Merge pull request #232 from renovatebot/main

[pull] main from renovatebot:main

.devcontainer/Dockerfile

@@ -1 +1 @@
-FROM ghcr.io/containerbase/devcontainer:10.6.9
+FROM ghcr.io/containerbase/devcontainer:10.6.10

.github/workflows/build.yml

@@ -406,7 +406,7 @@ jobs:
           merge-multiple: true
 
       - name: Codecov
-        uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1
+        uses: codecov/codecov-action@6d798873df2b1b8e5846dba6fb86631229fbcb17 # v4.4.0
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           directory: coverage/lcov
@@ -632,7 +632,7 @@ jobs:
           show-progress: false
 
       - name: docker-config
-        uses: containerbase/internal-tools@92eb14b1949285966195aa5098c06f5ee0912388 # v3.0.85
+        uses: containerbase/internal-tools@7e72a69bea17a290f4fb09e2844311d62147c75a # v3.0.87
         with:
           command: docker-config
 

.github/workflows/codeql-analysis.yml

@@ -41,7 +41,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
+        uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
         with:
           languages: javascript
 
@@ -51,7 +51,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
+        uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -65,4 +65,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
+        uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5

.github/workflows/scorecard.yml

@@ -51,6 +51,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: 'Upload to code-scanning'
-        uses: github/codeql-action/upload-sarif@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
+        uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
         with:
           sarif_file: results.sarif

.github/workflows/trivy.yml

@@ -31,7 +31,7 @@ jobs:
           format: 'sarif'
           output: 'trivy-results.sarif'
 
-      - uses: github/codeql-action/upload-sarif@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
+      - uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
         with:
           sarif_file: trivy-results.sarif
           category: 'docker-image-${{ matrix.tag }}'

CODE_OF_CONDUCT.md

@@ -50,8 +50,8 @@ We quickly deal with rudeness in the community with:
 If you keep breaking the rules or challenge our guidelines openly, you will be blocked.
 For example: if you keep spamming the maintainers with `@mentions` or challenge our rules openly, you will be blocked.
 
-We generally do not argue about these decisions, but we are willing to reverse a block if a you show that you understand and respect the rules, or if there was a misunderstanding.
-Please reach out to the project's lead maintainer Rhys Arkins by email if so (the shorter the better).
+We generally do not argue about these decisions, but we are willing to reverse a block if you show that you understand and respect the rules, or if there was a misunderstanding.
+To reverse a block, or to clear up a misunderstanding, write a _short_ email to Renovate's lead maintainer Rhys Arkins.
 
 Simply put: we block and unblock swiftly, what matters is how you follow the rules going forward.
 

data/kubernetes-api.json5

@@ -130,17 +130,25 @@
   HelmChart: [
     'source.toolkit.fluxcd.io/v1alpha1',
     'source.toolkit.fluxcd.io/v1beta1',
+    'source.toolkit.fluxcd.io/v1',
   ],
   HelmRelease: [
     'helm.toolkit.fluxcd.io/v2beta1',
     'helm.toolkit.fluxcd.io/v2beta2',
+    'helm.toolkit.fluxcd.io/v2',
   ],
   HelmRepository: [
     'source.toolkit.fluxcd.io/v1alpha1',
     'source.toolkit.fluxcd.io/v1beta1',
     'source.toolkit.fluxcd.io/v1beta2',
+    'source.toolkit.fluxcd.io/v1',
   ],
+  ImagePolicy: ['image.toolkit.fluxcd.io/v1beta2'],
   ImageRepository: ['image.toolkit.fluxcd.io/v1beta2'],
+  ImageUpdateAutomation: [
+    'image.toolkit.fluxcd.io/v1beta1',
+    'image.toolkit.fluxcd.io/v1beta2'
+    ],
   OCIRepository: ['source.toolkit.fluxcd.io/v1beta2'],
   Provider: [
     'notification.toolkit.fluxcd.io/v1beta2',

docs/usage/.pages

@@ -32,6 +32,7 @@ nav:
       - 'Noise Reduction': 'noise-reduction.md'
       - 'Upgrade best practices': 'upgrade-best-practices.md'
   - Included Presets:
+      - 'Custom Manager Presets': 'presets-customManagers.md'
       - 'Default Presets': 'presets-default.md'
       - 'Docker Presets': 'presets-docker.md'
       - 'Full Config Presets': 'presets-config.md'
@@ -41,7 +42,6 @@ nav:
       - 'npm Presets': 'presets-npm.md'
       - 'Package Presets': 'presets-packages.md'
       - 'Preview Presets': 'presets-preview.md'
-      - 'Regex Manager Presets': 'presets-regexManagers.md'
       - 'Replacement Presets': 'presets-replacements.md'
       - 'Schedule Presets': 'presets-schedule.md'
       - 'Security Presets': 'presets-security.md'
@@ -57,5 +57,6 @@ nav:
       - 'Known Limitations': 'known-limitations.md'
       - 'Release notes for major versions': 'release-notes-for-major-versions.md'
       - Bot comparison: 'bot-comparison.md'
+      - 'Logo and brand guidelines': 'logo-brand-guidelines.md'
   - About Us: 'about-us.md'
   - Contributing to Renovate: 'contributing-to-renovate.md'

docs/usage/bot-comparison.md

@@ -18,7 +18,7 @@ If you see anything wrong on this page, please let us know by creating a [Discus
 | Compatibility score badges                | Four badges showing: Age, Adoption, Passing, Confidence                                                                        | One badge with overall compatibility score                                                                                                                                   |
 | Built-in to GitHub                        | No, requires app or self-hosting                                                                                               | Yes                                                                                                                                                                          |
 | Scheduling                                | By default, Renovate runs as often as it is allowed to, read [Renovate scheduling](./key-concepts/scheduling.md) to learn more | Yes: `daily`, `weekly`, `monthly`                                                                                                                                            |
-| License                                   | [GNU Affero General Public License](https://github.com/renovatebot/renovate/blob/main/license)                                 | [The Prosperity Public License 2.0.0](https://github.com/dependabot/dependabot-core/blob/main/LICENSE)                                                                       |
+| License                                   | [GNU Affero General Public License](https://github.com/renovatebot/renovate/blob/main/license)                                 | [MIT License](https://github.com/dependabot/dependabot-core/blob/main/LICENSE)                                                                                               |
 | Programming language of project           | TypeScript                                                                                                                     | Ruby                                                                                                                                                                         |
 | Project pulse                             | [`renovatebot/renovate` monthly pulse](https://github.com/renovatebot/renovate/pulse/monthly)                                  | [`dependabot-core` monthly pulse](https://github.com/dependabot/dependabot-core/pulse/monthly)                                                                               |
 | Contributor graph                         | [`renovatebot/renovate` contributor graph](https://github.com/renovatebot/renovate/graphs/contributors)                        | [`dependabot-core` contributor graph](https://github.com/dependabot/dependabot-core/graphs/contributors)                                                                     |
@@ -114,7 +114,7 @@ Dependabot has four options that apply at a language level:
 
 Renovate uses the [GNU Affero General Public License](https://github.com/renovatebot/renovate/blob/main/license).
 
-Dependabot uses [The Prosperity Public License 2.0.0](https://github.com/dependabot/dependabot-core/blob/main/LICENSE).
+Dependabot uses the [MIT License](https://github.com/dependabot/dependabot-core/blob/main/LICENSE).
 
 Neither license is relevant to the end user though if consuming through an App/SaaS.
 

docs/usage/config-presets.md

@@ -234,6 +234,40 @@ Parameters are supported similar to other methods:
 }
 ```
 
+## Templating presets
+
+You can use [Handlebars](https://handlebarsjs.com/) templates to be flexible with your presets.
+This can be handy when you want to include presets conditionally.
+
+<!-- prettier-ignore -->
+!!! note
+    The template only supports a small subset of options, but you can extend them via `customEnvVariables`.
+
+Read the [templates](./templates.md) section to learn more.
+
+### Example use-case
+
+The following example shows a self-hosted Renovate preset located in a GitLab repository called `renovate/presets`.
+
+```json
+{
+  "extends": ["local>renovate/presets"]
+}
+```
+
+Usually you want to validate the preset before you put it in your Renovate configuration
+Here is an example of how you can use templating to validate and load the preset on a branch level:
+
+```javascript
+// config.js
+module.exports = {
+  customEnvVariables: {
+    GITLAB_REF: process.env.CI_COMMIT_REF_NAME || 'main',
+  },
+  extends: ['local>renovate/presets#{{ env.GITLAB_REF }}'],
+};
+```
+
 ## Contributing to presets
 
 Have you configured a rule that could help others?

docs/usage/configuration-options.md

@@ -703,7 +703,7 @@ For template fields, use the triple brace `{{{ }}}` notation to avoid Handlebars
 
 <!-- prettier-ignore -->
 !!! tip
-    Look at our [Regex Manager Presets](./presets-regexManagers.md), they may have what you need.
+    Look at our [Custom Manager Presets](./presets-customManagers.md), they may have what you need.
 
 ### customType
 
@@ -898,27 +898,6 @@ It will be compiled using Handlebars and the regex `groups` result.
 It will be compiled using Handlebars and the regex `groups` result.
 It will default to the value of `depName` if left unconfigured/undefined.
 
-### readOnly
-
-If the `readOnly` field is being set to `true` inside the host rule, it will match only against the requests that are known to be read operations.
-Examples are `GET` requests or `HEAD` requests, but also it could be certain types of GraphQL queries.
-
-This option could be used to avoid rate limits for certain platforms like GitHub or Bitbucket, by offloading the read operations to a different user.
-
-```json
-{
-  "hostRules": [
-    {
-      "matchHost": "api.github.com",
-      "readOnly": true,
-      "token": "********"
-    }
-  ]
-}
-```
-
-If more than one token matches for a read-only request then the `readOnly` token will be given preference.
-
 ### currentValueTemplate
 
 If the `currentValue` for a dependency is not captured with a named group then it can be defined in config using this field.
@@ -1971,6 +1950,27 @@ registry=https://gitlab.myorg.com/api/v4/packages/npm/
 !!! note
     Values containing a URL path but missing a scheme will be prepended with 'https://' (e.g. `domain.com/path` -> `https://domain.com/path`)
 
+### readOnly
+
+If the `readOnly` field is being set to `true` inside the host rule, it will match only against the requests that are known to be read operations.
+Examples are `GET` requests or `HEAD` requests, but also it could be certain types of GraphQL queries.
+
+This option could be used to avoid rate limits for certain platforms like GitHub or Bitbucket, by offloading the read operations to a different user.
+
+```json
+{
+  "hostRules": [
+    {
+      "matchHost": "api.github.com",
+      "readOnly": true,
+      "token": "********"
+    }
+  ]
+}
+```
+
+If more than one token matches for a read-only request then the `readOnly` token will be given preference.
+
 ### timeout
 
 Use this figure to adjust the timeout for queries.
@@ -2060,9 +2060,12 @@ Applicable for Composer only for now.
 ## ignorePrAuthor
 
 This is usually needed if someone needs to migrate bot accounts, including from the Mend Renovate App to self-hosted.
+An additional use case is for GitLab users of project or group access tokens who need to rotate them.
+
 If `ignorePrAuthor` is configured to true, it means Renovate will fetch the entire list of repository PRs instead of optimizing to fetch only those PRs which it created itself.
 You should only want to enable this if you are changing the bot account (e.g. from `@old-bot` to `@new-bot`) and want `@new-bot` to find and update any existing PRs created by `@old-bot`.
-It's recommended to revert this setting once that transition period is over and all old PRs are resolved.
+
+Setting this field to `true` in GitLab will also mean that all Issues will be fetched instead of only those by the bot itself.
 
 ## ignorePresets
 
@@ -2470,8 +2473,9 @@ For example you have multiple `package.json` and want to use `dependencyDashboar
 
 ### allowedVersions
 
-Use this - usually within a packageRule - to limit how far to upgrade a dependency.
-For example, if you wish to upgrade to Angular v1.5 but not to `angular` v1.6 or higher, you could define this to be `<= 1.5` or `< 1.6.0`:
+You can use `allowedVersions` - usually within a `packageRules` entry - to limit how far to upgrade a dependency.
+
+For example, if you want to upgrade to Angular v1.5 but _not_ to `angular` v1.6 or higher, you could set `allowedVersions` to `<= 1.5` or `< 1.6.0`:
 
 ```json
 {
@@ -2484,10 +2488,14 @@ For example, if you wish to upgrade to Angular v1.5 but not to `angular` v1.6 or
 }
 ```
 
-The valid syntax for this will be calculated at runtime because it depends on the versioning scheme, which is itself dynamic.
+Renovate calculates the valid syntax for this at runtime, because it depends on the dynamic versioning scheme.
+
+#### Using regular expressions
 
-This field also supports Regular Expressions if they begin and end with `/`.
-For example, the following will enforce that only 3 or 4-part versions are supported, without any prefixes:
+You can use Regular Expressions in the `allowedVersion` config.
+You must _begin_ and _end_ your Regular Expression with the `/` character!
+
+For example, this config only allows 3 or 4-part versions, without any prefixes in the version:
 
 ```json
 {
@@ -2500,8 +2508,12 @@ For example, the following will enforce that only 3 or 4-part versions are suppo
 }
 ```
 
-This field also supports a special negated regex syntax for ignoring certain versions.
-Use the syntax `!/ /` like the following:
+Again: note how the Regular Expression _begins_ and _ends_ with the `/` character.
+
+#### Ignore versions with negated regex syntax
+
+You can use a special negated regex syntax to ignore certain versions.
+You must use the `!/ /` syntax, like this:
 
 ```json
 {

docs/usage/docker.md

@@ -384,7 +384,7 @@ To get access to the token a custom Renovate Docker image is needed that include
 The Dockerfile to create such an image can look like this:
 
 ```Dockerfile
-FROM renovate/renovate:37.342.1
+FROM renovate/renovate:37.356.1
 # Include the "Docker tip" which you can find here https://cloud.google.com/sdk/docs/install
 # under "Installation" for "Debian/Ubuntu"
 RUN ...

docs/usage/faq.md

@@ -51,7 +51,7 @@ Follow these steps to see which version the Mend Renovate app is on:
    ```
    INFO: Repository started
    {
-     "renovateVersion": "37.326.0"
+     "renovateVersion": "37.356.1"
    }
    ```
 
@@ -63,7 +63,7 @@ Follow these steps to see which version the Mend Renovate app is on:
 
 | Feature               | Platforms which lack feature                               | See Renovate issue(s)                                        |
 | --------------------- | ---------------------------------------------------------- | ------------------------------------------------------------ |
-| Dependency Dashboard  | Azure, Bitbucket, Bitbucket Server                         | [#9592](https://github.com/renovatebot/renovate/issues/9592) |
+| Dependency Dashboard  | Azure, Bitbucket, Bitbucket Server, Gerrit                 | [#9592](https://github.com/renovatebot/renovate/issues/9592) |
 | The Mend Renovate App | Azure, Bitbucket, Bitbucket Server, Forgejo, Gitea, GitLab |                                                              |
 
 ## Major platform features not supported by Renovate

docs/usage/index.md

@@ -76,7 +76,7 @@ Renovate works on these platforms:
 
 Renovate is used by:
 
-![Renovate Matrix](https://app.renovatebot.com/images/matrix.png){ loading=lazy }
+![Renovate Matrix](./assets/images/matrix.png){ loading=lazy }
 
 ## Ways to run Renovate
 

docs/usage/logo-brand-guidelines.md

@@ -0,0 +1,36 @@
+# Logo and brand guidelines
+
+This page explains how you may use the Renovate name, logo and branding.
+
+## Do not pretend to be the real Renovate app
+
+Avoid using our name, logo, or branding in a way that causes people to think you are the real Renovate app on a public platform.
+For example: do _not_ call your self-hosted version something like @realrenovatebot on GitHub.
+
+## Do not pretend to be a Renovate developer
+
+Avoid using our name, logo, or branding in a way that causes people to think you are a developer of Renovate.
+
+## Allowed uses of the Renovate name
+
+You are allowed to use the Renovate name:
+
+- to refer to the official Renovate app
+- as a nickname/shorthand, in contexts where it is clear you are referring to your self-hosted version
+
+## Allowed uses of the Renovate logo
+
+You are allowed to use our logo as:
+
+- an icon in your repository readme, that says you are using Renovate
+- part of a badge in your repository readme, that says you are using Renovate
+- an avatar image for your self-hosted version of Renovate, but give your bot a _different_ name
+
+## Allowed uses of the Renovate branding
+
+Do not use our banner images.
+
+## We keep the rights to our logo, name, and branding
+
+You may only use our logo, name and branding as described in this guideline.
+We keep the rights to our logo, name and branding.

docs/usage/modules/.pages

@@ -1,3 +1,6 @@
 title: Renovate Modules
+nav:
+  - Introduction: index.md
+  - ...
 order: asc
 sort_type: natural

docs/usage/modules/index.md

@@ -0,0 +1,14 @@
+---
+title: Modules introduction
+---
+
+# Modules introduction
+
+Renovate modules, please select a subsection.
+
+## Supported modules
+
+- [Datasources](./datasource/index.md)
+- [Managers](./manager/index.md)
+- [Platform](./platform/index.md)
+- [Versioning](./versioning/index.md)