diff --git a/.github/renovate.json b/.github/renovate.json index ad75c1a2b51..9f306f961da 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -1,20 +1,40 @@ { "extends": [ - "config:base" + "config:recommended" ], "dependencyDashboard": true, "dependencyDashboardApproval": false, - "baseBranches": ["dev"], + "baseBranchPatterns": ["dev"], "rebaseWhen": "conflicted", "separateMinorPatch": true, - "ignorePaths": ["requirements.txt", "requirements-lint.txt", "components/package.json", "components/package-lock.json", "dojo/components/yarn.lock", "dojo/components/package.json", "Dockerfile**"], + "ignorePaths": [ + "requirements.txt", + "requirements-lint.txt", + "components/package.json", + "components/package-lock.json", + "dojo/components/yarn.lock", + "dojo/components/package.json", + "Dockerfile**" + ], "ignoreDeps": [], "packageRules": [{ - "packagePatterns": ["*"], - "commitMessageExtra": "from {{currentVersion}} to {{#if isMajor}}v{{{newMajor}}}{{else}}{{#if isSingleVersion}}v{{{toVersion}}}{{else}}{{{newValue}}}{{/if}}{{/if}}", + "matchPackageNames": ["*"], + "commitMessageExtra": "from {{currentVersion}} to {{#if isMajor}}v{{{newMajor}}}{{else}}{{#if isSingleVersion}}v{{{newVersion}}}{{else}}{{{newValue}}}{{/if}}{{/if}}", "commitMessageSuffix": "({{packageFile}})", "labels": ["dependencies"] }], + "customManagers": [ + { + "customType": "regex", + "managerFilePatterns": [ + "/^.github/workflows//" + ], + "matchStrings": [ + "\\w*:\\s[\"']?(?\\S*[^\"']?)[\"']?\\s#\\s*renovate:\\s*datasource=(?.*?) depName=(?.*?)( versioning=(?.*?))?\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}" + } + ], "registryAliases": { "bitnami": "https://charts.bitnami.com/bitnami" } diff --git a/.github/workflows/build-docker-images-for-testing.yml b/.github/workflows/build-docker-images-for-testing.yml index 1d9eab75e39..53e44b5e6a9 100644 --- a/.github/workflows/build-docker-images-for-testing.yml +++ b/.github/workflows/build-docker-images-for-testing.yml @@ -40,7 +40,7 @@ jobs: echo $GITHUB_ENV - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index 5a749e0946f..dbe202e1c0c 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -15,13 +15,13 @@ jobs: - name: Setup Hugo uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0 with: - hugo-version: '0.140.1' + hugo-version: '0.140.1' # renovate: datasource=github-releases depName=gohugoio/hugo versioning=loose extended: true - name: Setup Node uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 with: - node-version: '22.20.0' + node-version: '22.20.0' # TODO: Renovate helper might not be needed here - needs to be fully tested - name: Cache dependencies uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 diff --git a/.github/workflows/k8s-tests.yml b/.github/workflows/k8s-tests.yml index dc30f685793..475a0e1715a 100644 --- a/.github/workflows/k8s-tests.yml +++ b/.github/workflows/k8s-tests.yml @@ -27,7 +27,7 @@ jobs: # are tested (https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#available-versions) - databases: pgsql brokers: redis - k8s: 'v1.34.0' + k8s: 'v1.34.0' # renovate: datasource=github-releases depName=kubernetes/kubernetes versioning=loose os: debian steps: - name: Checkout @@ -36,7 +36,7 @@ jobs: - name: Setup Minikube uses: manusa/actions-setup-minikube@b589f2d61bf96695c546929c72b38563e856059d # v2.14.0 with: - minikube version: 'v1.37.0' + minikube version: 'v1.37.0' # renovate: datasource=github-releases depName=kubernetes/minikube versioning=loose kubernetes version: ${{ matrix.k8s }} driver: docker start args: '--addons=ingress --cni calico' diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml new file mode 100644 index 00000000000..0b9ee77e1c7 --- /dev/null +++ b/.github/workflows/renovate.yaml @@ -0,0 +1,24 @@ +name: "Renovate validation" +on: + workflow_dispatch: + pull_request: + branches: + - dev + - master + - bugfix + - release/* + +jobs: + main: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false + + - name: validate + uses: suzuki-shunsuke/github-action-renovate-config-validator@c22827f47f4f4a5364bdba19e1fe36907ef1318e # v1.1.1 + with: + strict: "true" + validator_version: 41.146.0 # renovate: datasource=github-releases depName=renovatebot/renovate diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 598ebf995d4..740780b704a 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -4,8 +4,8 @@ on: pull_request: env: SHELLCHECK_REPO: 'koalaman/shellcheck' - SHELLCHECK_VERSION: 'v0.9.0' - SHELLCHECK_SHA: '038fd81de6b7e20cc651571362683853670cdc71' + SHELLCHECK_VERSION: 'v0.9.0' # renovate: datasource=github-releases depName=koalaman/shellcheck versioning=loose + SHELLCHECK_SHA: '038fd81de6b7e20cc651571362683853670cdc71' # Renovate config is not currently adjusted to update hash - it needs to be done manually for now jobs: shellcheck: runs-on: ubuntu-latest diff --git a/.github/workflows/slack-pr-reminder.yml b/.github/workflows/slack-pr-reminder.yml index fc7657e9148..55123816851 100644 --- a/.github/workflows/slack-pr-reminder.yml +++ b/.github/workflows/slack-pr-reminder.yml @@ -11,7 +11,7 @@ jobs: if: github.repository == 'DefectDojo/django-DefectDojo' # Notify only in core repo, not in forks - it would just fail in fork steps: - name: Notify reviewers in Slack - uses: DefectDojo-Inc/notify-pr-reviewers-action@master + uses: DefectDojo-Inc/notify-pr-reviewers-action@be26734e06338b41be6e70ce96027a51aa9ba9c6 # master with: owner: "DefectDojo" repository: "django-DefectDojo" diff --git a/.github/workflows/test-helm-chart.yml b/.github/workflows/test-helm-chart.yml index 934602cf7f8..f7e9199ab67 100644 --- a/.github/workflows/test-helm-chart.yml +++ b/.github/workflows/test-helm-chart.yml @@ -24,7 +24,7 @@ jobs: - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: - python-version: 3.13 + python-version: 3.13 # Renovate helper is not needed here - name: Configure Helm repos run: |- @@ -34,8 +34,8 @@ jobs: - name: Set up chart-testing uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 with: - yamale_version: 4.0.4 - yamllint_version: 1.35.1 + yamale_version: 4.0.4 # renovate: datasource=pypi depName=yamale versioning=semver + yamllint_version: 1.35.1 # renovate: datasource=pypi depName=yamllint versioning=semver - name: Determine target branch id: ct-branch-target diff --git a/.github/workflows/validate_docs_build.yml b/.github/workflows/validate_docs_build.yml index 223fa2a2a0c..c64f2a8f41c 100644 --- a/.github/workflows/validate_docs_build.yml +++ b/.github/workflows/validate_docs_build.yml @@ -12,13 +12,13 @@ jobs: - name: Setup Hugo uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0 with: - hugo-version: '0.140.1' + hugo-version: '0.140.1' # renovate: datasource=github-releases depName=gohugoio/hugo versioning=loose extended: true - name: Setup Node uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 with: - node-version: '22.20.0' + node-version: '22.20.0' # TODO: Renovate helper might not be needed here - needs to be fully tested - name: Cache dependencies uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0