UNCLASSIFIED - NO CUI

Skip to content

Adding renovate postupgrade tasks

Cody Williams requested to merge renovate_postupgrade into main

Updated Renovate to utilize new postupgrade tasks. Tested using following instructions:

  1. Create repository under user namespace to test renovate tasks (package-test in example) and clone locally
  2. Pull down velero branch (renovate_postupgrade) and place in new local repository rsync -av --exclude=".*" . ~/<BIGBANG_DIR>/package-test
  3. Edit copied chart/Chart.yaml and set appVersion back to some lower value than current. This will allow renovate to act. Also drop the version of any annotations for the same application within the chart file
  4. Commit changes and push to branch under user namespace (package-test)
  5. Attempt to run a Docker container with Renovate and execute the subsequent commands. Modify volume mounts to match local resources for pipeline-templates projects and renovate-runner projects, which must be cloned from their respective repos. renovate-config.js should also be customized with personal account information and placed in an overrides folder
docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock -v ~/bigbang-projects/pipeline-templates/renovate-runner/scripts:/usr/src/app/scripts -v ~/bigbang-projects/overrides/renovate-config.js:/usr/src/app/config.js -v ~/bigbang-projects/pipeline-templates/pipeline-templates/library/templates.sh:/usr/src/app/templates.sh registry1.dso.mil/ironbank/container-hardening-tools/renovate/renovate:32.38.0 bash

export PATH=/usr/src/app/scripts:$PATH

renovate
  1. Validate that an issue was correctly created in your local project, with a related merge request which updated:
  • the chart/Chart.yaml appVersion (performed by renovate)
  • the chart/Chart.yaml Version (match-chart-yaml-appversion)
  • README.md was regenerated (regenerate-helm-docs-postupgrade)
  • CHANGELOG.md should have a new entry stating that the appVersion of the primary resource was updated (bump-changelog)

NOTE: Renovate creates separate tickets for dependency updates and it is not clear at this time how to reduce this, but dependency tickets will not generate changelog entries as that would cause inconsistencies. These additional changes and modifications outside of appversion will still need manual intervention in the reviewer

Merge request reports

Loading