sync forgejo renovate connection

clux · clux · commit adaa7376b404 · 2024-10-28T19:13:07.000Z
Signed-off-by: clux &lt;sszynrae@gmail.com&gt;
diff --git a/charts/renovate/Chart.yaml b/charts/renovate/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: renovate
 description: wrapper over renovate
 type: application
-version: 0.1.1
+version: 0.1.2
 dependencies:
 - name: renovate
   version: "*"
diff --git a/charts/renovate/README.md b/charts/renovate/README.md
@@ -3,3 +3,24 @@
 A small `renovate` setup for a daily upgrade job against a select set of repositories.
 
 Runs image from [clux/renovate](https://github.com/clux/renovate).
+
+## Usage
+
+Configure for a [github org](./kube.yaml), [personal github acc](./clux.yaml), [forgejo instance](./forgejo.yaml).
+
+## Integration
+
+### Github
+
+For automerges of PRs:
+
+- add an [automerge workflow](https://github.com/clux/renovate/blob/main/.github/workflows/automerge.yml)
+- repo settings: enable auto-merge
+- repo settings / branches: add branch protection to `main` and require ci statuses to pass
+- repo settings / actions / runners: allow gh actions to create and approve prs
+- add account (whose pat you are running) to the org (in org case) or repo (in user case)
+- approve PAT if necessary (org)
+
+### Forgejo
+
+See [forgejo.yaml](./forgejo.yaml).
diff --git a/charts/renovate/forgejo.yaml b/charts/renovate/forgejo.yaml
@@ -0,0 +1,66 @@
+---
+# Cronjob instance for forgejo
+renovate:
+  repositories: []
+  fullnameOverride: 'renovate-forgejo'
+  envFrom:
+  # Token generated at https://forgejo.clux.dev/user/settings/applications
+  # Documented in https://forgejo.org/docs/next/user/token-scope/
+  # Satisfying requirements in https://docs.renovatebot.com/modules/platform/gitea/
+  # read:{user,organization,misc,email} + rw:{repo,issue}
+  - secretRef:
+      name: renovate-forgejo-clux
+
+  extraVolumes:
+  - name: extra-cert
+    configMap:
+      name: clux-root-cert
+
+  extraVolumeMounts:
+  - name: extra-cert
+    mountPath: /etc/ssl/certs/clux.dev.root.ca.pem
+    subPath: clux.dev.root.ca.pem
+  env:
+    NODE_EXTRA_CA_CERTS: "/etc/ssl/certs/clux.dev.root.ca.pem"
+    RENOVATE_GIT_URL: 'ssh'
+    RENOVATE_ENDPOINT: "https://forgejo.clux.dev/api/v1"
+    RENOVATE_AUTODISCOVER: false
+
+  # TODO: GITHUB_TOKEN for release note fetching (may be throttled)
+  ssh_config:
+    # SSH for forgejo follows the gitlab setup with evars above
+    # https://docs.renovatebot.com/examples/self-hosting/#kubernetes-for-gitlab-using-git-over-ssh
+    # A key containing an ssh config for host forgejo:
+    # ---
+    # Host forgejo
+    #  HostName forgejo.clux.dev
+    #   Port 32222
+    #   User git
+    #   StrictHostKeyChecking no
+    #   IdentityFile ~/.ssh/id_rsa
+    # ...
+    # along with any ssh key added to the associated username below
+    existingSecret: 'renovate-ssh-full'
+
+  # different config for different platform
+  renovate:
+    config: |
+      {
+         "platform": "gitea",
+         "autodiscover": false,
+         "extends": [
+           ":semanticCommitsDisabled"
+         ],
+         "username": "clux",
+         "gitAuthor": "sszynrae <noreply@clux.dev>",
+         "automerge": true,
+         "automergeStrategy": "squash",
+         "allowedPostUpgradeCommands": ["just"],
+         "printConfig": true,
+         "dependencyDashboard": false,
+         "platformCommit": false,
+         "repositories": {{ .Values.repositories }},
+         "enabledManagers": ["helmv3", "custom.regex", "dockerfile", "cargo"],
+         "packageRules": [{"matchManagers": ["helmv3"], "rangeStrategy": "pin"}],
+         "customManagers": []
+      }
diff --git a/charts/renovate/values.yaml b/charts/renovate/values.yaml
@@ -47,7 +47,7 @@ renovate:
          "prFooter": "PR generated by [Renovate Bot](https://github.com/renovatebot/renovate) running in @clux's [homelab](https://github.com/clux/homelab).",
          "printConfig": true,
          "dependencyDashboard": false,
-         "platformCommit": "disabled",
+         "platformCommit": false,
          "repositories": {{ .Values.repositories }},
          "enabledManagers": ["helmv3", "custom.regex", "dockerfile"],
          "packageRules": [{"matchManagers": ["helmv3"], "rangeStrategy": "pin"}],
@@ -80,7 +80,7 @@ renovate:
   envFrom: []
   env:
     LOG_LEVEL: debug
-    OTEL_EXPORTER_OTLP_ENDPOINT: http://promstack-tempo.monitoring.svc:4318
+    #OTEL_EXPORTER_OTLP_ENDPOINT: http://promstack-tempo.monitoring.svc:4318
   envList: []
 
   redis:
diff --git a/dashboards/flux.json b/dashboards/flux.json
@@ -299,7 +299,7 @@
                   {
                     "targetBlank": true,
                     "title": "",
-                    "url": "https://github.com/Thhethssmuz/${__data.fields.Name}"
+                    "url": "https://github.com/clux/${__data.fields.Name}"
                   }
                 ]
               }

Original file line number	Diff line number	Diff line change
`@@ -299,7 +299,7 @@`
`299`	`299`	`{`
`300`	`300`	`"targetBlank": true,`
`301`	`301`	`"title": "",`
`302`		`- "url": "https://github.com/Thhethssmuz/${__data.fields.Name}"`
	`302`	`+ "url": "https://github.com/clux/${__data.fields.Name}"`
`303`	`303`	`}`
`304`	`304`	`]`
`305`	`305`	`}`