Merge branch '4-renovate-cannot-upgrade-overwritten-tbc-docker-images' into 'master'

| Input / Variable           | Description                                                                                                                                               | Default value                                      |

| -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- |

| `image` / `RENOVATE_IMAGE` | The Docker image used to run Renovate                                                                                                                     | `registry.hub.docker.com/renovate/renovate:latest` |

| `onboarding-config` / `RENOVATE_ONBOARDING_CONFIG` | Renovate configuration to use for onboarding Renovate                                                                                                                     | [see below](#default-onboarding-configuration) |

| :lock: `RENOVATE_TOKEN`    | A GitLab access token to allow Renovate crawl your projects. [See doc](https://docs.renovatebot.com/modules/platform/gitlab/#authentication)              | _none_                                             |

| :lock: `GITHUB_COM_TOKEN`  | A GitHub access token to allow Renovate fetch changelogs. [See doc](https://docs.renovatebot.com/getting-started/running/#githubcom-token-for-changelogs) | _none_                                             |

| [`RENOVATE_LOG_FILE`](https://docs.renovatebot.com/config-overview/#logging-variables)                       | `renovate-log.ndjson`                     |

| [`RENOVATE_LOG_FILE_LEVEL`](https://docs.renovatebot.com/config-overview/#logging-variables)                 | `debug`                                   |

#### Default onboarding configuration

`

The default [onboarding configuration](https://docs.renovatebot.com/self-hosted-configuration/#onboardingconfig) is suitable for projects using to-be-continuous:

- looks for user-defined inputs and variables in your `.gitlab-ci.yml` defining Docker images (ex: `SOMETOOL_IMAGE: docker.io/sometool:1.2.2`)

```json

{

  "$schema": "https://docs.renovatebot.com/renovate-schema.json",

  "extends": [

    "config:recommended",

    ":dependencyDashboard"

  ],

  "labels": [

    "dependencies"

  ],

  "customManagers": [

    {

      "customType": "regex",

      "fileMatch": [ "\\.gitlab-ci\\.ya?ml$" ], 

      "matchStrings": [ "\\s?_IMAGE:\\s['\"](?<registryUrls>.*?)\\/(?<depName>.*?):(?<currentValue>.*)['\"]" ], 

      "datasourceTemplate": "docker" 

    },

    {

      "customType": "regex",

      "fileMatch": [ "\\.gitlab-ci\\.ya?ml$" ], 

      "matchStrings": [ "\\s?image:\\s['\"](?<registryUrls>.*?)\\/(?<depName>.*?):(?<currentValue>.*)['\"]" ], 

      "datasourceTemplate": "docker" 

    }

  ] 

}

```

### Dry-run implementation details

Depending on the source of a pipeline, the template will either perform your dependency updates (create/update/delete branches and MRs)

      "description": "The Docker image used to run Renovate",

      "default": "registry.hub.docker.com/renovate/renovate:latest"

    },

    {

      "name": "RENOVATE_ONBOARDING_CONFIG",

      "description": "Renovate configuration to use for onboarding PRs",

      "default": "{\n  \"$$schema\": \"https://docs.renovatebot.com/renovate-schema.json\",\n  \"extends\": [\n    \"config:recommended\",\n    \":dependencyDashboard\"\n  ],\n \"labels\": [\n   \"dependencies\"\n  ],\n  \"customManagers\": [\n    {\n      \"customType\": \"regex\",\n      \"fileMatch\": [ \"\\\\.gitlab-ci\\\\.ya?ml$\" ], \n      \"matchStrings\": [ \"\\\\s?_IMAGE:\\\\s['\\\"](?<registryUrls>.*?)\\\\/(?<depName>.*?):(?<currentValue>.*)['\\\"]\" ], \n      \"datasourceTemplate\": \"docker\" \n    },\n    {\n      \"customType\": \"regex\",\n      \"fileMatch\": [ \"\\\\.gitlab-ci\\\\.ya?ml$\" ], \n      \"matchStrings\": [ \"\\\\s?image:\\\\s['\\\"](?<registryUrls>.*?)\\\\/(?<depName>.*?):(?<currentValue>.*)['\\\"]\" ], \n      \"datasourceTemplate\": \"docker\" \n    }\n  ] \n}"

    },

    {

      "name": "RENOVATE_TOKEN",

      "description": "A GitLab access token to allow Renovate crawl your projects. [See doc](https://docs.renovatebot.com/modules/platform/gitlab/#authentication)",

    image:

      description: The Docker image used to run Renovate

      default: registry.hub.docker.com/renovate/renovate:latest

    onboarding-config:

      description: Renovate configuration to use for onboarding PRs

      default: >-

        {

          "$$schema": "https://docs.renovatebot.com/renovate-schema.json",

          "extends": [

            "config:recommended",

            ":dependencyDashboard"

          ],

         "labels": [

           "dependencies"

          ],

          "customManagers": [

            {

              "customType": "regex",

              "fileMatch": [ "\\.gitlab-ci\\.ya?ml$" ], 

              "matchStrings": [ "\\s?_IMAGE:\\s['\"](?<registryUrls>.*?)\\/(?<depName>.*?):(?<currentValue>.*)['\"]" ], 

              "datasourceTemplate": "docker" 

            },

            {

              "customType": "regex",

              "fileMatch": [ "\\.gitlab-ci\\.ya?ml$" ], 

              "matchStrings": [ "\\s?image:\\s['\"](?<registryUrls>.*?)\\/(?<depName>.*?):(?<currentValue>.*)['\"]" ], 

              "datasourceTemplate": "docker" 

            }

          ] 

        }

---

workflow:

  rules:

  RENOVATE_LOG_FILE: renovate-log.ndjson

  RENOVATE_LOG_FILE_LEVEL: debug

  LOG_LEVEL: info

  RENOVATE_ONBOARDING_CONFIG: $[[ inputs.onboarding-config ]]

.renovate-scripts: &renovate-scripts |

  # BEGSCRIPT