{ "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ "config:recommended", ":preserveSemverRanges", "helpers:pinGitHubActionDigests", ":separateMajorReleases", ":semanticCommitsDisabled", ], "commitMessagePrefix": "deps:", "commitMessageAction": "update", "addLabels": ["dependencies"], "postUpdateOptions": ["gomodTidy", "gomodUpdateImportPaths"], "prConcurrentLimit": 4, "ignorePaths": [ "internal/constellation/helm/charts/cilium/**", "internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/**", "internal/constellation/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/**", "internal/constellation/helm/charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/**", "internal/constellation/helm/charts/edgeless/csi/charts/openstack-cinder-csi/**", "operators/constellation-node-operator/config/manager/kustomization.yaml", ], "ignoreDeps": ["github.com/edgelesssys/constellation/v2"], // Rules for changing renovates behaviour for different packages. // The documentation for configuration options can be found here: // https://docs.renovatebot.com/configuration-options/ "packageRules": [ { "matchManagers": ["gomod"], "matchDepTypes": ["indirect"], "matchUpdateTypes": [ "minor", "patch", "pin", "pinDigest", "digest", "lockFileMaintenance", "rollback", "bump", ], "enabled": true, "prPriority": -30, }, { // Group update of direct Go dependencies. "groupName": "Go dependencies", "matchManagers": ["gomod"], "matchDepTypes": ["require"], "matchUpdateTypes": [ "bump", "digest", "lockFileMaintenance", "minor", "patch", "pin", "pinDigest", "rollback", ], "schedule": ["before 8am on monday"], }, { // Group update of Terraform dependencies. "groupName": "Terraform dependencies", "matchManagers": ["terraform"], "matchUpdateTypes": [ "bump", "digest", "lockFileMaintenance", "minor", "patch", "pin", "pinDigest", "rollback", ], "schedule": ["before 8am on wednesday"], }, { "matchManagers": ["bazelisk", "bazel", "bazel-module"], "matchDepNames": ["bazel", "io_bazel_rules_go", "bazel_gazelle", "rules_go", "gazelle"], "groupName": "bazel (core)", }, { "matchManagers": ["bazel"], "matchDepNames": [ "!bazel", "!io_bazel_rules_go", "!bazel_gazelle", "!rules_go", "!gazelle", ], "groupName": "bazel (plugins)", }, { "matchManagers": ["bazel-module"], "matchDepNames": [ "!bazel", "!io_bazel_rules_go", "!bazel_gazelle", "!rules_go", "!gazelle", ], "groupName": "bazel (modules)", }, { "matchDatasources": ["golang-version"], "allowedVersions": "1.23", }, { "matchManagers": ["pip_requirements"], "groupName": "Python dependencies", }, { "matchManagers": ["github-actions"], "groupName": "GitHub action dependencies", "matchUpdateTypes": [ "major", "minor", "patch", "pin", "pinDigest", "digest", "lockFileMaintenance", "rollback", "bump", ], "schedule": ["before 8am on tuesday"], }, { "matchDepNames": ["kubernetes/kubernetes"], // example match: v1.2.3 (1.2 -> compatibility, 3 -> patch) "versioning": "regex:^(?v?\\d+\\.\\d+\\.)(?\\d+)$", "groupName": "Kubernetes versions", "prPriority": 15, }, { "matchDepNames": [ "registry.k8s.io/provider-aws/cloud-controller-manager", ], // example match: v1.2.3 (1.2 -> compatibility, 3 -> patch) "versioning": "regex:^(?v?\\d+\\.\\d+\\.)(?\\d+)$", "groupName": "K8s constrained AWS versions", "prPriority": 15, }, { "matchDepNames": [ "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager", "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager", ], // example match: v1.2.3 (1.2 -> compatibility, 3 -> patch) "versioning": "regex:^(?v?\\d+\\.\\d+\\.)(?\\d+)$", "groupName": "K8s constrained Azure versions", "prPriority": 15, }, { "matchDepNames": [ "docker.io/k8scloudprovider/openstack-cloud-controller-manager", ], // example match: v1.2.3 (1.2 -> compatibility, 3 -> patch) "versioning": "regex:^(?v?\\d+\\.\\d+\\.)(?\\d+)$", "groupName": "K8s constrained OpenStack versions", "prPriority": 15, }, { "matchDepNames": ["registry.k8s.io/autoscaling/cluster-autoscaler"], // example match: v1.2.3 (1.2 -> compatibility, 3 -> patch) "versioning": "regex:^(?v?\\d+\\.\\d+\\.)(?\\d+)$", "groupName": "K8s constrained GCP versions", "prPriority": 15, }, { "matchDepNames": ["ghcr.io/edgelesssys/cloud-provider-gcp"], // example match: v1.2.3 (1. -> compatibility, 2 -> minor, 3 -> patch) "versioning": "regex:^(?v\\d+\\.)(?\\d+)\\.(?\\d+)$", "groupName": "cloud-provider-gcp (K8s version constrained)", "prPriority": 15, }, { "matchPackagePrefixes": ["ghcr.io/edgelesssys/"], "excludePackageNames": ["ghcr.io/edgelesssys/cloud-provider-gcp"], "versioning": "semver", // Allow packages of ghcr.io/edgelesssys to update to unstable prereleases. // This is necessary because renovate will not update minor versions of // containers that are already tagged as a prerelease in the code // if this is not set. "ignoreUnstable": false, "groupName": "Constellation containers", "prPriority": 20, "schedule": ["before 8am on thursday"], }, { "matchDepNames": [ "registry.k8s.io/kas-network-proxy/proxy-agent", "registry.k8s.io/kas-network-proxy/proxy-server", ], "versioning": "semver", "groupName": "K8s version independent containers", "prPriority": 15, }, { "matchDepNames": ["^k8s.io/client-go"], "matchUpdateTypes": ["major"], "enabled": false, }, { "matchCategories": ["python", "js", "node"], "prPriority": -20, }, { "matchManagers": ["github-actions"], "matchDepNames": ["slsa-framework/slsa-github-generator"], "pinDigests": false, }, { "matchDepPatterns": ["_(darwin|linux)_(arm64|amd64)$"], "additionalBranchPrefix": "{{packageName}}-", "groupName": "{{packageName}}", }, ], // Regex Managers allow detection of other versions in files that renovate // cannot parse by default. For more information, look at // https://docs.renovatebot.com/modules/manager/regex/ . "regexManagers": [ { "fileMatch": ["(^|\\/)versions.go$"], "matchStrings": [ // Match all container packages. // example match:' "registry.io/owner/foo/bar:v1.2.3@sha256:somehash" // renovate:container' // (registry.io/owner/foo/bar -> depName, v1.2.3 -> currentValue, sha256:somehash -> currentDigest) " \"(?[^\"]*?):(?[^\"]*?)@(?sha256:[a-f0-9]+)\"[^\\n]+\\/\\/ renovate:container", ], "datasourceTemplate": "docker", }, { "fileMatch": ["(^|\\/)versions.go$"], "matchStrings": [ // Match kubernetes releases. // example match:' "https://storage.googleapis.com/kubernetes-release/release/v1.2.3/foo" // renovate:kubernetes-release' // (v1.2.3 -> currentValue) " \"https:\\/\\/storage\\.googleapis\\.com\\/kubernetes-release\\/release\\/(?[^\\/\\s\"]+)\\/[^\"]+\"[^\\n]+\\/\\/ renovate:kubernetes-release", // Match kubernetes releases. // example match:' " "v1.2.3" // renovate:kubernetes-release"' // (v1.2.3 -> currentValue) " \"(?v\\d+\\.\\d+\\.\\d+)\"[^\\n]+\\/\\/ renovate:kubernetes-release", ], "depNameTemplate": "kubernetes/kubernetes", "datasourceTemplate": "github-releases", }, { "fileMatch": ["(^|\\/)versions.go$", "[.]github\\/(actions|workflows)\\/.*[.]ya?ml"], "matchStrings": [ // Match github releases. // example match:' "https://github.com/foo/bar/releases/download/v1.2.3/foo.bin" // renovate:github-release' // (foo/bar -> depName, v1.2.3 -> currentValue) "https:\\/\\/github\\.com\\/(?[^\\/\\s\"]+\\/[^\\/\\s\"]+)\\/releases\\/download\\/(?[^\\/\\s\"]+).*renovate:github-release", ], "datasourceTemplate": "github-releases", }, { "fileMatch": ["(^|\\/)versions.go$"], "matchStrings": [ // Match kubernetes cri-tools releases (https://github.com/kubernetes-sigs/cri-tools). // example Match:' "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.2.3/foo"' // (v1.2.3 -> currentValue) " \"https:\\/\\/github\\.com\\/kubernetes-sigs\\/cri-tools\\/releases\\/download\\/(?[^\\/\\s\"]+)\\/[^\"]+\"", ], "depNameTemplate": "kubernetes-sigs/cri-tools", "datasourceTemplate": "github-releases", "autoReplaceStringTemplate": " \"https://github.com/kubernetes-sigs/cri-tools/releases/download/{{{newValue}}}/crictl-{{{newValue}}}-linux-amd64.tar.gz\"", }, { "fileMatch": ["versions.go$"], "matchStrings": [ // Match containernetworking plugin releases (https://github.com/containernetworking/plugins). // example Match:' "https://github.com/containernetworking/plugins/releases/download/v1.2.3/foo"' // (v1.2.3 -> currentValue) " \"https:\\/\\/github\\.com\\/containernetworking\\/plugins\\/releases\\/download\\/(?[^\\/\\s\"]+)\\/[^\"]+\"", ], "depNameTemplate": "containernetworking/plugins", "datasourceTemplate": "github-releases", "autoReplaceStringTemplate": " \"https://github.com/containernetworking/plugins/releases/download/{{{newValue}}}/cni-plugins-linux-amd64-{{{newValue}}}.tgz\"", }, { "fileMatch": ["\\.yaml$", "\\.yml$"], "matchStrings": [ // Match `go install` commands. // example Match: "go install foo.bar@0000000000000000000000000000000000000000" // (foo.bar -> depName, 0000000000000000000000000000000000000000 -> currentValue) "go install (?[^@]+?)@(?[0-9a-f]{40})", ], "datasourceTemplate": "go", }, { "fileMatch": ["(^|\\/)e2e_s3proxy/action.yml$"], "matchStrings": [ // Match mint tags (ghcr.io/edgelesssys/mint). // example Match:' "ghcr.io/edgelesssys/mint:v1.2.3"' // (ghcr.io/edgelesssys/mint -> depName, v1.2.3 -> currentValue) "IMAGE: \"(?[^\"]*?):(?[^\"]*?)@(?sha256:[a-f0-9]+)\"[^\\n]+# renovate:mint-fork", ], "datasourceTemplate": "docker", }, ], }