Skip to content

Commit

Permalink
Merge branch 'main' into refactor/maven-s3-fetch-result
Browse files Browse the repository at this point in the history
  • Loading branch information
zharinov authored Dec 8, 2024
2 parents bba8a0b + 283a7dc commit d2ca1ec
Show file tree
Hide file tree
Showing 178 changed files with 2,604 additions and 1,007 deletions.
2 changes: 1 addition & 1 deletion .devcontainer/Dockerfile
Original file line number Diff line number Diff line change
@@ -1 +1 @@
FROM ghcr.io/containerbase/devcontainer:13.0.22
FROM ghcr.io/containerbase/devcontainer:13.2.1
4 changes: 2 additions & 2 deletions .github/actions/calculate-prefetch-matrix/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ runs:
- name: Check cache miss for MacOS
id: macos-cache
uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: node_modules
key: ${{ env.MACOS_KEY }}
Expand All @@ -43,7 +43,7 @@ runs:

- name: Check cache miss for Windows
id: windows-cache
uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: node_modules
key: ${{ env.WINDOWS_KEY }}
Expand Down
6 changes: 3 additions & 3 deletions .github/actions/setup-node/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ runs:
- name: Restore `node_modules`
id: node-modules-restore
uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: node_modules
key: ${{ env.CACHE_KEY }}
Expand Down Expand Up @@ -64,7 +64,7 @@ runs:
- name: Cache and restore `pnpm store`
if: env.CACHE_HIT != 'true'
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ env.PNPM_STORE }}
key: |
Expand All @@ -87,7 +87,7 @@ runs:

- name: Write `node_modules` cache
if: inputs.save-cache == 'true' && env.CACHE_HIT != 'true'
uses: actions/cache/save@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: node_modules
key: ${{ env.CACHE_KEY }}
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -209,7 +209,7 @@ jobs:
os: ${{ runner.os }}

- name: Restore eslint cache
uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: .cache/eslint
key: eslint-main-cache
Expand All @@ -228,7 +228,7 @@ jobs:
- name: Save eslint cache
if: github.event_name == 'push'
uses: actions/cache/save@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: .cache/eslint
key: eslint-main-cache
Expand All @@ -255,7 +255,7 @@ jobs:
os: ${{ runner.os }}

- name: Restore prettier cache
uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: .cache/prettier
key: prettier-main-cache
Expand All @@ -280,7 +280,7 @@ jobs:
- name: Save prettier cache
if: github.event_name == 'push'
uses: actions/cache/save@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: .cache/prettier
key: prettier-main-cache
Expand Down Expand Up @@ -373,7 +373,7 @@ jobs:
os: ${{ runner.os }}

- name: Cache jest
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: .cache/jest
key: |
Expand Down Expand Up @@ -438,7 +438,7 @@ jobs:
merge-multiple: true

- name: Codecov
uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a # v5.0.7
uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1
with:
token: ${{ secrets.CODECOV_TOKEN }}
directory: coverage/lcov
Expand Down Expand Up @@ -684,7 +684,7 @@ jobs:
show-progress: false

- name: docker-config
uses: containerbase/internal-tools@e386c8e7bd305d803e0874abccbe153ec1d33a6d # v3.5.2
uses: containerbase/internal-tools@fa96b70003f221771f8c015cd3f598818ebf4d78 # v3.5.4
with:
command: docker-config

Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ jobs:
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
uses: github/codeql-action/init@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6
with:
languages: javascript

Expand All @@ -51,7 +51,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
uses: github/codeql-action/autobuild@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
Expand All @@ -65,4 +65,4 @@ jobs:
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
uses: github/codeql-action/analyze@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6
2 changes: 1 addition & 1 deletion .github/workflows/scorecard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,6 @@ jobs:

# Upload the results to GitHub's code scanning dashboard.
- name: 'Upload to code-scanning'
uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6
with:
sarif_file: results.sarif
2 changes: 1 addition & 1 deletion .github/workflows/trivy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ jobs:
format: 'sarif'
output: 'trivy-results.sarif'

- uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
- uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6
with:
sarif_file: trivy-results.sarif
category: 'docker-image-${{ matrix.tag }}'
2 changes: 1 addition & 1 deletion .python-version
Original file line number Diff line number Diff line change
@@ -1 +1 @@
3.13.0
3.13.1
10 changes: 8 additions & 2 deletions docs/usage/configuration-options.md
Original file line number Diff line number Diff line change
Expand Up @@ -2246,6 +2246,7 @@ Supported lock files:
- `pubspec.lock`
- `pyproject.toml`
- `requirements.txt`
- `uv.lock`
- `yarn.lock`

Support for new lock files may be added via feature request.
Expand Down Expand Up @@ -3612,7 +3613,7 @@ Behavior:
- `bump` = e.g. bump the range even if the new version satisfies the existing range, e.g. `^1.0.0` -> `^1.1.0`
- `replace` = Replace the range with a newer one if the new version falls outside it, and update nothing otherwise
- `widen` = Widen the range with newer one, e.g. `^1.0.0` -> `^1.0.0 || ^2.0.0`
- `update-lockfile` = Update the lock file when in-range updates are available, otherwise `replace` for updates out of range. Works for `bundler`, `cargo`, `composer`, `npm`, `yarn`, `pnpm`, `terraform` and `poetry` so far
- `update-lockfile` = Update the lock file when in-range updates are available, otherwise `replace` for updates out of range. Works for `bundler`, `cargo`, `composer`, `gleam`, `npm`, `yarn`, `pnpm`, `terraform` and `poetry` so far
- `in-range-only` = Update the lock file when in-range updates are available, ignore package file updates

Renovate's `"auto"` strategy works like this for npm:
Expand Down Expand Up @@ -3784,7 +3785,7 @@ If enabled Renovate tries to determine PR reviewers by matching rules defined in
Read the docs for your platform for details on syntax and allowed file locations:

- [GitHub Docs, About code owners](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners)
- [GitLab, Code Owners](https://docs.gitlab.com/ee/user/project/code_owners.html)
- [GitLab, Code Owners](https://docs.gitlab.com/ee/user/project/codeowners/)
- [Bitbucket, Set up and use code owners](https://support.atlassian.com/bitbucket-cloud/docs/set-up-and-use-code-owners/)

## reviewersSampleSize
Expand Down Expand Up @@ -3852,6 +3853,11 @@ You could then configure a schedule like this at the repository level:
This would mean that Renovate can run for 7 hours each night, plus all the time on weekends.
Note how the above example makes use of the "OR" logic of combining multiple schedules in the array.

<!-- prettier-ignore -->
!!! note
If both the day of the week _and_ the day of the month are restricted in the schedule, then Renovate only runs when both the day of the month _and_ day of the week match!
For example: `* * 1-7 * 4` means Renovate only runs on the _first_ Thursday of the month.

It's common to use `schedule` in combination with [`timezone`](#timezone).
You should configure [`updateNotScheduled=false`](#updatenotscheduled) if you want the schedule more strictly enforced so that _updates_ to existing branches aren't pushed out of schedule.
You can also configure [`automergeSchedule`](#automergeschedule) to limit the hours in which branches/PRs are _automerged_ (if [`automerge`](#automerge) is configured).
Expand Down
4 changes: 2 additions & 2 deletions docs/usage/docker.md
Original file line number Diff line number Diff line change
Expand Up @@ -307,7 +307,7 @@ Renovate will get the credentials with the [`google-auth-library`](https://www.n
service_account: ${{ env.SERVICE_ACCOUNT }}

- name: renovate
uses: renovatebot/github-action@v41.0.4
uses: renovatebot/github-action@v41.0.5
env:
RENOVATE_HOST_RULES: |
[
Expand Down Expand Up @@ -478,7 +478,7 @@ Make sure to install the Google Cloud SDK into the custom image, as you need the
For example:

```Dockerfile
FROM renovate/renovate:39.28.0
FROM renovate/renovate:39.42.4
# Include the "Docker tip" which you can find here https://cloud.google.com/sdk/docs/install
# under "Installation" for "Debian/Ubuntu"
RUN ...
Expand Down
4 changes: 2 additions & 2 deletions docs/usage/examples/opentelemetry.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,13 @@ version: '3'
services:
# Jaeger
jaeger:
image: jaegertracing/all-in-one:1.63.0
image: jaegertracing/all-in-one:1.64.0
ports:
- '16686:16686'
- '4317'

otel-collector:
image: otel/opentelemetry-collector-contrib:0.114.0
image: otel/opentelemetry-collector-contrib:0.115.1
command: ['--config=/etc/otel-collector-config.yml']
volumes:
- ./otel-collector-config.yml:/etc/otel-collector-config.yml
Expand Down
10 changes: 5 additions & 5 deletions docs/usage/examples/self-hosting.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,8 @@ It builds `latest` based on the `main` branch and all SemVer tags are published
```sh title="Example of valid tags"
docker run --rm renovate/renovate
docker run --rm renovate/renovate:39
docker run --rm renovate/renovate:39.28
docker run --rm renovate/renovate:39.28.0
docker run --rm renovate/renovate:39.42
docker run --rm renovate/renovate:39.42.4
```

<!-- prettier-ignore -->
Expand Down Expand Up @@ -62,7 +62,7 @@ spec:
- name: renovate
# Update this to the latest available and then enable Renovate on
# the manifest
image: renovate/renovate:39.28.0
image: renovate/renovate:39.42.4
args:
- user/repo
# Environment Variables
Expand Down Expand Up @@ -121,7 +121,7 @@ spec:
template:
spec:
containers:
- image: renovate/renovate:39.28.0
- image: renovate/renovate:39.42.4
name: renovate-bot
env: # For illustration purposes, please use secrets.
- name: RENOVATE_PLATFORM
Expand Down Expand Up @@ -367,7 +367,7 @@ spec:
containers:
- name: renovate
# Update this to the latest available and then enable Renovate on the manifest
image: renovate/renovate:39.28.0
image: renovate/renovate:39.42.4
volumeMounts:
- name: ssh-key-volume
readOnly: true
Expand Down
3 changes: 2 additions & 1 deletion docs/usage/faq.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,9 @@ If you're self hosting Renovate, use the latest release if possible.
## When is the Mend Renovate App updated with new Renovate versions?

The Renovate maintainers manually update the app.
The maintainers don't follow any release schedule or release cadence.
The maintainers don't follow any release schedule or release cadence, but try to update at least once a week.
This means the Mend Renovate App can lag a few hours to a week behind the open source version.

Major releases of Renovate are held back until the maintainers are reasonably certain it works for most users.

## How can I see which version the Mend Renovate app is using?
Expand Down
6 changes: 3 additions & 3 deletions docs/usage/getting-started/private-packages.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ However if you do still use them, private modules should work if you configure `
It is strongly recommended not to use private modules on a private registry and a warning will be logged if that is found.
Credentials stored on disk (e.g. in `~/.npmrc`) are no longer supported.

The recommended way of using local presets is to configure then using "local" presets, e.g. `"extends": ["local>myorg/renovate-config"]`, and ensure that the platform token has access to that repo.
The recommended way of using local presets is to configure them using "local" presets, e.g. `"extends": ["local>myorg/renovate-config"]`, and ensure that the platform token has access to that repo.

It's not recommended that you use a private repository to host your config while then extending it from a public repository.
If your preset doesn't have secrets then you should make it public, while if it does have secrets then it's better to split your preset between a public one which all repos extend, and a private one with secrets which only other private repos extend.
Expand Down Expand Up @@ -499,7 +499,7 @@ private-package==1.2.3

#### Packages that Renovate needs

Renovate relies on `pip`'s integration with the Python [keyring](https://pypi.org/project/keyring/) package along with the [keyrigs.envvars](https://pypi.org/project/keyrings.envvars/) backend for this.
Renovate relies on `pip`'s integration with the Python [keyring](https://pypi.org/project/keyring/) package along with the [keyrings.envvars](https://pypi.org/project/keyrings.envvars/) backend for this.

##### Self-hosting Renovate

Expand All @@ -511,7 +511,7 @@ But if you are self-hosting Renovate and:
- _not_ running Renovate in a Containerbase environment
- or, _not_ using the Docker sidecar container

Then you must install the Python keyring package and the keyrigs.envvars package into your self-hosted environment.
Then you must install the Python keyring package and the keyrings.envvars package into your self-hosted environment.

### poetry

Expand Down
12 changes: 12 additions & 0 deletions docs/usage/java.md
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,18 @@ Renovate does not support:
- Catalogs with custom names that do not end in `.toml`
- Catalogs outside the `gradle` folder whose names do not end in `.versions.toml` (unless overridden via [`fileMatch`](./configuration-options.md#filematch) configuration)

### Gradle Plugin Support

Renovate can also update [Gradle plugins](https://docs.gradle.org/current/userguide/plugins.html).
It supports the `id(<pluginId>)` syntax as well as the `kotlin(<kotlinPluginId>)` shortcut for `id(org.jetbrains.kotlin.<kotlinPluginId>)`.

For specifying `packageRules` it is important to know how `depName` and `packageName` are defined for a Gradle plugin:

- The `depName` field is equal to `<pluginId>`
- The `packageName` field is equal to `<pluginId>:<pluginId>.gradle.plugin`

This is a direct consequence of the [Plugin Marker Artifact](https://docs.gradle.org/current/userguide/plugins.html#sec:plugin_markers) naming convention.

## Gradle Wrapper

Renovate can update the [Gradle Wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html) of a project.
Expand Down
9 changes: 0 additions & 9 deletions lib/config/massage.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -17,15 +17,6 @@ describe('config/massage', () => {
expect(Array.isArray(res.schedule)).toBeTrue();
});

it('massages npmToken', () => {
const config: RenovateConfig = {
npmToken: 'some-token',
};
expect(massage.massageConfig(config)).toEqual({
npmrc: '//registry.npmjs.org/:_authToken=some-token\n',
});
});

it('massages packageRules matchUpdateTypes', () => {
const config: RenovateConfig = {
packageRules: [
Expand Down
3 changes: 0 additions & 3 deletions lib/config/massage.ts
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,6 @@ export function massageConfig(config: RenovateConfig): RenovateConfig {
for (const [key, val] of Object.entries(config)) {
if (allowedStrings.includes(key) && is.string(val)) {
massagedConfig[key] = [val];
} else if (key === 'npmToken' && is.string(val) && val.length < 50) {
massagedConfig.npmrc = `//registry.npmjs.org/:_authToken=${val}\n`;
delete massagedConfig.npmToken;
} else if (is.array(val)) {
massagedConfig[key] = [];
val.forEach((item) => {
Expand Down
2 changes: 1 addition & 1 deletion lib/config/options/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -515,7 +515,7 @@ const options: RenovateOptions[] = [
description:
'Change this value to override the default Renovate sidecar image.',
type: 'string',
default: 'ghcr.io/containerbase/sidecar:13.0.22',
default: 'ghcr.io/containerbase/sidecar:13.2.1',
globalOnly: true,
},
{
Expand Down
2 changes: 1 addition & 1 deletion lib/config/presets/internal/default.ts
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ export const presets: Record<string, Preset> = {
packageRules: [
{
automerge: true,
matchCurrentVersion: '>= 1.0.0',
matchCurrentVersion: '!/^0/',
matchUpdateTypes: ['minor', 'patch'],
},
],
Expand Down
2 changes: 1 addition & 1 deletion lib/data/changelog-urls.json
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
"flake8": "https://flake8.pycqa.org/en/latest/release-notes/index.html",
"django-storages": "https://github.com/jschneier/django-storages/blob/master/CHANGELOG.rst",
"lxml": "https://git.launchpad.net/lxml/plain/CHANGES.txt",
"mypy": "https://mypy-lang.blogspot.com/",
"mypy": "https://mypy.readthedocs.io/en/latest/changelog.html",
"phonenumbers": "https://github.com/daviddrysdale/python-phonenumbers/blob/dev/python/HISTORY.md",
"pycountry": "https://github.com/flyingcircusio/pycountry/blob/master/HISTORY.txt",
"django-debug-toolbar": "https://django-debug-toolbar.readthedocs.io/en/latest/changes.html",
Expand Down
Loading

0 comments on commit d2ca1ec

Please sign in to comment.