feat(cluster): try adding renovate to cluster

truecharts · Feb 7, 2025 · 7216945 · 7216945
1 parent d6d790c
commit 7216945
Show file tree

Hide file tree

Showing 5 changed files with 124 additions and 0 deletions.
diff --git a/clusters/main/kubernetes/apps/kustomization.yaml b/clusters/main/kubernetes/apps/kustomization.yaml
@@ -1,6 +1,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
+  - renovate/ks.yaml
   - minecraft/ks.yaml
   - jackett/ks.yaml
   - bitmagnet/ks.yaml
diff --git a/clusters/main/kubernetes/apps/renovate/app/helm-release.yaml b/clusters/main/kubernetes/apps/renovate/app/helm-release.yaml
@@ -0,0 +1,101 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: renovate
+  namespace: renovate
+spec:
+  interval: 10m
+  chart:
+    spec:
+      chart: renovate
+      version: 1.11.1
+      sourceRef:
+        kind: HelmRepository
+        name: truecharts
+        namespace: flux-system
+      interval: 15m
+  timeout: 20m
+  maxHistory: 3
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  uninstall:
+    keepHistory: false
+  values:
+    workload:
+      main:
+        schedule: "@hourly"
+        podSpec:
+          containers:
+            main:
+
+              env:
+                GITHUB_COM_TOKEN: '${GITHUB_PAT}'
+                # You can set RENOVATE_AUTODISCOVER to true to run Renovate on all repos you have push access to
+                RENOVATE_AUTODISCOVER: 'false'
+                RENOVATE_TOKEN: '${GITHUB_PAT}'
+                RENOVATE_CONFIG_FILE: /tmp/renovate/config.json
+                LOGLEVEL: debug
+
+    configmap:
+      config:
+        enabled: true
+        data:
+          config.json: |-
+            module.exports = {
+              "dryRun": null,
+              "username": "truecharts-admin",
+              "gitAuthor": "truecharts-admin <bot@truecharts.org>",
+              "onboarding": false,
+              "platform": "github",
+              "repositoryCache": "enabled",
+              // https://github.com/renovatebot/renovate/blob/main/lib/util/cache/package/types.ts
+              // https://github.com/renovatebot/renovate/blob/main/lib/modules/datasource/docker/index.ts <--- See how each namespace is used
+              // https://docs.renovatebot.com/self-hosted-configuration/#cachettloverride
+              "cacheTtlOverride": {
+                "datasource-docker-hub-tags": minPerDay * 3,
+                "datasource-docker-digest": minPerDay * 3,
+              },
+              "dockerMaxPages": 10,
+              "lockFileMaintenance": { "enabled": true },
+              "repositories": [
+                "truecharts/public",
+                "truecharts/private",
+                "truecharts/.github"
+              ],
+              "allowPostUpgradeCommandTemplating": true,
+              "allowedPostUpgradeCommands": ["^.*"],
+              "hostRules": [
+                {
+                  "hostType": "docker",
+                  "matchHost": "docker.io",
+                  // TODO: Add login
+                  "abortIgnoreStatusCodes": [401, 404, 429],
+                  "abortOnError": false
+                }
+              ],
+              "packageRules": [
+                {
+                  "matchManagers": [
+                    "helm-requirements",
+                    "helm-values",
+                    "helmv3",
+                    "custom.regex"
+                  ],
+                  "matchDatasources": ["docker"],
+                  "matchUpdateTypes": ["major", "minor", "patch", "pin", "pinDigest", "digest"],
+                  "postUpgradeTasks": {
+                    "fileFilters": ["**/Chart.yaml"],
+                    "executionMode": "update",
+                    "commands": ["./charttool genmeta {{{replace 'digest|pin|pinDigest' 'patch' updateType}}} {{{packageFileDir}}} || true"]
+                  }
+                },
+              ],
+            };
diff --git a/clusters/main/kubernetes/apps/renovate/app/kustomization.yaml b/clusters/main/kubernetes/apps/renovate/app/kustomization.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helm-release.yaml
+  - namespace.yaml
diff --git a/clusters/main/kubernetes/apps/renovate/app/namespace.yaml b/clusters/main/kubernetes/apps/renovate/app/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+    name: renovate
diff --git a/clusters/main/kubernetes/apps/renovate/ks.yaml b/clusters/main/kubernetes/apps/renovate/ks.yaml
@@ -0,0 +1,12 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: renovate
+  namespace: flux-system
+spec:
+  interval: 10m
+  path: clusters/main/kubernetes/apps/renovate/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: truecharts