add docker build

Dockerfile

+ARG BASE_REGISTRY=nexus-docker-secure.levelup-dev.io
+ARG BASE_IMAGE=opensource/nodejs/nodejs12
+ARG BASE_TAG=12.17.0
+
+FROM renovate/renovate:20.25.3 as builder
+
+FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
+
+LABEL maintainer="cht@dsop.io" \
+      org.opencontainers.image.title="renovate" \
+      org.opencontainers.image.description="Automated dependency updates. Multi-platform and multi-language." \
+      org.opencontainers.image.licenses="AGPL-3.0-only" \
+      org.opencontainers.image.url="https://github.com/renovatebot/renovate" \
+      org.opencontainers.image.version="20.25.3"
+
+USER root
+
+RUN dnf -y update && \
+    dnf install -y python3 git && \
+    dnf clean all && \
+    rm -rf /var/cache/dnf    
+
+COPY --from=builder --chown=1001:0 /usr/src/app ${HOME}
+COPY dist/manager/ironbank ${HOME}/node_modules/renovate/dist/manager/ironbank
+COPY scripts/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+
+RUN ln -s ${HOME}/dist/renovate.js /usr/local/bin/renovate && \
+    { echo ""; echo "const ironbank = __importStar(require(\"./ironbank\"));"; \
+      echo "api.set('ironbank', ironbank);";} >> ${HOME}/node_modules/renovate/dist/manager/api.generated.js
+
+USER 1001
+
+ENTRYPOINT ["docker-entrypoint.sh"]
+CMD ["renovate"]

Jenkinsfile

+@Library('DCCSCR@master') _
+dccscrPipeline(version: "20.25.3")

README.md

@@ -131,7 +131,6 @@ Renovate configurations for the following examples are provided below.
 * [Docker](#docker)
 * [GitHub](#github)
 * [YUM](#yum)
-* [Custom](#custom)
 
 ### <a name="docker"></a>Docker
 
@@ -246,10 +245,6 @@ Renovate updates the **etcd.greylist** `"image_tag": "3.4.6"` line.
 ]
 ```
 
-### <a name="pypi"></a>PyPi
-
-TODO
-
 ### <a name="yum"></a>YUM
 
 Renovate does not currently support package managers. An open feature request can be found [here](https://github.com/renovatebot/renovate/issues/6188).
@@ -293,10 +288,6 @@ java-11-openjdk-headless-11.0.7.10-1.el8_1.x86_64
 
 3. Write a custom manager that inspects the existing docker image for updates similar to (1). However it must bump something in the repository to create a valid pull request. This could be a CHANGELOG file for example.
 
-### <a name="custom"></a>Custom
-
-TODO
-
 ## Challenges
 
 Automated dependency updates present some challenges.
@@ -308,4 +299,6 @@ Automated dependency updates present some challenges.
 
 2. No datasource for vendor supply chain. Renovate ships with several datasources such as docker, github-releases, and pypi. A vendor may not publish to one of these supported platforms. A custom datasource must be implemented to support fetching release information.
 
-TODO
+## Limitations 
+
+The base image in this repository does not support many of the native Renovate datasources. The image provides support for the minimum feature set required by Ironbank (docker, github-releases).

dist/manager/ironbank/extract.d.ts

+import { PackageFile } from '../common';
+export declare function extractPackageFile(content: string): PackageFile;

dist/manager/ironbank/extract.js

+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.extractPackageFile = void 0;
+const is_1 = __importDefault(require("@sindresorhus/is"));
+const url_1 = require("url");
+const js_yaml_1 = __importDefault(require("js-yaml"));
+const logger_1 = require("../../logger");
+const datasourceDocker = __importStar(require("../../datasource/docker"));
+const datasourceGithubReleases = __importStar(require("../../datasource/github-releases"));
+const dockerVersioning = __importStar(require("../../versioning/docker"));
+function parseUrl(urlString) {
+    // istanbul ignore if
+    if (!urlString) {
+        return null;
+    }
+    const url = url_1.parse(urlString);
+    if (url.host !== 'github.com') {
+        return null;
+    }
+    const path = url.path.split('/').slice(1);
+    const repo = path[0] + '/' + path[1];
+    let currentValue = null;
+    if (path[2] === 'releases' && path[3] === 'download') {
+        currentValue = path[4];
+    }
+    if (path[2] === 'archive') {
+        currentValue = path[3].replace(/\.tar\.gz$/, '');
+    }
+    if (currentValue) {
+        return { repo, currentValue };
+    }
+    // istanbul ignore next
+    return null;
+}
+function extractPackageFile(content) {
+    const deps = [];
+    let download;
+    try {
+        download = js_yaml_1.default.safeLoad(content, { json: true });
+    }
+    catch (err) {
+        logger_1.logger.debug('Failed to parse download.yaml');
+        return null;
+    }
+    if (!(download && is_1.default.array(download.resources))) {
+        logger_1.logger.debug('download.yaml has no dependencies');
+        return null;
+    }
+    for (const item of download.resources) {
+        const dep = { managerData: { item } };
+        if (item.url) {
+            // docker
+            if (item.url.startsWith('docker://')) {
+                const [currentDepTag, currentDigest] = item.url.split('@');
+                const [lookupName, currentValue] = item.tag.split(':');
+                dep.depType = 'ironbank-docker';
+                dep.depName = lookupName;
+                dep.datasource = datasourceDocker.id;
+                dep.versioning = dockerVersioning.id;
+                dep.lookupName = lookupName;
+                dep.currentDigest = currentDigest;
+                dep.currentValue = currentValue;
+                deps.push(dep);
+            }
+            // github-releases
+            else if (item.url.includes('github.com')) {
+                const parsedUrl = parseUrl(item.url);
+                dep.depType = 'ironbank-github';
+                dep.depName = parsedUrl.repo;
+                dep.repo = parsedUrl.repo;
+                dep.currentValue = parsedUrl.currentValue;
+                dep.datasource = datasourceGithubReleases.id;
+                dep.lookupName = dep.repo;
+                deps.push(dep);
+            }
+        }
+    }
+    if (!deps.length) {
+        return null;
+    }
+    return { deps };
+}
+exports.extractPackageFile = extractPackageFile;
+//# sourceMappingURL=extract.js.map
\ No newline at end of file

dist/manager/ironbank/extract.js.map

+{"version":3,"file":"extract.js","sourceRoot":"","sources":["../../../lib/manager/ironbank/extract.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0DAAkC;AAClC,6BAAsC;AACtC,sDAA2B;AAC3B,yCAAsC;AAEtC,0EAA4D;AAC5D,2FAA6E;AAC7E,0EAA4D;AAO5D,SAAS,QAAQ,CAAC,SAAiB;IACjC,qBAAqB;IACrB,IAAI,CAAC,SAAS,EAAE;QACd,OAAO,IAAI,CAAC;KACb;IACD,MAAM,GAAG,GAAG,WAAM,CAAC,SAAS,CAAC,CAAC;IAC9B,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE;QAC7B,OAAO,IAAI,CAAC;KACb;IACD,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACrC,IAAI,YAAY,GAAW,IAAI,CAAC;IAChC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,UAAU,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,UAAU,EAAE;QACpD,YAAY,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;KACxB;IACD,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE;QACzB,YAAY,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;KAClD;IACD,IAAI,YAAY,EAAE;QAChB,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC;KAC/B;IACD,uBAAuB;IACvB,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,kBAAkB,CAAC,OAAe;IAChD,MAAM,IAAI,GAAwB,EAAE,CAAC;IACrC,IAAI,QAAQ,CAAC;IAEb,IAAI;QACF,QAAQ,GAAG,iBAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;KACnD;IAAC,OAAO,GAAG,EAAE;QACZ,eAAM,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;QAC9C,OAAO,IAAI,CAAC;KACb;IAED,IAAI,CAAC,CAAC,QAAQ,IAAI,YAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE;QAC/C,eAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;QAClD,OAAO,IAAI,CAAC;KACb;IAED,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,SAAS,EAAE;QACrC,MAAM,GAAG,GAAsB,EAAE,WAAW,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC;QACzD,IAAI,IAAI,CAAC,GAAG,EAAE;YACZ,SAAS;YACT,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE;gBACpC,MAAM,CAAC,aAAa,EAAE,aAAa,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC3D,MAAM,CAAC,UAAU,EAAE,YAAY,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACvD,GAAG,CAAC,OAAO,GAAG,iBAAiB,CAAC;gBAChC,GAAG,CAAC,OAAO,GAAG,UAAU,CAAC;gBACzB,GAAG,CAAC,UAAU,GAAG,gBAAgB,CAAC,EAAE,CAAC;gBACrC,GAAG,CAAC,UAAU,GAAG,gBAAgB,CAAC,EAAE,CAAC;gBACrC,GAAG,CAAC,UAAU,GAAG,UAAU,CAAC;gBAC5B,GAAG,CAAC,aAAa,GAAG,aAAa,CAAC;gBAClC,GAAG,CAAC,YAAY,GAAG,YAAY,CAAC;gBAChC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;aAChB;YACD,kBAAkB;iBACb,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE;gBACxC,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACrC,GAAG,CAAC,OAAO,GAAG,iBAAiB,CAAC;gBAChC,GAAG,CAAC,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC;gBAC7B,GAAG,CAAC,IAAI,GAAG,SAAS,CAAC,IAAI,CAAC;gBAC1B,GAAG,CAAC,YAAY,GAAG,SAAS,CAAC,YAAY,CAAC;gBAC1C,GAAG,CAAC,UAAU,GAAG,wBAAwB,CAAC,EAAE,CAAC;gBAC7C,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC,IAAI,CAAC;gBAC1B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;aAChB;SACF;KACF;IAED,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;QAChB,OAAO,IAAI,CAAC;KACb;IACD,OAAO,EAAE,IAAI,EAAE,CAAC;AAClB,CAAC;AAlDD,gDAkDC","sourcesContent":["import is from '@sindresorhus/is';\nimport { parse as _parse } from 'url';\nimport yaml from 'js-yaml';\nimport { logger } from '../../logger';\nimport { PackageDependency, PackageFile } from '../common';\nimport * as datasourceDocker from '../../datasource/docker';\nimport * as datasourceGithubReleases from '../../datasource/github-releases';\nimport * as dockerVersioning from '../../versioning/docker';\n\ninterface UrlParsedResult {\n  repo: string;\n  currentValue: string;\n}\n\nfunction parseUrl(urlString: string): UrlParsedResult | null {\n  // istanbul ignore if\n  if (!urlString) {\n    return null;\n  }\n  const url = _parse(urlString);\n  if (url.host !== 'github.com') {\n    return null;\n  }\n  const path = url.path.split('/').slice(1);\n  const repo = path[0] + '/' + path[1];\n  let currentValue: string = null;\n  if (path[2] === 'releases' && path[3] === 'download') {\n    currentValue = path[4];\n  }\n  if (path[2] === 'archive') {\n    currentValue = path[3].replace(/\\.tar\\.gz$/, '');\n  }\n  if (currentValue) {\n    return { repo, currentValue };\n  }\n  // istanbul ignore next\n  return null;\n}\n\nexport function extractPackageFile(content: string): PackageFile {\n  const deps: PackageDependency[] = [];\n  let download;\n\n  try {\n    download = yaml.safeLoad(content, { json: true });\n  } catch (err) {\n    logger.debug('Failed to parse download.yaml');\n    return null;\n  }\n\n  if (!(download && is.array(download.resources))) {\n    logger.debug('download.yaml has no dependencies');\n    return null;\n  }\n\n  for (const item of download.resources) {\n    const dep: PackageDependency = { managerData: { item } };\n    if (item.url) {\n      // docker\n      if (item.url.startsWith('docker://')) {\n        const [currentDepTag, currentDigest] = item.url.split('@');\n        const [lookupName, currentValue] = item.tag.split(':');\n        dep.depType = 'ironbank-docker';\n        dep.depName = lookupName;\n        dep.datasource = datasourceDocker.id;\n        dep.versioning = dockerVersioning.id;\n        dep.lookupName = lookupName;\n        dep.currentDigest = currentDigest;\n        dep.currentValue = currentValue;\n        deps.push(dep);\n      }\n      // github-releases\n      else if (item.url.includes('github.com')) {\n        const parsedUrl = parseUrl(item.url);\n        dep.depType = 'ironbank-github';\n        dep.depName = parsedUrl.repo;\n        dep.repo = parsedUrl.repo;\n        dep.currentValue = parsedUrl.currentValue;\n        dep.datasource = datasourceGithubReleases.id;\n        dep.lookupName = dep.repo;\n        deps.push(dep);\n      }\n    }\n  }\n\n  if (!deps.length) {\n    return null;\n  }\n  return { deps };\n}\n"]}
\ No newline at end of file

dist/manager/ironbank/index.d.ts

+import { extractPackageFile } from './extract';
+import { updateDependency } from './update';
+export { extractPackageFile, updateDependency };
+export declare const defaultConfig: {
+    fileMatch: string[];
+};

dist/manager/ironbank/index.js

+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.defaultConfig = exports.updateDependency = exports.extractPackageFile = void 0;
+const extract_1 = require("./extract");
+Object.defineProperty(exports, "extractPackageFile", { enumerable: true, get: function () { return extract_1.extractPackageFile; } });
+const update_1 = require("./update");
+Object.defineProperty(exports, "updateDependency", { enumerable: true, get: function () { return update_1.updateDependency; } });
+exports.defaultConfig = {
+    fileMatch: ['(^|/)download.yaml$'],
+};
+//# sourceMappingURL=index.js.map
\ No newline at end of file

dist/manager/ironbank/index.js.map

+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../lib/manager/ironbank/index.ts"],"names":[],"mappings":";;;AAAA,uCAA+C;AAGtC,mGAHA,4BAAkB,OAGA;AAF3B,qCAA4C;AAEf,iGAFpB,yBAAgB,OAEoB;AAEhC,QAAA,aAAa,GAAG;IAC3B,SAAS,EAAE,CAAC,qBAAqB,CAAC;CACnC,CAAC","sourcesContent":["import { extractPackageFile } from './extract';\nimport { updateDependency } from './update';\n\nexport { extractPackageFile, updateDependency };\n\nexport const defaultConfig = {\n  fileMatch: ['(^|/)download.yaml$'],\n};\n"]}
\ No newline at end of file

dist/manager/ironbank/update.d.ts

+import { UpdateDependencyConfig } from '../common';
+export declare function updateDependency({ fileContent, upgrade, }: UpdateDependencyConfig): Promise<string | null>;

dist/manager/ironbank/update.js

+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.updateDependency = void 0;
+const hasha_1 = require("hasha");
+const logger_1 = require("../../logger");
+const http_1 = require("../../util/http");
+const url_1 = require("url");
+const path_1 = __importDefault(require("path"));
+const http = new http_1.Http('ironbank');
+async function getHashFromFile(url, filename) {
+    logger_1.logger.debug("getHashFromFile: " + url + " " + filename);
+    try {
+        const result = await http.get(url);
+        if (result.body) {
+            const regex = '(?<hash>[A-Fa-f0-9]{64})\\s+' + filename.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+            const groups = result.body.match(regex).groups;
+            if (groups) {
+                return groups.hash;
+            }
+        }
+        return null;
+    }
+    catch (err) /* istanbul ignore next */ {
+        return null;
+    }
+}
+async function getHashFromUrl(url) {
+    try {
+        const parsedUrl = url_1.parse(url);
+        const filename = path_1.default.basename(parsedUrl.pathname);
+        let hash;
+        hash = await getHashFromFile(filename + '.sha256', filename);
+        if (hash) {
+            return hash;
+        }
+        hash = await getHashFromFile(url.replace(filename, 'SHA256SUMS'), filename);
+        if (hash) {
+            return hash;
+        }
+        hash = await hasha_1.fromStream(http.stream(url), {
+            algorithm: 'sha256',
+        });
+        return hash;
+    }
+    catch (err) /* istanbul ignore next */ {
+        return null;
+    }
+}
+async function updateDependency({ fileContent, upgrade, }) {
+    if (upgrade.depType === 'ironbank-docker') {
+        const oldTag = upgrade.lookupName + ':' + upgrade.currentValue;
+        const newTag = upgrade.lookupName + ':' + upgrade.newValue;
+        let newContent = fileContent.replace(upgrade.currentDigest, upgrade.newDigest);
+        return newContent.replace(oldTag, newTag);
+    }
+    else if (upgrade.depType === 'ironbank-github' &&
+        upgrade.currentValue &&
+        upgrade.newValue) {
+        const currentValue = upgrade.currentValue.replace(/^v/, '');
+        const newValue = upgrade.newValue.replace(/^v/, '');
+        const oldUrl = upgrade.managerData.item.url;
+        const newUrl = oldUrl.replace(new RegExp(currentValue, 'g'), newValue);
+        const hash = await getHashFromUrl(newUrl);
+        let newContent = fileContent;
+        if (hash) {
+            newContent = newContent.replace(upgrade.managerData.item.validation.value, hash);
+        }
+        return newContent.replace(oldUrl, newUrl);
+    }
+    return null;
+}
+exports.updateDependency = updateDependency;
+//# sourceMappingURL=update.js.map
\ No newline at end of file

dist/manager/ironbank/update.js.map

+{"version":3,"file":"update.js","sourceRoot":"","sources":["../../../lib/manager/ironbank/update.ts"],"names":[],"mappings":";;;;;;AAAA,iCAAmC;AACnC,yCAAsC;AACtC,0CAAuC;AAEvC,6BAAsC;AACtC,gDAAwB;AAExB,MAAM,IAAI,GAAG,IAAI,WAAI,CAAC,UAAU,CAAC,CAAC;AAElC,KAAK,UAAU,eAAe,CAAC,GAAW,EAAE,QAAgB;IAC1D,eAAM,CAAC,KAAK,CAAC,mBAAmB,GAAG,GAAG,GAAG,GAAG,GAAG,QAAQ,CAAC,CAAC;IACzD,IAAI;QACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,MAAM,CAAC,IAAI,EAAE;YACf,MAAM,KAAK,GAAG,8BAA8B,GAAG,QAAQ,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;YAC/F,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;YAC/C,IAAI,MAAM,EAAE;gBACV,OAAO,MAAM,CAAC,IAAI,CAAC;aACpB;SACF;QACD,OAAO,IAAI,CAAC;KACb;IAAC,OAAO,GAAG,EAAE,0BAA0B,CAAC;QACvC,OAAO,IAAI,CAAC;KACb;AACH,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,GAAW;IACvC,IAAI;QACF,MAAM,SAAS,GAAG,WAAM,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,QAAQ,GAAG,cAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAEnD,IAAI,IAAI,CAAC;QACT,IAAI,GAAG,MAAM,eAAe,CAAC,QAAQ,GAAG,SAAS,EAAE,QAAQ,CAAC,CAAC;QAC7D,IAAI,IAAI,EAAE;YACR,OAAO,IAAI,CAAC;SACb;QACD,IAAI,GAAG,MAAM,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,YAAY,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC5E,IAAI,IAAI,EAAE;YACR,OAAO,IAAI,CAAC;SACb;QACD,IAAI,GAAG,MAAM,kBAAU,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;YACxC,SAAS,EAAE,QAAQ;SACpB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;KACb;IAAC,OAAO,GAAG,EAAE,0BAA0B,CAAC;QACvC,OAAO,IAAI,CAAC;KACb;AACH,CAAC;AAEM,KAAK,UAAU,gBAAgB,CAAC,EACrC,WAAW,EACX,OAAO,GACgB;IAEvB,IAAI,OAAO,CAAC,OAAO,KAAK,iBAAiB,EAAE;QACzC,MAAM,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC;QAC/D,MAAM,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC;QAC3D,IAAI,UAAU,GAAG,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;QAC/E,OAAO,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC3C;SAAM,IACL,OAAO,CAAC,OAAO,KAAK,iBAAiB;QACrC,OAAO,CAAC,YAAY;QACpB,OAAO,CAAC,QAAQ,EAChB;QACA,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC5D,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACpD,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC;QAC5C,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,YAAY,EAAE,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC;QACvE,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;QAC1C,IAAI,UAAU,GAAG,WAAW,CAAC;QAC7B,IAAI,IAAI,EAAE;YACR,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;SAClF;QACD,OAAO,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC3C;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AA5BD,4CA4BC","sourcesContent":["import { fromStream } from 'hasha';\nimport { logger } from '../../logger';\nimport { Http } from '../../util/http';\nimport { UpdateDependencyConfig } from '../common';\nimport { parse as _parse } from 'url';\nimport path from 'path';\n\nconst http = new Http('ironbank');\n\nasync function getHashFromFile(url: string, filename: string) : Promise<string | null> {\n  logger.debug(\"getHashFromFile: \" + url + \" \" + filename);\n  try {\n    const result = await http.get(url);\n    if (result.body) {\n      const regex = '(?<hash>[A-Fa-f0-9]{64})\\\\s+' + filename.replace(/[.*+?^${}()|[\\]\\\\]/g, '\\\\$&');\n      const groups = result.body.match(regex).groups;\n      if (groups) {\n        return groups.hash;\n      }\n    }\n    return null;\n  } catch (err) /* istanbul ignore next */ {\n    return null;\n  }\n}\n\nasync function getHashFromUrl(url: string): Promise<string | null> {\n  try {\n    const parsedUrl = _parse(url);\n    const filename = path.basename(parsedUrl.pathname);\n\n    let hash;\n    hash = await getHashFromFile(filename + '.sha256', filename);\n    if (hash) {\n      return hash;\n    }\n    hash = await getHashFromFile(url.replace(filename, 'SHA256SUMS'), filename);\n    if (hash) {\n      return hash;\n    }\n    hash = await fromStream(http.stream(url), {\n      algorithm: 'sha256',\n    });\n    return hash;\n  } catch (err) /* istanbul ignore next */ {\n    return null;\n  }\n}\n\nexport async function updateDependency({\n  fileContent,\n  upgrade,\n}: UpdateDependencyConfig): Promise<string | null> {\n\n  if (upgrade.depType === 'ironbank-docker') {\n    const oldTag = upgrade.lookupName + ':' + upgrade.currentValue;\n    const newTag = upgrade.lookupName + ':' + upgrade.newValue;\n    let newContent = fileContent.replace(upgrade.currentDigest, upgrade.newDigest);\n    return newContent.replace(oldTag, newTag);\n  } else if (\n    upgrade.depType === 'ironbank-github' &&\n    upgrade.currentValue &&\n    upgrade.newValue\n  ) {\n    const currentValue = upgrade.currentValue.replace(/^v/, '');\n    const newValue = upgrade.newValue.replace(/^v/, '');\n    const oldUrl = upgrade.managerData.item.url;\n    const newUrl = oldUrl.replace(new RegExp(currentValue, 'g'), newValue);\n    const hash = await getHashFromUrl(newUrl);\n    let newContent = fileContent;\n    if (hash) {\n      newContent = newContent.replace(upgrade.managerData.item.validation.value, hash);\n    }\n    return newContent.replace(oldUrl, newUrl);\n  }\n\n  return null;\n}\n"]}
\ No newline at end of file

download.yaml

+resources:
+  - url: "docker://docker.io/renovate/renovate@sha256:b32ea00daf17c06208f874dbda08806191ecd72938b4e2d5d1627ea16c429df5"
+    tag: "renovate/renovate:20.25.3"

scripts/docker-entrypoint.sh

+#!/bin/bash
+
+if [[ -f "${BASH_ENV}" ]]; then
+  . $BASH_ENV
+fi
+
+if [[ "${1:0:1}" = '-' ]]; then
+  # assume $1 is renovate flag
+  set -- renovate "$@"
+fi
+
+if [[ ! -x "$(command -v ${1})" ]]; then
+  # assume $1 is a repo
+  set -- renovate "$@"
+fi
+
+exec "$@"

[jenkins-gitlab]

Pipeline Status: ABORTED
ABORTED Stage: Stage Artifacts
Branch: add-docker-build

graph LR
  0([setup]):::INTERNAL_SUCCESS --> 1([Import Artifacts]):::SUCCESS --> 2((/)):::INTERNAL_SUCCESS --> 3([Stage Artifacts]):::ABORTED --> 4((/)):::INTERNAL_NOT_BUILT --> 5([Build]):::NOT_BUILT --> 6([Publish, Scan & Report]):::INTERNAL_NOT_BUILT

classDef SUCCESS font-size:10px
classDef FAILURE fill:#f44, font-size:10px
classDef SKIPPED font-size:10px
classDef ABORTED fill:#889, font-size:10px
classDef INTERNAL_SUCCESS font-size:10px, stroke-dasharray: 2, 1
classDef INTERNAL_FAILURE fill:#f44, font-size:10px, stroke-dasharray: 2, 1
classDef INTERNAL_SKIPPED font-size:10px, stroke-dasharray: 2, 1
classDef INTERNAL_ABORTED fill:#889, font-size:10px, stroke-dasharray: 2, 1

[jenkins-gitlab]

Pipeline Status: ABORTED
ABORTED Stage: Stage Artifacts
Branch: add-docker-build

graph LR
  0([setup]):::INTERNAL_SUCCESS --> 1([Import Artifacts]):::SUCCESS --> 2((/)):::INTERNAL_SUCCESS --> 3([Stage Artifacts]):::ABORTED --> 4((/)):::INTERNAL_NOT_BUILT --> 5([Build]):::NOT_BUILT --> 6([Publish, Scan & Report]):::INTERNAL_NOT_BUILT

classDef SUCCESS font-size:10px
classDef FAILURE fill:#f44, font-size:10px
classDef SKIPPED font-size:10px
classDef ABORTED fill:#889, font-size:10px
classDef INTERNAL_SUCCESS font-size:10px, stroke-dasharray: 2, 1
classDef INTERNAL_FAILURE fill:#f44, font-size:10px, stroke-dasharray: 2, 1
classDef INTERNAL_SKIPPED font-size:10px, stroke-dasharray: 2, 1
classDef INTERNAL_ABORTED fill:#889, font-size:10px, stroke-dasharray: 2, 1