Commit c9c8ed45 authored by Michael Kriese's avatar Michael Kriese
Browse files

feat!: use default renovate install mode with slim image (renovate-bot/renovate-runner!1553) 

BREAKING CHANGE: The default image is now the slim image. The docker images are now pulled from ghcr.io. DinD is no longer supported.
parent ec0ad21e

.gitlab-ci.yml

+3 −5
Original line number Diff line number Diff line 
include: '/templates/renovate-dind.gitlab-ci.yml'

include: '/templates/renovate.gitlab-ci.yml'



variables:

  RENOVATE_GIT_AUTHOR: Renovate Bot <bot@renovateapp.com>
@@ -30,8 +30,7 @@ renovate:dry-run: 
    - when: always



lint:

  image: renovate/node:18.12.0@sha256:e393a5b2cbf5b849895daea5d5ef4c234f27aded98f6fa505d7020c84a3d6fc7

  services: []

  image: ghcr.io/containerbase/node:18.12.0@sha256:5dbb2ce5d453efbc4cb045c49998ae1604897391df6e86183de5f5b46e638189

  cache:

    key:

      files:
@@ -48,9 +47,8 @@ lint: 
    - when: always



release:

  image: renovate/node:18.12.0@sha256:e393a5b2cbf5b849895daea5d5ef4c234f27aded98f6fa505d7020c84a3d6fc7

  image: ghcr.io/containerbase/node:18.12.0@sha256:5dbb2ce5d453efbc4cb045c49998ae1604897391df6e86183de5f5b46e638189

  stage: release

  services: []

  cache:

    key:

      files:

README.md

+10 −32
Original line number Diff line number Diff line
@@ -41,30 +41,21 @@ Create a `.gitlab-ci.yml` file in the repository like the following: 
```yaml

include:

    - project: 'renovate-bot/renovate-runner'

      file: '/templates/renovate-dind.gitlab-ci.yml'

```



If you are using a custom GitLab Kubernetes runner you probably need to downgrade the Docker DinD service because of [containerd/containerd#4837](https://github.com/containerd/containerd/issues/4837)



```yaml

include:

    - project: 'renovate-bot/renovate-runner'

      file: '/templates/renovate-dind.gitlab-ci.yml'



services:

    - docker:19.03.15-dind

      file: '/templates/renovate.gitlab-ci.yml'

```



Alternatively, if you cannot use the gitlab.com hosted or self-hosted privileged runners, include the following template instead.

**Note:** Docker DinD templates are deprecated and is now using the default version with slim image.



**Note:** This will use the full renovate image, which isn't capable of respecting any binary contraints.

It will always use the latest tools to update lock files.

So please prefer the DinD version.

Alternatively, if you can use the full renovate image.

It will have the latest tools to update lock files preinstalled and is much bigger.

So please prefer the default version.



```yaml

include:

    - project: 'renovate-bot/renovate-runner'

      file: '/templates/renovate.gitlab-ci.yml'



image: ${CI_RENOVATE_IMAGE_FULL}

```



To prevent unexpected changes in your pipeline, you can pin the version of this template and include it in your Renovate updates:
@@ -72,8 +63,8 @@ To prevent unexpected changes in your pipeline, you can pin the version of this 
```yaml

include:

    - project: 'renovate-bot/renovate-runner'

      file: '/templates/renovate-dind.gitlab-ci.yml'

      ref: v1.0.0

      file: '/templates/renovate.gitlab-ci.yml'

      ref: v12.0.0

```



Please check this project's [Releases page](https://gitlab.com/renovate-bot/renovate-runner/-/releases)
@@ -87,7 +78,7 @@ Example to run on schedules and pushes: 
```yaml

include:

    - project: 'renovate-bot/renovate-runner'

      file: '/templates/renovate-dind.gitlab-ci.yml'

      file: '/templates/renovate.gitlab-ci.yml'



renovate:

    rules:
@@ -110,16 +101,3 @@ Onboarding and autodiscover is disabled by default for security reasons. 
For renovate configuration basics checkout the official self-hosting [docs](https://docs.renovatebot.com/self-hosted-configuration/).



For other self-hosted GitLab samples you can check the [Renovate Gitlab Configuration](https://github.com/renovatebot/docker-renovate/blob/HEAD/docs/gitlab.md).
 


If you are using a self-hosted runner, please checkout the [GitLab docs for Docker DinD configuration](https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-the-docker-executor-with-the-docker-image-docker-in-docker).



<b>Note</b>: the default Renovate dind configuration connects to docker over TLS. To enable this e.g. for the GitLab Kubernetes runner add the following:



```toml

[[runners]]

  ...

  [[runners.kubernetes.volumes.empty_dir]]

    name = "docker-certs"

    mount_path = "/certs/client"

    medium = "Memory"

```

templates/_common.gitlab-ci.yml

deleted100644 → 0
+0 −33
Original line number Diff line number Diff line 
variables:

  RENOVATE_BASE_DIR: $CI_PROJECT_DIR/renovate

  RENOVATE_ENDPOINT: $CI_API_V4_URL

  RENOVATE_PLATFORM: gitlab

  RENOVATE_ONBOARDING_CONFIG: '{"$$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": ["config:base"] }'

  RENOVATE_OPTIMIZE_FOR_DISABLED: 'true'

  RENOVATE_REPOSITORY_CACHE: 'enabled'

  RENOVATE_REQUIRE_CONFIG: 'required'

  RENOVATE_ONBOARDING: 'false'

  RENOVATE_IGNORE_PR_AUTHOR: 'true'

  RENOVATE_EXTENDS: 'github>whitesource/merge-confidence:beta'

  RENOVATE_LOG_FILE: renovate-log.ndjson

  RENOVATE_LOG_FILE_LEVEL: debug

  LOG_LEVEL: info



default:

  cache:

    key: ${CI_COMMIT_REF_SLUG}-renovate

    paths:

      - renovate/cache/renovate/repository/



renovate:

  stage: deploy

  resource_group: production

  rules:

    - if: '$CI_PIPELINE_SOURCE == "schedule"'

  script:

    - renovate $RENOVATE_EXTRA_FLAGS

  artifacts:

    when: always

    expire_in: 1d

    paths:

      - '$RENOVATE_LOG_FILE'

templates/renovate-dind.gitlab-ci.yml

+6 −16
Original line number Diff line number Diff line 
include: '/templates/_common.gitlab-ci.yml'

include: '/templates/renovate.gitlab-ci.yml'



image: ${CI_RENOVATE_IMAGE}



services:

  - name: ${CI_RENOVATE_SERVICE}

    alias: docker



variables:

  DOCKER_DRIVER: overlay2

  DOCKER_HOST: tcp://docker:2376

  DOCKER_TLS_VERIFY: 1

  DOCKER_TLS_CERTDIR: /certs

  DOCKER_CERT_PATH: /certs/client

  RENOVATE_BINARY_SOURCE: docker

  CI_RENOVATE_SERVICE: docker:23.0.1-dind@sha256:3a09aaa775e328ec0817cb9b060e68c94ccf135f290c70f8189fbf2128ecdd9c

  CI_RENOVATE_IMAGE: renovate/renovate:35.17.1-slim@sha256:a0de41d28cf5a46ee16352244f1b62b0fc6e7fdb6045a1f3dbc39dc1f41d5494
 
deprecated:

  image: alpine

  stage: test

  script:

    - echo "This template is deprecated! Use '/templates/renovate.gitlab-ci.yml' instead."

templates/renovate.gitlab-ci.yml

+35 −4
Original line number Diff line number Diff line 
include: '/templates/_common.gitlab-ci.yml'

variables:

  RENOVATE_BASE_DIR: $CI_PROJECT_DIR/renovate

  RENOVATE_ENDPOINT: $CI_API_V4_URL

  RENOVATE_PLATFORM: gitlab

  RENOVATE_ONBOARDING_CONFIG: '{"$$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": ["config:base"] }'

  RENOVATE_OPTIMIZE_FOR_DISABLED: 'true'

  RENOVATE_REPOSITORY_CACHE: 'enabled'

  RENOVATE_REQUIRE_CONFIG: 'required'

  RENOVATE_ONBOARDING: 'false'

  RENOVATE_IGNORE_PR_AUTHOR: 'true'

  RENOVATE_EXTENDS: 'github>whitesource/merge-confidence:beta'

  RENOVATE_LOG_FILE: renovate-log.ndjson

  RENOVATE_LOG_FILE_LEVEL: debug

  LOG_LEVEL: info

  CI_RENOVATE_IMAGE: ghcr.io/renovatebot/renovate:35.17.1-slim@sha256:a0de41d28cf5a46ee16352244f1b62b0fc6e7fdb6045a1f3dbc39dc1f41d5494

  CI_RENOVATE_IMAGE_FULL: ghcr.io/renovatebot/renovate:35.17.0@sha256:9342b7358e0a3c4817e2291e1077c6c3d92a7e2bb476fbfa0c82881063ec51de



image: ${CI_RENOVATE_IMAGE}

default:

  cache:

    key: ${CI_COMMIT_REF_SLUG}-renovate

    paths:

      - renovate/cache/renovate/repository/



variables:

  CI_RENOVATE_IMAGE: renovate/renovate:35.17.0@sha256:9342b7358e0a3c4817e2291e1077c6c3d92a7e2bb476fbfa0c82881063ec51de
 
renovate:

  stage: deploy

  resource_group: production

  rules:

    - if: '$CI_PIPELINE_SOURCE == "schedule"'

  script:

    - renovate $RENOVATE_EXTRA_FLAGS

  artifacts:

    when: always

    expire_in: 1d

    paths:

      - '$RENOVATE_LOG_FILE'



image: ${CI_RENOVATE_IMAGE}