Configure renovate updates for more docker images (#3700)

* Configure renovate for terraform linters

* Build

* Configure renovate for protobuf linters

* Uniformize other version variable names and newlines

* Build

* Configure renovate for dockerfile linters

* Configure renovate for kubernetes linters

* Configure renovate for action linters

* Build

* Configure renovate for some repository linters

* Build

* Configure renovate for SPELL_VALE

* Build

Dockerfile

@@ -11,52 +11,66 @@
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #ARGTOP__START
+# renovate: datasource=docker depName=rhysd/actionlint
+ARG ACTION_ACTIONLINT_VERSION=1.7.1
+# renovate: datasource=docker depName=koalaman/shellcheck
+ARG BASH_SHELLCHECK_VERSION=v0.10.0
+# renovate: datasource=docker depName=hadolint/hadolint
+ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine
 # renovate: datasource=docker depName=mstruebing/editorconfig-checker
-ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1
-
+ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1
+# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform
+ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine
+# renovate: datasource=docker depName=yoheimuta/protolint
+ARG PROTOBUF_PROTOLINT_VERSION=0.49.8
 # renovate: datasource=docker depName=zricethezav/gitleaks
-ARG GITLEAKS_VERSION=v8.18.4
-
+ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4
+# renovate: datasource=docker depName=checkmarx/kics
+ARG REPOSITORY_KICS_VERSION=v2.1.0-alpine
+# renovate: datasource=docker depName=trufflesecurity/trufflehog 
+ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2
+# renovate: datasource=docker depName=
+ARG SPELL_VALE_VERSION=v3.6.0
 # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint
-ARG TFLINT_VERSION=0.51.1
-
+ARG TERRAFORM_TFLINT_VERSION=0.51.1
+# renovate: datasource=docker depName=alpine/terragrunt
+ARG TERRAFORM_TERRASCAN_VERSION=1.18.11
+# renovate: datasource=docker depName=alpine/terragrunt
+ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5
 #ARGTOP__END
 
 #############################################################################################
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #FROM__START
-FROM rhysd/actionlint:latest as actionlint
+FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint
 # shellcheck is a dependency for actionlint
-
-FROM koalaman/shellcheck:stable as shellcheck
+FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck
 # Next FROM line commented because already managed by another linter
-# FROM koalaman/shellcheck:stable as shellcheck
+# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck
 FROM mvdan/shfmt:latest-alpine as shfmt
-FROM hadolint/hadolint:v2.12.0-alpine as hadolint
-FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker
+FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint
+FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker
 FROM golang:1-alpine as revive
 ## The golang image used as a builder is a temporary workaround (https://github.com/mgechev/revive/issues/787)
 ## for the released revive binaries not returning version numbers (devel). 
 ## The install command should then be what is commented in the go.megalinter-descriptor.yml
 RUN GOBIN=/usr/bin go install github.com/mgechev/revive@latest
-
-FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform
+FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform
 FROM ghcr.io/assignuser/chktex-alpine:latest as chktex
-FROM yoheimuta/protolint:latest as protolint
+FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint
 FROM golang:alpine as dustilock
 RUN GOBIN=/usr/bin go install github.com/checkmarx/[email protected]
-
-FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks
-FROM checkmarx/kics:alpine as kics
-FROM trufflesecurity/trufflehog:latest as trufflehog
-FROM jdkato/vale:latest as vale
+FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks
+FROM checkmarx/kics:${REPOSITORY_KICS_VERSION} as kics
+FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog
+FROM jdkato/vale:${SPELL_VALE_VERSION} as vale
 FROM lycheeverse/lychee:latest-alpine as lychee
-FROM ghcr.io/terraform-linters/tflint:v${TFLINT_VERSION} as tflint
-FROM tenable/terrascan:1.18.11 as terrascan
-FROM alpine/terragrunt:latest as terragrunt
+FROM ghcr.io/terraform-linters/tflint:v${TERRAFORM_TFLINT_VERSION} as tflint
+FROM tenable/terrascan:${TERRAFORM_TERRASCAN_VERSION} as terrascan
+FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt
 # Next FROM line commented because already managed by another linter
-# FROM alpine/terragrunt:latest as terragrunt
+# FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt
 #FROM__END
 
 ##################
@@ -332,7 +346,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \
 COPY --from=composer/composer:2-bin /composer /usr/bin/composer
 COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint
 # shellcheck is a dependency for actionlint
-
 COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck
 # Next COPY line commented because already managed by another linter
 # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck

flavors/c_cpp/Dockerfile

@@ -12,32 +12,43 @@
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #ARGTOP__START
+# renovate: datasource=docker depName=rhysd/actionlint
+ARG ACTION_ACTIONLINT_VERSION=1.7.1
+# renovate: datasource=docker depName=koalaman/shellcheck
+ARG BASH_SHELLCHECK_VERSION=v0.10.0
+# renovate: datasource=docker depName=hadolint/hadolint
+ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine
 # renovate: datasource=docker depName=mstruebing/editorconfig-checker
-ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1
-
+ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1
+# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform
+ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine
+# renovate: datasource=docker depName=yoheimuta/protolint
+ARG PROTOBUF_PROTOLINT_VERSION=0.49.8
 # renovate: datasource=docker depName=zricethezav/gitleaks
-ARG GITLEAKS_VERSION=v8.18.4
-
+ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4
+# renovate: datasource=docker depName=trufflesecurity/trufflehog 
+ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2
+# renovate: datasource=docker depName=
+ARG SPELL_VALE_VERSION=v3.6.0
 #ARGTOP__END
 
 #############################################################################################
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #FROM__START
-FROM rhysd/actionlint:latest as actionlint
+FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint
 # shellcheck is a dependency for actionlint
-
-FROM koalaman/shellcheck:stable as shellcheck
+FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck
 # Next FROM line commented because already managed by another linter
-# FROM koalaman/shellcheck:stable as shellcheck
+# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck
 FROM mvdan/shfmt:latest-alpine as shfmt
-FROM hadolint/hadolint:v2.12.0-alpine as hadolint
-FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker
-FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform
-FROM yoheimuta/protolint:latest as protolint
-FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks
-FROM trufflesecurity/trufflehog:latest as trufflehog
-FROM jdkato/vale:latest as vale
+FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint
+FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker
+FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform
+FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint
+FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks
+FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog
+FROM jdkato/vale:${SPELL_VALE_VERSION} as vale
 FROM lycheeverse/lychee:latest-alpine as lychee
 #FROM__END
 
@@ -217,7 +228,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \
 #COPY__START
 COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint
 # shellcheck is a dependency for actionlint
-
 COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck
 # Next COPY line commented because already managed by another linter
 # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck

flavors/ci_light/Dockerfile

@@ -12,20 +12,25 @@
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #ARGTOP__START
+# renovate: datasource=docker depName=koalaman/shellcheck
+ARG BASH_SHELLCHECK_VERSION=v0.10.0
+# renovate: datasource=docker depName=hadolint/hadolint
+ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine
 # renovate: datasource=docker depName=zricethezav/gitleaks
-ARG GITLEAKS_VERSION=v8.18.4
-
+ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4
+# renovate: datasource=docker depName=trufflesecurity/trufflehog 
+ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2
 #ARGTOP__END
 
 #############################################################################################
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #FROM__START
-FROM koalaman/shellcheck:stable as shellcheck
+FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck
 FROM mvdan/shfmt:latest-alpine as shfmt
-FROM hadolint/hadolint:v2.12.0-alpine as hadolint
-FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks
-FROM trufflesecurity/trufflehog:latest as trufflehog
+FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint
+FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks
+FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog
 #FROM__END
 
 ##################

flavors/cupcake/Dockerfile

@@ -12,46 +12,57 @@
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #ARGTOP__START
+# renovate: datasource=docker depName=rhysd/actionlint
+ARG ACTION_ACTIONLINT_VERSION=1.7.1
+# renovate: datasource=docker depName=koalaman/shellcheck
+ARG BASH_SHELLCHECK_VERSION=v0.10.0
+# renovate: datasource=docker depName=hadolint/hadolint
+ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine
 # renovate: datasource=docker depName=mstruebing/editorconfig-checker
-ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1
-
+ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1
+# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform
+ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine
 # renovate: datasource=docker depName=zricethezav/gitleaks
-ARG GITLEAKS_VERSION=v8.18.4
-
+ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4
+# renovate: datasource=docker depName=checkmarx/kics
+ARG REPOSITORY_KICS_VERSION=v2.1.0-alpine
+# renovate: datasource=docker depName=trufflesecurity/trufflehog 
+ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2
 # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint
-ARG TFLINT_VERSION=0.51.1
-
+ARG TERRAFORM_TFLINT_VERSION=0.51.1
+# renovate: datasource=docker depName=alpine/terragrunt
+ARG TERRAFORM_TERRASCAN_VERSION=1.18.11
+# renovate: datasource=docker depName=alpine/terragrunt
+ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5
 #ARGTOP__END
 
 #############################################################################################
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #FROM__START
-FROM rhysd/actionlint:latest as actionlint
+FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint
 # shellcheck is a dependency for actionlint
-
-FROM koalaman/shellcheck:stable as shellcheck
+FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck
 # Next FROM line commented because already managed by another linter
-# FROM koalaman/shellcheck:stable as shellcheck
+# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck
 FROM mvdan/shfmt:latest-alpine as shfmt
-FROM hadolint/hadolint:v2.12.0-alpine as hadolint
-FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker
+FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint
+FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker
 FROM golang:1-alpine as revive
 ## The golang image used as a builder is a temporary workaround (https://github.com/mgechev/revive/issues/787)
 ## for the released revive binaries not returning version numbers (devel). 
 ## The install command should then be what is commented in the go.megalinter-descriptor.yml
 RUN GOBIN=/usr/bin go install github.com/mgechev/revive@latest
-
-FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform
-FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks
-FROM checkmarx/kics:alpine as kics
-FROM trufflesecurity/trufflehog:latest as trufflehog
+FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform
+FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks
+FROM checkmarx/kics:${REPOSITORY_KICS_VERSION} as kics
+FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog
 FROM lycheeverse/lychee:latest-alpine as lychee
-FROM ghcr.io/terraform-linters/tflint:v${TFLINT_VERSION} as tflint
-FROM tenable/terrascan:1.18.11 as terrascan
-FROM alpine/terragrunt:latest as terragrunt
+FROM ghcr.io/terraform-linters/tflint:v${TERRAFORM_TFLINT_VERSION} as tflint
+FROM tenable/terrascan:${TERRAFORM_TERRASCAN_VERSION} as terrascan
+FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt
 # Next FROM line commented because already managed by another linter
-# FROM alpine/terragrunt:latest as terragrunt
+# FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt
 #FROM__END
 
 ##################
@@ -286,7 +297,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \
 COPY --from=composer/composer:2-bin /composer /usr/bin/composer
 COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint
 # shellcheck is a dependency for actionlint
-
 COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck
 # Next COPY line commented because already managed by another linter
 # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck
@@ -463,7 +473,6 @@ RUN wget --quiet https://github.com/pmd/pmd/releases/download/pmd_releases%2F${P
     && ln -s /lib/libc.so.6 /usr/lib/libresolv.so.2 && \
     curl --retry 5 --retry-delay 5 -sLv https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash -s -- -v v2.9.0
 
-
 # phpcs installation
 RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GITHUB_TOKEN)" && export GITHUB_AUTH_TOKEN && composer global require squizlabs/php_codesniffer bartlett/sarif-php-sdk
 

flavors/documentation/Dockerfile

@@ -12,32 +12,43 @@
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #ARGTOP__START
+# renovate: datasource=docker depName=rhysd/actionlint
+ARG ACTION_ACTIONLINT_VERSION=1.7.1
+# renovate: datasource=docker depName=koalaman/shellcheck
+ARG BASH_SHELLCHECK_VERSION=v0.10.0
+# renovate: datasource=docker depName=hadolint/hadolint
+ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine
 # renovate: datasource=docker depName=mstruebing/editorconfig-checker
-ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1
-
+ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1
+# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform
+ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine
+# renovate: datasource=docker depName=yoheimuta/protolint
+ARG PROTOBUF_PROTOLINT_VERSION=0.49.8
 # renovate: datasource=docker depName=zricethezav/gitleaks
-ARG GITLEAKS_VERSION=v8.18.4
-
+ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4
+# renovate: datasource=docker depName=trufflesecurity/trufflehog 
+ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2
+# renovate: datasource=docker depName=
+ARG SPELL_VALE_VERSION=v3.6.0
 #ARGTOP__END
 
 #############################################################################################
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #FROM__START
-FROM rhysd/actionlint:latest as actionlint
+FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint
 # shellcheck is a dependency for actionlint
-
-FROM koalaman/shellcheck:stable as shellcheck
+FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck
 # Next FROM line commented because already managed by another linter
-# FROM koalaman/shellcheck:stable as shellcheck
+# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck
 FROM mvdan/shfmt:latest-alpine as shfmt
-FROM hadolint/hadolint:v2.12.0-alpine as hadolint
-FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker
-FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform
-FROM yoheimuta/protolint:latest as protolint
-FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks
-FROM trufflesecurity/trufflehog:latest as trufflehog
-FROM jdkato/vale:latest as vale
+FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint
+FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker
+FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform
+FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint
+FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks
+FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog
+FROM jdkato/vale:${SPELL_VALE_VERSION} as vale
 FROM lycheeverse/lychee:latest-alpine as lychee
 #FROM__END
 
@@ -215,7 +226,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \
 #COPY__START
 COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint
 # shellcheck is a dependency for actionlint
-
 COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck
 # Next COPY line commented because already managed by another linter
 # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck