Skip to content

Commit

Permalink
chore: disables renovate and cron-job workflows (#1202)
Browse files Browse the repository at this point in the history
  • Loading branch information
justinthelaw authored Oct 8, 2024
1 parent 14053c2 commit d1e26df
Show file tree
Hide file tree
Showing 5 changed files with 32 additions and 289 deletions.
259 changes: 1 addition & 258 deletions .github/renovate.json5
Original file line number Diff line number Diff line change
@@ -1,260 +1,3 @@
{
"enabled": true,
"forkProcessing": "enabled",
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:best-practices",
":semanticCommits",
":semanticCommitTypeAll(chore)"
],
// Disable reviewers getting added by renovate to limit notification noise
"reviewersFromCodeOwners": false,
"timezone": "America/New_York",
"rebaseStalePrs": true,
"dependencyDashboard": true,
"dependencyDashboardTitle": "Renovate Dashboard 🤖",
"rebaseWhen": "conflicted",
"commitBodyTable": true,
"suppressNotifications": ["prIgnoreNotification"],
"pre-commit": {
"enabled": true
},
"helm-values": {
"fileMatch": [".*\\.ya?ml$"]
},
"kubernetes": {
"fileMatch": [".*\\.ya?ml$"],
"ignorePaths": [
".github"
]
},
"labels": ["dependencies", "tech-debt"],
"hostRules": [
{
"matchHost": "registry1.dso.mil",
"hostType": "docker",
"description": "Encrypted creds for registry1, scoped to this Github org using: https://docs.renovatebot.com/getting-started/migrating-secrets/#migrate-your-secrets-in-encrypted-form",
"username": "{{ secrets.IRONBANK_USERNAME }}",
"password": "{{ secrets.IRONBANK_PASSWORD }}"
},
{
"matchHost": "cgr.dev",
"description": "Encrypted creds for cgr.dev, scoped to this Github org using: https://docs.renovatebot.com/getting-started/migrating-secrets/#migrate-your-secrets-in-encrypted-form",
"username": "{{ secrets.CHAINGUARD_USERNAME }}",
"password": "{{ secrets.CHAINGUARD_PASSWORD }}"
},
{
"matchHost": "ghcr.io",
"hostType": "docker",
"description": "Encrypted creds for ghcr.io, scoped to this Github org using: https://docs.renovatebot.com/getting-started/migrating-secrets/#migrate-your-secrets-in-encrypted-form",
"username": "renovate",
"password": "{{ secrets.DEFENSEUNICORNS_PACKAGE_READ_PAT }}"
}
],
"regexManagers": [
// Matches github-tags pointing to items in githubusercontent (i.e. https://github.com/defenseunicorns/uds-core/blob/e45de0e5917a2ca6c3e30e593e2d9a8d393849a9/.vscode/settings.json#L12)
{
"fileMatch": [".*(\\.ya?ml|\\.json)$"],
"matchStrings": [
// Test: https://regex101.com/r/r1nWoZ/1
"https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\/]+\\/[^\\/]+)\\/(?<currentValue>[^\\/]+)"
],
"versioningTemplate": "semver-coerced",
"datasourceTemplate": "github-tags"
},
// Matches github-tags pointing to items in github.com/<org>/<repo>/raw/<tag> (i.e. https://github.com/defenseunicorns/uds-package-postgres-operator/blob/c88f9fd47c2fbc85e86c86c26b2d6948f6220898/zarf.yaml#L17)
{
"fileMatch": [".*(\\.ya?ml|\\.json)$"],
"matchStrings": [
// Test: https://regex101.com/r/huQrD4/1
"https:\\/\\/github\\.com\\/(?<depName>[^\\/]+\\/[^\\/]+)\\/raw\\/(?<currentValue>[^\\/]+)"
],
"versioningTemplate": "semver-coerced",
"datasourceTemplate": "github-tags"
},
// Matches github-tags pointing to items in github.com/<org>/<repo>/releases/download/<tag> (i.e. https://github.com/defenseunicorns/zarf/blob/c8abe31a5c4bbed933d692fcdeeefdc4b31701a5/packages/distros/k3s/zarf.yaml#L17)
{
"fileMatch": [".*(\\.ya?ml|\\.json)$"],
"matchStrings": [
// Test: https://regex101.com/r/oGP4dI/1
"https:\\/\\/github\\.com\\/(?<depName>[^\\/]+\\/[^\\/]+)\\/releases\\/download\\/(?<currentValue>[^\\/]+)"
],
"versioningTemplate": "semver-coerced",
"datasourceTemplate": "github-tags"
},
// Matches npm modules in npm install commands (i.e. https://github.com/defenseunicorns/uds-core/blob/f8e65159873f87be5912b73cc6f0a5ff26b7bed0/.github/workflows/commitlint.yaml#L26)
{
"fileMatch": [".*(\\.ya?ml|\\.json)$"],
"matchStrings": [
// Test: https://regex101.com/r/321nL5/1
"npm install ([\\w\\- ]+ )?(?<depName>@?[^\\s]*?)@(?<currentValue>[^\\s]+)"
],
"datasourceTemplate": "npm"
},
// Matches specified datasources where a colon separates the version on the following line (i.e. https://github.com/defenseunicorns/zarf/blob/7e91d3b9823b52fe6d0f563d692c8af57faa6005/examples/big-bang/zarf.yaml#L5)
{
"fileMatch": [".*\\.ya?ml$"],
"matchStrings": [
// Test: https://regex101.com/r/d9t0lt/1
"# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?( extractVersion=(?<extractVersion>.*?))?( registryUrl=(?<registryUrl>.*?))?\\s.*:\\s*['\"]?(?<currentValue>[v0-9].*?)['\"]?(\\s|$)"
],
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver-coerced{{/if}}",
"extractVersionTemplate": "{{#if extractVersion}}{{{extractVersion}}}{{else}}^(?<version>.*)${{/if}}"
},
// Matches specified datasources where an environment variable separates the version on the following line (i.e. https://github.com/defenseunicorns/uds-common/blob/ce3ba974ef3ff88058809f4b9a78da281a65ffa0/.github/actions/setup/action.yaml#L9)
{
"fileMatch": [".*\\.ya?ml$", ".*\\.sh$", ".*\\.?Dockerfile$"],
"matchStrings": [
// Test: https://regex101.com/r/b53bEF/2
"# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?( extractVersion=(?<extractVersion>.*?))?( registryUrl=(?<registryUrl>.*?))?\\s.*[A-Z]+=['\"]?(?<currentValue>[v0-9].*?)['\"]?(\\s|$)"
],
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver-coerced{{/if}}",
"extractVersionTemplate": "{{#if extractVersion}}{{{extractVersion}}}{{else}}^(?<version>.*)${{/if}}"
},
// Matches specified datasources for brew where an @ separates the version on the following line (i.e. https://github.com/defenseunicorns/uds-core/blob/5a2666f6a5ba89686c6dc1fecb0db98512b1b9f8/.github/actions/setup/action.yaml#L32)
{
"fileMatch": [".*\\.ya?ml$"],
"matchStrings": [
// Test: https://regex101.com/r/p3Cpjx/1
"# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\s.*brew.*@\\s*['\"]?(?<currentValue>[v0-9].*?)['\"]?(\\s|$)"
],
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver-coerced{{/if}}",
"extractVersionTemplate": "^v(?<version>.*)$"
},
// Matches images where you need to override the image reference in a Helm Value (i.e. https://github.com/defenseunicorns/uds-capability-rook-ceph/blob/f190c32688e80ad72df6389bcb150b35d779d0f0/values/cluster-values.yaml#L3-L4)
{
"fileMatch": ["\\.*\\.ya?ml$"],
"matchStrings": [
// Test: https://regex101.com/r/k5ebjz/1
"# renovate: image=(?<depName>.*?)\\s*image:\\s.*:(?<currentValue>[^\\s\"]*)",
],
"datasourceTemplate": "docker"
},
// Matches individual images in a `zarf.yaml`'s `images:` section that are tagged with a version (allowing for # renovate overrides)
{
"fileMatch": [ "(^|/)zarf\\.ya?ml$" ],
"matchStrings": [
// Test: https://regex101.com/r/Bd8IBp/1
"- ['\"]?(?<depName>[^\"'\\s]+):(?<currentValue>[^\"'\\s]+)['\"]?( # renovate:( versioning=(?<versioning>.*?))?( extractVersion=(?<extractVersion>.*?))?)?(\\s|$)"
],
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}docker{{/if}}",
"extractVersionTemplate": "{{#if extractVersion}}{{{extractVersion}}}{{else}}^(?<version>.*)${{/if}}",
"datasourceTemplate": "docker"
},
// Matches individual helm repo charts in a `zarf.yaml`'s `charts:` section that specify `version` then `url`
{
"fileMatch": [ "(^|/)zarf\\.ya?ml$" ],
"matchStringsStrategy": "recursive",
"matchStrings": [
// Match the chart section. Test: https://regex101.com/r/1DL0tI/3
"(?m)charts:(.|\\n)*?(^\\s{4}[\\w:]+|\\n$|^\\s{2}-)",
// Match a chart entry. Test: https://regex101.com/r/ibpxYd/1
"(?m)name:(.|\\n)+?(^\\s{4}[\\w\\-:]+|\\n$|^\\s{2}-|^\\s{6}-)",
// Match the parts of a chart entry. Test: https://regex101.com/r/tVVHYS/1
"(?m)name: [\"']?(?<depName>.+?)[\"']?$(.|\\n)*?version: [\"']?(?<currentValue>.+?)[\"']?$(.|\\n)*?url: [\"']?(?<registryUrl>(https|http|file):\\/\\/.+?)[\"']?$"
],
"datasourceTemplate": "helm"
},
// Matches individual helm repo charts in a `zarf.yaml`'s `charts:` section that specify `url` then `version`
{
"fileMatch": [ "(^|/)zarf.yaml$" ],
"matchStringsStrategy": "recursive",
"matchStrings": [
// Match the chart section. Test: https://regex101.com/r/1DL0tI/3
"(?m)charts:(.|\\n)*?(^\\s{4}[\\w:]+|\\n$|^\\s{2}-)",
// Match a chart entry. Test: https://regex101.com/r/ibpxYd/1
"(?m)name:(.|\\n)+?(^\\s{4}[\\w\\-:]+|\\n$|^\\s{2}-|^\\s{6}-)",
// Match the parts of a chart entry. Test: https://regex101.com/r/ehfBW6/1
"(?m)name: [\"']?(?<depName>.+?)[\"']?$(.|\\n)*?url: [\"']?(?<registryUrl>(https|http|file):\\/\\/.+?)[\"']?$(.|\\n)*?version: [\"']?(?<currentValue>.+?)[\"']?$"
],
"datasourceTemplate": "helm"
},
// Matches individual helm git charts in a `zarf.yaml`'s `charts:` section that specify `version` then `url`
{
"fileMatch": [ "(^|/)zarf\\.ya?ml$" ],
"matchStringsStrategy": "recursive",
"matchStrings": [
// Match the chart section. Test: https://regex101.com/r/1DL0tI/3
"(?m)charts:(.|\\n)*?(^\\s{4}[\\w:]+|\\n$|^\\s{2}-)",
// Match a chart entry. Test: https://regex101.com/r/ibpxYd/1
"(?m)name:(.|\\n)+?(^\\s{4}[\\w\\-:]+|\\n$|^\\s{2}-|^\\s{6}-)",
// Match the parts of a chart entry. Test: https://regex101.com/r/PIIH1p/1
"(?m)name:(.|\\n)*?version: [\"']?(?<currentValue>.+?)[\"']?$(.|\\n)*?url: [\"']?(?<depName>.+?\\.git)[\"']?$"
],
"datasourceTemplate": "git-tags",
// Match the version from the tag. Test: https://regex101.com/r/dzQZiE/1
"versioningTemplate": "regex:^v?(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)(-[\\w\\.]+\\.(?<build>\\d+))?"
},
// Matches individual helm git charts in a `zarf.yaml`'s `charts:` section that specify `url` then `version`
{
"fileMatch": [ "(^|/)zarf.yaml$" ],
"matchStringsStrategy": "recursive",
"matchStrings": [
// Match the chart section. Test: https://regex101.com/r/1DL0tI/3
"(?m)charts:(.|\\n)*?(^\\s{4}[\\w:]+|\\n$|^\\s{2}-)",
// Match a chart entry. Test: https://regex101.com/r/ibpxYd/1
"(?m)name:(.|\\n)+?(^\\s{4}[\\w\\-:]+|\\n$|^\\s{2}-|^\\s{6}-)",
// Match the parts of a chart entry. Test: https://regex101.com/r/m71Sn5/1
"(?m)name:(.|\\n)*?url: [\"']?(?<depName>.+?\\.git)[\"']?$(.|\\n)*?version: [\"']?(?<currentValue>.+?)[\"']?$"
],
"datasourceTemplate": "git-tags",
// Match the version from the tag. Test: https://regex101.com/r/dzQZiE/1
"versioningTemplate": "regex:^v?(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)(-[\\w\\.]+\\.(?<build>\\d+))?"
},
// Matches individual helm oci charts in a `zarf.yaml`'s `charts:` section that specify `version` then `url`
{
"fileMatch": [ "(^|/)zarf\\.ya?ml$" ],
"matchStringsStrategy": "recursive",
"matchStrings": [
// Match the chart section. Test: https://regex101.com/r/1DL0tI/3
"(?m)charts:(.|\\n)*?(^\\s{4}[\\w:]+|\\n$|^\\s{2}-)",
// Match a chart entry. Test: https://regex101.com/r/ibpxYd/1
"(?m)name:(.|\\n)+?(^\\s{4}[\\w\\-:]+|\\n$|^\\s{2}-|^\\s{6}-)",
// Match the parts of a chart entry. Test: https://regex101.com/r/gYGkgq/1
"(?m)name:(.|\\n)*?version: [\"']?(?<currentValue>.+?)[\"']?$(.|\\n)*?url: [\"']?oci:\\/\\/(?<depName>.+?)[\"']?$"
],
"datasourceTemplate": "docker"
},
// Matches individual helm oci charts in a `zarf.yaml`'s `charts:` section that specify `url` then `version`
{
"fileMatch": [ "(^|/)zarf.yaml$" ],
"matchStringsStrategy": "recursive",
"matchStrings": [
// Match the chart section. Test: https://regex101.com/r/1DL0tI/3
"(?m)charts:(.|\\n)*?(^\\s{4}[\\w:]+|\\n$|^\\s{2}-)",
// Match a chart entry. Test: https://regex101.com/r/ibpxYd/1
"(?m)name:(.|\\n)+?(^\\s{4}[\\w\\-:]+|\\n$|^\\s{2}-|^\\s{6}-)",
// Match the parts of a chart entry. Test: https://regex101.com/r/VDMzhy/1
"(?m)name:(.|\\n)*?url: [\"']?oci:\\/\\/(?<depName>.+?)[\"']?$(.|\\n)*?version: [\"']?(?<currentValue>.+?)[\"']?$"
],
"datasourceTemplate": "docker"
},
// Matches individual kustomizations in a `zarf.yaml`'s `manifests:` section using a github url with a ref
{
"fileMatch": [ "(^|/)zarf\\.ya?ml$" ],
"matchStringsStrategy": "recursive",
"matchStrings": [
// Match the manifests section. Test: https://regex101.com/r/BCfsGu/1
"(?m)manifests:(.|\\n)*?(^\\s{4}[\\w:]+|\\n$|^\\s{2}-)",
// Match a manifests entry. Test: https://regex101.com/r/UjQa51/1
"(?m)name:(.|\\n)+?(^\\s{4}[\\w\\-:]+|\\n$|^\\s{2}-|^\\s{6}-)",
// Match the parts of a chart entry. Test: https://regex101.com/r/cumJ2Y/1
"(?m)name:(.|\\n)*?kustomizations:(.|\n)*?- [\"']?github.com\\/(?<depName>.+?)\\/\\/.*\\?ref=(?<currentValue>.+?)[\"']?$"
],
"versioningTemplate": "semver-coerced",
"datasourceTemplate": "github-tags"
},
// Matches oci packages in a `uds-bundle.yaml`'s `zarf-packages:` section that specify `repository` then `ref`
{
"fileMatch": [ "(^|/)uds-bundle.yaml$" ],
"matchStringsStrategy": "recursive",
"matchStrings": [
// Match the parts of a chart entry. Test: https://regex101.com/r/IFgEw0/1
"(?m)repository: [\"']?(?<depName>.+?)[\"']?$(.)*(\n.*){0,2}ref: [\"']?(?<currentValue>.+?)[\"']?$"
],
"datasourceTemplate": "docker",
// Match versioning used on UDS packages. Test: https://regex101.com/r/BGkYHX/4
"versioningTemplate": "regex:^v?(?<major>\\d+)(\\.(?<minor>\\d+))?(\\.(?<patch>\\d+))?(-uds\\.(?<build>\\d))?(-(?<compatibility>\\w+)?)?(.*?)?$"
}
]
enabled: false,
}
22 changes: 11 additions & 11 deletions .github/workflows/nightly-snapshot-release.yaml
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
name: nightly-snapshot-release

on:
schedule:
- cron: "0 8 * * *" # Runs daily at 12 AM PST
# schedule:
# - cron: "0 8 * * *" # Runs daily at 12 AM PST
workflow_dispatch: # trigger manually as needed
pull_request:
types:
- opened # default trigger
- reopened # default trigger
- synchronize # default trigger
- ready_for_review # don't run on draft PRs
- milestoned # allows us to trigger on bot PRs
paths:
- .github/workflows/nightly-snapshot-release.yaml
# pull_request:
# types:
# - opened # default trigger
# - reopened # default trigger
# - synchronize # default trigger
# - ready_for_review # don't run on draft PRs
# - milestoned # allows us to trigger on bot PRs
# paths:
# - .github/workflows/nightly-snapshot-release.yaml

concurrency:
group: nightly-snapshot-release-${{ github.ref }}
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/nightly-uds-badge-verification.yaml
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
name: nightly-uds-badge-verification

on:
schedule:
- cron: "0 11 * * *" # Runs daily at 3 AM PST
# schedule:
# - cron: "0 11 * * *" # Runs daily at 3 AM PST
workflow_dispatch: # trigger manually as needed
pull_request:
paths:
- .github/workflows/nightly-uds-badge-verification.yaml
- tasks.yaml
# pull_request:
# paths:
# - .github/workflows/nightly-uds-badge-verification.yaml
# - tasks.yaml

concurrency:
group: nightly-uds-badge-verification-${{ github.ref }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/scorecard.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@ name: OpenSSF Scorecared
on:
# Only the default branch is supported.
branch_protection_rule:
schedule:
- cron: '20 3 * * 0' # Every Sunday at 03:20 UTC
# schedule:
# - cron: '20 3 * * 0' # Every Sunday at 03:20 UTC

push:
branches: [ "main" ]
Expand Down
24 changes: 12 additions & 12 deletions .github/workflows/weekly-registry1-flavor-test.yaml
Original file line number Diff line number Diff line change
@@ -1,19 +1,19 @@
name: weekly-registry1-flavor-test

on:
schedule:
- cron: "0 8 * * 0" # Run every Sunday at 12 AM PST
# schedule:
# - cron: "0 8 * * 0" # Run every Sunday at 12 AM PST
workflow_dispatch: # trigger manually as needed
pull_request:
types:
- opened # default trigger
- reopened # default trigger
- synchronize # default trigger
- ready_for_review # don't run on draft PRs
- milestoned # allows us to trigger on bot PRs
paths:
- .github/workflows/weekly-registry1-flavor-test.yaml
- bundles/latest/**
# pull_request:
# types:
# - opened # default trigger
# - reopened # default trigger
# - synchronize # default trigger
# - ready_for_review # don't run on draft PRs
# - milestoned # allows us to trigger on bot PRs
# paths:
# - .github/workflows/weekly-registry1-flavor-test.yaml
# - bundles/latest/**

concurrency:
group: weekly-registry1-flavor-test-${{ github.ref }}
Expand Down

0 comments on commit d1e26df

Please sign in to comment.