Manual self-upgrade

Signed-off-by: Erik Godding Boye <[email protected]>

Author: erikgb

.github/dependabot.yaml

@@ -4,20 +4,14 @@
 # Update Go dependencies and GitHub Actions dependencies daily.
 version: 2
 updates:
-- package-ecosystem: gomod
-  directory: /
-  schedule:
-    interval: daily
-  groups:
-    all-go-deps:
-      patterns: ["*"]
 - package-ecosystem: github-actions
   directory: /
   schedule:
     interval: daily
   exclude-paths: # Exclude files that are mastered from makefile-modules and shouldn't be upgraded in projects using makefile-modules.
     - .github/workflows/govulncheck.yaml
     - .github/workflows/make-self-upgrade.yaml
+    - .github/workflows/renovate.yaml
   groups:
     all-gh-actions:
       patterns: ["*"]

.github/renovate.json5

@@ -1,6 +1,13 @@
+// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+// Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base-dependabot/.github/renovate.json5 instead.
+
 {
   $schema: 'https://docs.renovatebot.com/renovate-schema.json',
   enabled: true,
+  enabledManagers: [
+    'gomod',
+  ],
+  separateMajorMinor: false,
   extends: [
     'config:best-practices',
     ':gitSignOff',
@@ -12,9 +19,8 @@
   timezone: 'Europe/London',
   labels: [
     'dependencies',
-  ],
-  allowedCommands: [
-    'make generate',
+    'kind/cleanup',
+    'release-note-none',
   ],
   postUpgradeTasks: {
     commands: [
@@ -23,81 +29,62 @@
     executionMode: 'branch',
   },
   packageRules: [
-    // Currently, there seems to be issues with permissions which doesn't allow Renovate to update actions.
     {
-      groupName: 'GitHub Actions',
+      groupName: 'Misc Go deps',
       matchManagers: [
-        'github-actions',
+        'gomod',
       ],
       matchPackageNames: [
-        '/.*/',
+        '*',
       ],
     },
     {
-      groupName: 'Misc Go deps',
+      groupName: 'Kubernetes Go deps',
       matchManagers: [
         'gomod',
       ],
       matchPackageNames: [
-        '/.*/',
+        'sigs.k8s.io**/**',
+        'k8s.io**/**',
       ],
     },
     {
-      groupName: 'Kubernetes Go deps',
+      groupName: 'Cloud Go deps',
       matchManagers: [
         'gomod',
       ],
       matchPackageNames: [
-        '/^sigs.k8s.io/',
-        '/^k8s.io/',
+        'github.com/akamai**/**',
+        'github.com/aws**/**',
+        'github.com/Azure**/**',
+        'github.com/AzureAD**/**',
+        'github.com/cloudflare**/**',
+        'github.com/digitalocean**/**',
+        'google.golang.org/api',
       ],
     },
     {
-      groupName: 'Cloud Go deps',
+      groupName: 'golang.org/x deps',
       matchManagers: [
         'gomod',
       ],
       matchPackageNames: [
-        '/^github.com/Azure/',
-        '/^github.com/AzureAD/',
-        '/^github.com/aws/',
+        'golang.org/x**/*',
+      ],
+      addLabels: [
+        'skip-review', // Adding label to allow PRs to automerge
       ],
     },
     {
-      description: 'Disable all cert-manager related dependencies',
+      description: 'Disable Go pseudo-version updates',
       matchManagers: [
         'gomod',
       ],
       matchPackageNames: [
-        '/^github.com/cert-manager/',
+        '*',
       ],
-      allowedVersions: '!/0.0.0/',
+      matchCurrentValue: 'v0.0.0*',
       enabled: false,
     },
   ],
-  ignorePaths: [
-    '**/vendor/**',
-    '**/node_modules/**',
-    '**/__tests__/**',
-    // The following files are managed from makefile-modules, and should be ignored by Renovate in other projects.
-    '.github/workflows/govulncheck.yaml',
-    '.github/workflows/make-self-upgrade.yaml',
-    '.github/dependabot.yaml',
-  ],
-  prBodyDefinitions: {
-    Package: '{{depName}}',
-  },
-  prBodyColumns: [
-    'Package',
-    'Type',
-    'Update',
-    'Change',
-    'References',
-  ],
-  prBodyNotes: [
-    '/kind cleanup',
-    '### Release Note\n```release-note\nNONE\n```',
-    '**Note**: This PR was automatically created by Renovate Bot.',
-    '',
-  ],
 }

.github/workflows/renovate.yaml

@@ -0,0 +1,56 @@
+# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base-dependabot/.github/workflows/renovate.yaml instead.
+
+name: Renovate
+on:
+  workflow_dispatch: {}
+  schedule:
+    - cron: '0 2 * * *'
+
+permissions:
+  contents: read
+
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+
+    if: github.repository == 'cert-manager/webhook-cert-lib'
+
+    permissions:
+      contents: write
+      issues: write
+      statuses: write
+      pull-requests: write
+
+    steps:
+      - name: Fail if branch is not head of branch.
+        if: ${{ !startsWith(github.ref, 'refs/heads/') && env.SOURCE_BRANCH != '' && env.SELF_UPGRADE_BRANCH != '' }}
+        run: |
+          echo "This workflow should not be run on a non-branch-head."
+          exit 1
+
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        # Adding `fetch-depth: 0` makes sure tags are also fetched. We need
+        # the tags so `git describe` returns a valid version.
+        # see https://github.com/actions/checkout/issues/701 for extra info about this option
+        with: { fetch-depth: 0 }
+
+      - id: go-version
+        run: |
+          make print-go-version >> "$GITHUB_OUTPUT"
+
+      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        with:
+          go-version: ${{ steps.go-version.outputs.result }}
+
+      - name: Self-hosted Renovate
+        uses: renovatebot/github-action@b11417b9eaac3145fe9a8544cee66503724e32b6 # v43.0.8
+        with:
+          configurationFile: .github/renovate.json5
+          token: ${{ secrets.GITHUB_TOKEN }}
+        env:
+          RENOVATE_REPOSITORIES: '["${{ github.repository }}"]'
+          RENOVATE_ONBOARDING: "false"
+          RENOVATE_PLATFORM: "github"
+          LOG_LEVEL: "debug"
+          RENOVATE_ALLOWED_COMMANDS: '["make generate"]'

klone.yaml

@@ -9,35 +9,35 @@ targets:
     - folder_name: boilerplate
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 604ff78fdcd3bc67da8c872979947bb094537d9d
+      repo_hash: 208a704b638f9964509fccbc8a97db8a824cf375
       repo_path: modules/boilerplate
     - folder_name: generate-verify
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 604ff78fdcd3bc67da8c872979947bb094537d9d
+      repo_hash: 208a704b638f9964509fccbc8a97db8a824cf375
       repo_path: modules/generate-verify
     - folder_name: go
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 604ff78fdcd3bc67da8c872979947bb094537d9d
+      repo_hash: 208a704b638f9964509fccbc8a97db8a824cf375
       repo_path: modules/go
     - folder_name: help
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 604ff78fdcd3bc67da8c872979947bb094537d9d
+      repo_hash: 208a704b638f9964509fccbc8a97db8a824cf375
       repo_path: modules/help
     - folder_name: klone
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 604ff78fdcd3bc67da8c872979947bb094537d9d
+      repo_hash: 208a704b638f9964509fccbc8a97db8a824cf375
       repo_path: modules/klone
     - folder_name: repository-base
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 604ff78fdcd3bc67da8c872979947bb094537d9d
+      repo_hash: 208a704b638f9964509fccbc8a97db8a824cf375
       repo_path: modules/repository-base
     - folder_name: tools
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 604ff78fdcd3bc67da8c872979947bb094537d9d
+      repo_hash: 208a704b638f9964509fccbc8a97db8a824cf375
       repo_path: modules/tools

make/_shared/repository-base/01_mod.mk

@@ -40,6 +40,10 @@ generate-base:
 			sed "s|{{REPLACE:GH-REPOSITORY}}|$(repo_name:github.com/%=%)|g" "$$file" > "$(CURDIR)/$$file"; \
 		done
 	cp -r $(repository_base_dependabot_dir)/. ./
+	cd $(repository_base_dependabot_dir) && \
+		find . -type f | while read file; do \
+			sed "s|{{REPLACE:GH-REPOSITORY}}|$(repo_name:github.com/%=%)|g" "$$file" > "$(CURDIR)/$$file"; \
+		done
 endif
 
 shared_generate_targets += generate-base

make/_shared/repository-base/base-dependabot/.github/dependabot.yaml

@@ -4,20 +4,14 @@
 # Update Go dependencies and GitHub Actions dependencies daily.
 version: 2
 updates:
-- package-ecosystem: gomod
-  directory: /
-  schedule:
-    interval: daily
-  groups:
-    all-go-deps:
-      patterns: ["*"]
 - package-ecosystem: github-actions
   directory: /
   schedule:
     interval: daily
   exclude-paths: # Exclude files that are mastered from makefile-modules and shouldn't be upgraded in projects using makefile-modules.
     - .github/workflows/govulncheck.yaml
     - .github/workflows/make-self-upgrade.yaml
+    - .github/workflows/renovate.yaml
   groups:
     all-gh-actions:
       patterns: ["*"]

make/_shared/repository-base/base-dependabot/.github/renovate.json5

@@ -0,0 +1,90 @@
+// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+// Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base-dependabot/.github/renovate.json5 instead.
+
+{
+  $schema: 'https://docs.renovatebot.com/renovate-schema.json',
+  enabled: true,
+  enabledManagers: [
+    'gomod',
+  ],
+  separateMajorMinor: false,
+  extends: [
+    'config:best-practices',
+    ':gitSignOff',
+    ':semanticCommits',
+    ':disableVulnerabilityAlerts',
+    ':prConcurrentLimit10', // Set a limit to avoid too many PRs, at least on the first run
+    ':prHourlyLimitNone',
+  ],
+  timezone: 'Europe/London',
+  labels: [
+    'dependencies',
+    'kind/cleanup',
+    'release-note-none',
+  ],
+  postUpgradeTasks: {
+    commands: [
+      'make generate',
+    ],
+    executionMode: 'branch',
+  },
+  packageRules: [
+    {
+      groupName: 'Misc Go deps',
+      matchManagers: [
+        'gomod',
+      ],
+      matchPackageNames: [
+        '*',
+      ],
+    },
+    {
+      groupName: 'Kubernetes Go deps',
+      matchManagers: [
+        'gomod',
+      ],
+      matchPackageNames: [
+        'sigs.k8s.io**/**',
+        'k8s.io**/**',
+      ],
+    },
+    {
+      groupName: 'Cloud Go deps',
+      matchManagers: [
+        'gomod',
+      ],
+      matchPackageNames: [
+        'github.com/akamai**/**',
+        'github.com/aws**/**',
+        'github.com/Azure**/**',
+        'github.com/AzureAD**/**',
+        'github.com/cloudflare**/**',
+        'github.com/digitalocean**/**',
+        'google.golang.org/api',
+      ],
+    },
+    {
+      groupName: 'golang.org/x deps',
+      matchManagers: [
+        'gomod',
+      ],
+      matchPackageNames: [
+        'golang.org/x**/*',
+      ],
+      addLabels: [
+        'skip-review', // Adding label to allow PRs to automerge
+      ],
+    },
+    {
+      description: 'Disable Go pseudo-version updates',
+      matchManagers: [
+        'gomod',
+      ],
+      matchPackageNames: [
+        '*',
+      ],
+      matchCurrentValue: 'v0.0.0*',
+      enabled: false,
+    },
+  ],
+}