[manager: terraform] Support OCI based registries for helm_release

[morremeyer]

What would you like Renovate to be able to do?

We use karpenter, which uses an OCI based helm registry:

resource "helm_release" "karpenter" {
  namespace = "karpenter"

  name    = "karpenter"
  chart   = "oci://public.ecr.aws/karpenter/karpenter"
  version = "v0.18.1"
} 

Currently, renovate does not update this. The dependency is detected as

{
  "currentValue": "v0.18.1",
  "skipReason": "local-chart",
  "depType": "helm_release",
  "registryUrls": [null],
  "depName": "oci://public.ecr.aws/karpenter/karpenter",
  "datasource": "helm",
  "depIndex": 0,
  "updates": []
}

If you have any ideas on how this should be implemented, please tell us here.

Based on #12507, I think for any chart line that begins with oci://, the datasource should be set to docker.

It might also be necessary to add https://public.ecr.aws to the registryUrls for this specific use case, more generalized the ${HOST} part in oci://${HOST}/…, but this is an (un)educated guess.

Is this a feature you are interested in implementing yourself?

Yes

[morremeyer]

I just found #16038. Do I understand it correctly that this means that renovate will not be able to update anything on the ECR public registry?

Edit on 2023-01-16: Support for tag listing on the ECR public registry was added in July 2022, see aws/containers-roadmap#1262 (comment). Therefore, this should not be an issue anymore.

[Jeinhaus]

I'm also very confused on what to put for registryUrl, datasource, depName, ... when wanting to update Helm charts from oci registries. I think it would be good to have an example e.g. with a regexManager to clear up how to use it.

[secustor]

@morremeyer Not sure on the public ECR part without looking deeper into this, but I would interpret it the same.
Regardless, to use such OCI URIs you have to only remove oci:// and then send it to the docker datasource as depName or packageName.
Before implementing this I would recommend to wait for #19269 being merged, as it heavily refactors the Terraform manager.

With this additional informations, are still interested in implementing this?

@Jeinhaus Here are the advanced capture docs for the regex manager located: https://github.com/renovatebot/renovate/blob/main/lib/modules/manager/regex/readme.md?plain=1#L92.
A PR to add a more complex example for the docker datasource would be welcome.

[morremeyer]

@secustor I'll subscribe to #19269 and will look into this again when that's merged.

I'm definitely interested in implementing this as it will make our life easier and our renovate config shorter :)

[morremeyer]

@secustor Should I wait for the typings you mentioned in #19269 (comment) or go ahead and start here?

[secustor]

I would start now, as I'm quite sure you will be finished before the other PR lands.

[morremeyer]

Tangential quick update on the ECR public registry part: Support for tag listing on the ECR public registry was added in July 2022, see aws/containers-roadmap#1262 (comment). Therefore, this should not be an issue anymore.

[renovate-release]

🎉 This issue has been resolved in version 34.106.0 🎉

The release is available on:

• GitHub release
• 34.106.0

Your semantic-release bot 📦🚀