From 930832e59ffe39213319a58c37935579ef209555 Mon Sep 17 00:00:00 2001
From: Tobias Klauser <tobias@cilium.io>
Date: Mon, 8 May 2023 13:37:50 +0200
Subject: [PATCH] Add renovate configuration

Renovate is a bot that allows to update dependencies in the repository.

The configuration is based on the one from the cilium/ciliume repo:
https://github.com/cilium/cilium/blob/030bb1abbdb0a3bf6de7eae2f53af6ea6939c1d9/.github/renovate.json5

For future reference the documentation is available in:
- https://github.com/renovatebot/tutorial
- https://docs.renovatebot.com/configuration-options

Signed-off-by: Tobias Klauser <tobias@cilium.io>
---
 .github/renovate.json5              | 135 ++++++++++++++++++++++++++++
 .github/workflows/go.yaml           |   2 +
 .github/workflows/kind.yaml         |   2 +
 .github/workflows/multicluster.yaml |   1 +
 .github/workflows/release.yaml      |   1 +
 Makefile                            |   2 +
 6 files changed, 143 insertions(+)
 create mode 100644 .github/renovate.json5

diff --git a/.github/renovate.json5 b/.github/renovate.json5
new file mode 100644
index 0000000000..312d563420
--- /dev/null
+++ b/.github/renovate.json5
@@ -0,0 +1,135 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:base",
+    ":gitSignOff",
+    "helpers:pinGitHubActionDigests"
+  ],
+  // This ensures that the gitAuthor and gitSignOff fields match
+  "gitAuthor": "renovate[bot] <bot@renovateapp.com>",
+  "includePaths": [
+    ".github/workflows/**",
+    "go.mod",
+    "go.sum",
+    "Dockerfile",
+    "Makefile",
+  ],
+  postUpdateOptions: [
+    "gomodTidy"
+  ],
+  "pinDigests": true,
+  "ignorePresets": [":prHourlyLimit2"],
+  "separateMajorMinor": true,
+  "separateMultipleMajor": true,
+  "separateMinorPatch": true,
+  "pruneStaleBranches": true,
+  "baseBranches": [
+    "main"
+  ],
+  "vulnerabilityAlerts": {
+    "enabled": true
+  },
+  "labels": [
+    "kind/enhancement",
+    "priority/release-blocker"
+  ],
+  "stopUpdatingLabel": "renovate/stop-updating",
+  "packageRules": [
+    {
+      "groupName": "all github action dependencies",
+      "groupSlug": "all-github-action",
+      "matchPaths": [
+        ".github/workflows/**"
+      ],
+      "matchUpdateTypes": [
+        "major",
+        "minor",
+        "digest",
+        "patch",
+        "pin",
+        "pinDigest"
+      ]
+    },
+    {
+      "groupName": "all go dependencies main",
+      "groupSlug": "all-go-deps-main",
+      "matchFiles": [
+        "go.mod",
+        "go.sum"
+      ],
+      "postUpdateOptions": [
+        // update source import paths on major updates
+        "gomodUpdateImportPaths",
+      ],
+      "matchUpdateTypes": [
+        "major",
+        "minor",
+        "digest",
+        "patch",
+        "pin",
+        "pinDigest"
+      ]
+      matchBaseBranches: [
+        "main"
+      ]
+    },
+    {
+      // Images that directly use docker.io/library/golang for building.
+      "groupName": "golang-images",
+      "matchFiles": [
+        "Dockerfile",
+        "Makefile"
+      ]
+    },
+    {
+      "matchPackageNames": [
+        "docker.io/library/busybox"
+      ],
+      "matchPaths": [
+        "Dockerfile"
+      ],
+    },
+    {
+      "groupName": "Go",
+      "matchDepNames": [
+        "go",
+        "docker.io/library/golang"
+      ],
+      "schedule": [
+        "on friday"
+      ]
+    },
+    {
+      // Group golangci-lint updates to overrule grouping of version updates in the GHA files.
+      // Without this, golangci-lint updates are not in sync for GHA files and other usages.
+      "groupName": "golangci-lint",
+      "matchDepNames": [
+        "golangci/golangci-lint"
+      ]
+    }
+  ],
+  "regexManagers": [
+    {
+      "fileMatch": [
+        "^\\.github/workflows/[^/]+\\.yaml$"
+      ],
+      // This regex manages version strings in GitHub actions workflow files,
+      // similar to the examples shown here:
+      //   https://docs.renovatebot.com/modules/manager/regex/#advanced-capture
+      "matchStrings": [
+        "# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)\\s+.+version: (?<currentValue>.*)"
+      ]
+    },
+    {
+     "fileMatch": [
+       "^Makefile$"
+     ],
+     // This regex manages version strings in the Makefile,
+     // similar to the examples shown here:
+     //   https://docs.renovatebot.com/modules/manager/regex/#advanced-capture
+     "matchStrings": [
+       "# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)\\s+.+_VERSION = (?<currentValue>.*)\\s+.+_SHA = (?<currentDigest>sha256:[a-f0-9]+)"
+     ]
+   }
+  ]
+}
diff --git a/.github/workflows/go.yaml b/.github/workflows/go.yaml
index c5e09f0bfc..52f0e7ab2d 100644
--- a/.github/workflows/go.yaml
+++ b/.github/workflows/go.yaml
@@ -21,11 +21,13 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9
       with:
+        # renovate: datasource=golang-version depName=go
         go-version: 1.20.2
 
     - name: Run static checks
       uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5
       with:
+        # renovate: datasource=docker depName=golangci/golangci-lint
         version: v1.52.2
         args: --config=.golangci.yml --verbose
         skip-cache: true
diff --git a/.github/workflows/kind.yaml b/.github/workflows/kind.yaml
index 413e473933..35a28bce3d 100644
--- a/.github/workflows/kind.yaml
+++ b/.github/workflows/kind.yaml
@@ -43,6 +43,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9
         with:
+          # renovate: datasource=golang-version depName=go
           go-version: 1.20.2
 
       - name: Set up Go for root
@@ -252,6 +253,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9
         with:
+          # renovate: datasource=golang-version depName=go
           go-version: 1.20.2
 
       - name: Set up Go for root
diff --git a/.github/workflows/multicluster.yaml b/.github/workflows/multicluster.yaml
index 3d406972c1..6373f1dc56 100644
--- a/.github/workflows/multicluster.yaml
+++ b/.github/workflows/multicluster.yaml
@@ -83,6 +83,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9
         with:
+          # renovate: datasource=golang-version depName=go
           go-version: 1.20.2
 
       - name: Set up job variables
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 7aef504c37..2b0612e61e 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -18,6 +18,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9
         with:
+          # renovate: datasource=golang-version depName=go
           go-version: 1.20.2
 
       - name: Generate the artifacts
diff --git a/Makefile b/Makefile
index 7e034370e4..8d23b3721a 100644
--- a/Makefile
+++ b/Makefile
@@ -13,7 +13,9 @@ TEST_TIMEOUT ?= 5s
 RELEASE_UID ?= $(shell id -u)
 RELEASE_GID ?= $(shell id -g)
 
+# renovate: datasource=docker depName=golangci/golangci-lint
 GOLANGCILINT_WANT_VERSION = 1.52.2
+GOLANGCILINT_IMAGE_SHA = sha256:3d2f4240905054c7efa7f4e98ba145c12a16995bbc3e605300e21400a1665cb6
 GOLANGCILINT_VERSION = $(shell golangci-lint version 2>/dev/null)
 
 $(TARGET):