UNCLASSIFIED - NO CUI

Skip to content

updating renovate CI

Cody Williams requested to merge renovate_postupgrade into main

Updated Renovate to utilize new postupgrade tasks. Tested using following instructions:

  1. Create repository under user namespace to test renovate tasks (package-test in example) and clone locally
  2. Pull down project branch (renovate_postupgrade) and place in new local repository rsync -av --exclude=".*" . ~/<BIGBANG_DIR>/package-test
  3. Edit copied chart/Chart.yaml and set appVersion back to some lower value than current. This will allow renovate to act. Also drop the version of any annotations for the same application within the chart file
  4. Commit changes and push to branch under user namespace (package-test)
  5. Attempt to run a Docker container with Renovate and execute the subsequent commands. Modify volume mounts to match local resources for pipeline-templates projects and renovate-runner projects, which must be cloned from their respective repos. renovate-config.js should also be customized with personal account information and placed in an overrides folder
# start container
docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock -v ~/bigbang-projects/pipeline-templates/renovate-runner/scripts:/usr/src/app/scripts -v ~/bigbang-projects/overrides/renovate-config.js:/usr/src/app/config.js -v ~/bigbang-projects/pipeline-templates/pipeline-templates/library/templates.sh:/usr/src/app/templates.sh registry1.dso.mil/ironbank/container-hardening-tools/renovate/renovate:32.38.0 bash

# these steps emulate renovate:on-schedule job
PIPELINE_REPO_BRANCH="master"
PIPELINE_REPO="https://repo1.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates.git"
PIPELINE_REPO_DESTINATION="pipeline-scripts"
CI_PROJECT_DIR="/usr/src/app"
git clone -b ${PIPELINE_REPO_BRANCH} ${PIPELINE_REPO} ${PIPELINE_REPO_DESTINATION}
source ${PIPELINE_REPO_DESTINATION}/library/templates.sh
export PATH=/usr/src/app/scripts:$PATH
cd $CI_PROJECT_DIR/scripts
renovate_download_external_deps
cd $CI_PROJECT_DIR

# kick off renovate
renovate
  1. Validate that an issue was correctly created in your local project, with a related merge request which updated:
  • the chart/Chart.yaml Version (bump-chart-yaml)
  • README.md was regenerated (regenerate-helm-docs)
  • CHANGELOG.md should have a new entry stating that the version of the primary resource was updated (bump-changelog)

NOTE: Renovate creates separate tickets for dependency updates and it is not clear at this time how to reduce this, but dependency tickets will not generate changelog entries as that would cause inconsistencies. These additional changes and modifications outside of appversion will still need manual intervention in the reviewer

Merge request reports