Skip to content

NE-2074: UPSTREAM: <carry>: Enable Konflux dependencies updates, disable gomod bumps #59

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 11, 2025
Merged

NE-2074: UPSTREAM: <carry>: Enable Konflux dependencies updates, disable gomod bumps #59

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
81 changes: 61 additions & 20 deletions renovate.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"enabledManagers": ["dockerfile", "gomod"],
"enabledManagers": ["dockerfile", "tekton"],
"commitMessagePrefix": "UPSTREAM: <carry>: ",
"packageRules": [
{
Expand All @@ -9,12 +9,10 @@
"enabled": false
},
{
"description": "Enable Docker image updates for Red Hat UBI images on major version 9 only in OpenShift files",
"description": "Enable Docker image updates for Red Hat UBI images on major version 9 in Containerfile only.",
"matchManagers": ["dockerfile"],
"matchFileNames": [
"Containerfile.aws-load-balancer-controller",
"Dockerfile.openshift",
"drift-cache/Dockerfile.openshift"
"Containerfile.aws-load-balancer-controller"
],
"matchDatasources": ["docker"],
"matchPackageNames": [
Expand All @@ -23,32 +21,75 @@
],
"enabled": true,
"versioning": "redhat",
"allowedVersions": "/^9(\\.|$)/"
"allowedVersions": "/^9(\\.|$)/",
"schedule": [
"after 5am on tuesday"
]
},
{
"description": "Keep Go toolset on minor version 1.22 only in OpenShift files",
"description": "Keep Go toolset on minor version 1.22 in Containerfile only.",
"matchManagers": ["dockerfile"],
"matchFileNames": [
"Containerfile.aws-load-balancer-controller",
"Dockerfile.openshift",
"drift-cache/Dockerfile.openshift"
"Containerfile.aws-load-balancer-controller"
],
"matchDatasources": ["docker"],
"matchPackageNames": [
"registry.access.redhat.com/ubi9/go-toolset"
],
"enabled": true,
"versioning": "redhat",
"allowedVersions": "/^1\\.22(\\.|$)/"
},
{
"description": "Disable regular Go module updates, only allow vulnerability alerts",
"matchManagers": ["gomod"],
"enabled": false
"allowedVersions": "/^1\\.22(\\.|$)/",
"schedule": [
"after 5am on tuesday"
]
}
],
"vulnerabilityAlerts": {
"enabled": true
},
"osvVulnerabilityAlerts": true
"tekton": {
"managerFilePatterns": [
"/\\.yaml$/",
"/\\.yml$/"
],
"includePaths": [
".tekton/**"
],
"packageRules": [
{
"matchPackageNames": [
"/^quay.io/redhat-appstudio-tekton-catalog//",
"/^quay.io/konflux-ci/tekton-catalog//",
"/^quay.io/konflux-ci/konflux-vanguard//"
],
"enabled": true,
"groupName": "Konflux references",
"branchPrefix": "konflux/references/",
"additionalBranchPrefix": "",
"group": {
"branchTopic": "{{{baseBranch}}}",
"commitMessageTopic": "{{{groupName}}}"
},
"commitMessageTopic": "Konflux references",
Copy link

@alebedev87 alebedev87 Aug 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we have a carry patch prefix?

Suggested change
"commitMessageTopic": "Konflux references",
"commitMessageTopic": "UPSTREAM <carry>: Konflux references",

Copy link
Author

@grzpiotrowski grzpiotrowski Aug 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was under the impression that the commit prefix we have set in the broader scope would handle this, but I think you're right and I added this now.

Copy link

@alebedev87 alebedev87 Aug 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was under the impression that the commit prefix we have set in the broader scope would handle this

I'm not sure either. Can a dry-run help us here or not?

Copy link
Author

@grzpiotrowski grzpiotrowski Aug 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, I just did a dry-run with commitMessageTopic": "Konflux references", and it correctly adds the prefix from the broader config that we have. I reverted this line back to this version.

Fragment from the dry-run:

       "branchesInformation": [
         {
           "branchName": "konflux/references/main",
           "prNo": null,
           "prTitle": "UPSTREAM: <carry>: Update Konflux references",
           "result": "not-scheduled",
           "upgrades": [ ...

Interestingly when I tested with "commitMessageTopic": "UPSTREAM <carry>: Konflux references", it would not duplicate that prefix.

The dry run only shows the PR titles but looks like they are the same as commit messages.

"prBodyColumns": [
"Package",
"Change",
"Notes"
],
"prBodyDefinitions": {
"Notes": "{{#if (or (containsString updateType 'minor') (containsString updateType 'major'))}}:warning:[migration](https://github.com/redhat-appstudio/build-definitions/blob/main/task/{{{replace '^quay.io/(redhat-appstudio-tekton-catalog|konflux-ci/tekton-catalog)/task-' '' packageName}}}/{{{newVersion}}}/MIGRATION.md):warning:{{/if}}"
},
"prBodyTemplate": "{{{header}}}{{{table}}}{{{notes}}}{{{changelogs}}}{{{configDescription}}}{{{controls}}}{{{footer}}}",
"recreateWhen": "always",
"rebaseWhen": "behind-base-branch"
}
],
"schedule": [
"after 5am on tuesday"
],
"postUpgradeTasks": {
"commands": [
"pipeline-migration-tool migrate -f \"$RENOVATE_POST_UPGRADE_COMMAND_DATA_FILE\""
],
"executionMode": "branch",
"dataFileTemplate": "[{{#each upgrades}}{\"depName\": \"{{{depName}}}\", \"currentValue\": \"{{{currentValue}}}\", \"currentDigest\": \"{{{currentDigest}}}\", \"newValue\": \"{{{newValue}}}\", \"newDigest\": \"{{{newDigest}}}\", \"packageFile\": \"{{{packageFile}}}\", \"parentDir\": \"{{{parentDir}}}\", \"depTypes\": [{{#each depTypes}}\"{{{this}}}\"{{#unless @last}},{{\/unless}}{{\/each}}]}{{#unless @last}},{{\/unless}}{{\/each}}]"
}
Comment on lines +87 to +93
Copy link

@alebedev87 alebedev87 Aug 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What does it do exactly post upgrade?

Copy link
Author

@grzpiotrowski grzpiotrowski Aug 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is part of the default MintMaker configuration. That is the one which is in place when there is no renovate.json file existing in the repo.

Also we could technically use the extends field in our renovate config and point to that file, then disable whatever configuration we don't want from there. But since we have set very specific requirements I reckon we can stay at the configuration in the current form where we add what is needed instead of disabling things from the extended default config.

To answer the question though after some research: this executes the konflux-ci/pipeline-migration-tool which handles any configuration updates needed to the pipelines after the version bump. Like when some parameters change from version to version etc.

links:

}
}