+The basic approach is:
+
+1. Create a custom image: fetch the GCR token, and inject the token into Renovate's `config.js` file
+1. Then run Renovate as one of the stages of your project
+
+###### Independent runs
+
+To make the run independent of any user, use a [`Project Access Token`](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html).
+Give the Project Access Token these scopes:
+
+- `api`
+- `read_api`
+- `write_repository`
+
+Then use the Project Access Token as the `RENOVATE_TOKEN` variable for GitLab CI.
+For more (`gitlab-ci.yml`) configuration examples, see the [`renovate-runner` repository on GitLab](https://gitlab.com/renovate-bot/renovate-runner).
+
+###### Create a custom image
+
+To access the token, you need a custom Renovate Docker image.
+Make sure to install the Google Cloud SDK into the custom image, as you need the `gcloud auth print-access-token` command later.
+
+For example:
 
 ```Dockerfile
-FROM renovate/renovate:38.39.6
+FROM renovate/renovate:38.52.3
 # Include the "Docker tip" which you can find here https://cloud.google.com/sdk/docs/install
 # under "Installation" for "Debian/Ubuntu"
 RUN ...
 ```
 
-For Renovate to access the Google Container Registry (GCR) it needs the current Google Access Token.
-The configuration fragment to do that looks something like this:
+###### Accessing the Google Container Registry (GCR)
+
+Renovate needs the current Google Access Token to access the Google Container Registry (GCR).
+Here's an example of how to set that up:
 
 ```js
 hostRules: [
@@ -464,7 +498,12 @@ hostRules: [
 ];
 ```
 
-One way to provide the short-lived Google Access Token to Renovate is by generating these settings into a `config.js` file from within the `.gitlab-ci.yml` right before starting Renovate:
+One way to give Renovate the short-lived Google Access Token is to:
+
+1. Write a script that generates a `config.js` file, with the token, in your `gitlab-ci.yml` file
+1. Run the `config.js` creation scrip just before you start Renovate
+
+For example:
 
 ```yaml
 script:

docs/usage/examples/self-hosting.md

@@ -25,8 +25,8 @@ It builds `latest` based on the `main` branch and all SemVer tags are published
 ```sh title="Example of valid tags"
 docker run --rm renovate/renovate
 docker run --rm renovate/renovate:38
-docker run --rm renovate/renovate:38.39
-docker run --rm renovate/renovate:38.39.6
+docker run --rm renovate/renovate:38.52
+docker run --rm renovate/renovate:38.52.3
 ```
 
 <!-- prettier-ignore -->
@@ -62,7 +62,7 @@ spec:
             - name: renovate
               # Update this to the latest available and then enable Renovate on
               # the manifest
-              image: renovate/renovate:38.39.6
+              image: renovate/renovate:38.52.3
               args:
                 - user/repo
               # Environment Variables
@@ -121,7 +121,7 @@ spec:
       template:
         spec:
           containers:
-            - image: renovate/renovate:38.39.6
+            - image: renovate/renovate:38.52.3
               name: renovate-bot
               env: # For illustration purposes, please use secrets.
                 - name: RENOVATE_PLATFORM
@@ -367,7 +367,7 @@ spec:
           containers:
             - name: renovate
               # Update this to the latest available and then enable Renovate on the manifest
-              image: renovate/renovate:38.39.6
+              image: renovate/renovate:38.52.3
               volumeMounts:
                 - name: ssh-key-volume
                   readOnly: true

docs/usage/golang.md

@@ -22,7 +22,7 @@ To learn what these variables do, read the [Go Modules Reference about the`GOPRO
 1. Renovate extracts existing dependencies from `require` statements
 1. Renovate resolves the dependency's source repository and checks for SemVer tags if found. Otherwise commits and `v0.0.0-....` syntax will be used
 1. If Renovate finds an update, Renovate will update `go.mod` to the new value
-1. Renovate runs `go get` to update the `go.sum` files (you can configure which directory are included using the `goGetDirs` option)
+1. Renovate runs `go get` to update the `go.sum` files (you can configure which directories are included using the `goGetDirs` option)
 1. If the user has enabled the option `gomodUpdateImportPaths` in the [`postUpdateOptions`](./configuration-options.md#postupdateoptions) array, then Renovate uses [mod](https://github.com/marwan-at-work/mod) to update import paths on major updates, which can update any Go source file
 1. If the user has any of the available `gomodTidy` options (e.g. `gomodTidy1.17`) in the [`postUpdateOptions`](./configuration-options.md#postupdateoptions), then Renovate runs `go mod tidy` with the respective options (multiple options are allowed).
 1. `go mod vendor` is run if vendored modules are detected

docs/usage/nuget.md

@@ -118,13 +118,17 @@ Credentials for authenticated/private feeds can be given via host rules in the c
 }
 ```
 
-If you're using Azure DevOps, you can set `matchHost` to `pkgs.dev.azure.com`.
+If you use Azure DevOps:
+
+- set `matchHost` to `pkgs.dev.azure.com`
+- set the username, so Renovate can build the project when it creates the PR
 
 <!-- prettier-ignore -->
 !!! note
     Only Basic HTTP authentication (via username and password) is supported.
-    For Azure DevOps, you can use a PAT with `read` permissions on `Packaging` plus an empty username.
-    The generated `nuget.config` enforces basic authentication and cannot be overridden externally!
+    For Azure DevOps: use a PAT with `read` permissions on `Packaging`.
+    The username of the PAT must match the username of the _user of the PAT_.
+    The generated `nuget.config` forces the basic authentication, which cannot be overridden externally!
 
 ## Future work
 

lib/config/options/index.ts

@@ -515,7 +515,7 @@ const options: RenovateOptions[] = [
     description:
       'Change this value to override the default Renovate sidecar image.',
     type: 'string',
-    default: 'ghcr.io/containerbase/sidecar:11.11.6',
+    default: 'ghcr.io/containerbase/sidecar:11.11.8',
     globalOnly: true,
   },
   {

lib/config/presets/internal/workarounds.ts

@@ -22,6 +22,7 @@ export const presets: Record<string, Preset> = {
       'workarounds:containerbase',
       'workarounds:bitnamiDockerImageVersioning',
       'workarounds:k3sKubernetesVersioning',
+      'workarounds:rke2KubernetesVersioning',
     ],
     ignoreDeps: [], // Hack to improve onboarding PR description
   },
@@ -200,6 +201,17 @@ export const presets: Record<string, Preset> = {
       },
     ],
   },
+  rke2KubernetesVersioning: {
+    description: 'Use custom regex versioning for rancher/rke2',
+    packageRules: [
+      {
+        matchDatasources: ['github-releases'],
+        matchPackageNames: ['rancher/rke2'],
+        versioning:
+          'regex:^v(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)(?:-(?<prerelease>[a-z]+\\d+))?(?<compatibility>\\+rke2r)(?<build>\\d+)$',
+      },
+    ],
+  },
   supportRedHatImageVersion: {
     description:
       'Use specific versioning for Red Hat-maintained container images.',

lib/data/monorepo.json

@@ -344,6 +344,7 @@
       "https://github.com/loopbackio/loopback-next"
     ],
     "lrnwebcomponents": "https://github.com/elmsln/lrnwebcomponents",
+    "lucide": "https://github.com/lucide-icons/lucide",
     "mailing": "https://github.com/sofn-xyz/mailing",
     "mantine": "https://github.com/mantinedev/mantine",
     "mapstruct": "https://github.com/mapstruct/mapstruct",

lib/modules/datasource/github-runners/index.ts

@@ -27,8 +27,8 @@ export class GithubRunnersDatasource extends Datasource {
       { version: '13' },
       { version: '13-large' },
       { version: '13-xlarge' },
-      { version: '12' },
-      { version: '12-large' },
+      { version: '12-large', isDeprecated: true },
+      { version: '12', isDeprecated: true },
       { version: '11', isDeprecated: true },
       { version: '10.15', isDeprecated: true },
     ],