[bug] Renovate seems broken #3634

ianlewis · 2024-05-14T21:55:33Z

Renovate seems to not be working properly since #3019 was merged. All the PRs were closed and the Dependency Dashboard (#408) hasn't been updated.

ianlewis · 2024-05-14T22:44:19Z

Is the config:base preset even a thing anymore? I can't find a reference to it at all.
https://docs.renovatebot.com/presets-config/

ianlewis · 2024-05-14T23:18:58Z

Running renovate-config-validator on the current renovate.json in main results in the following errors. It mentions that we need to migrate the config:base preset to config:recommended and that the schedule setting is invalid.

$ npx --yes --package renovate -- renovate-config-validator --strict                                                                      
 INFO: Validating renovate.json
 WARN: Config migration necessary
       "oldConfig": {               
         "$schema": "https://docs.renovatebot.com/renovate-schema.json",
         "extends": ["config:base", ":gitSignOff"],       
         "schedule": ["before 4 am on the first day of the month"],
         "vulnerabilityAlerts": {"schedule": "before 4am"},
         "postUpdateOptions": ["gomodTidy", "gomodUpdateImportPaths"],                                                                                        
         "packageRules": [
           {
             "matchManagers": ["github-actions"],
             "excludePackageNames": ["slsa-framework/slsa-github-generator"],
             "groupName": "github-actions",
             "pinDigests": true
           },
           {
             "matchManagers": ["github-actions"],
             "matchPackageNames": ["slsa-framework/slsa-github-generator"],
             "groupName": "github-actions",
             "pinDigests": false
           },
           {
             "matchManagers": ["dockerfile"],
             "matchPackageNames": ["golang"],
             "matchUpdateTypes": ["minor", "patch"],
             "groupName": "golang"
           },
           {
             "matchManagers": ["gomod"],
             "matchPackageNames": ["go"],
             "matchUpdateTypes": ["minor", "patch"],
             "groupName": "golang"
           },
           {
             "matchManagers": ["gomod"],
             "excludePackageNames": ["go", "github.com/in-toto/in-toto-golang"],
             "matchUpdateTypes": ["minor", "patch"],
             "groupName": "go"
           },
           {
             "matchManagers": ["npm"],
             "matchDepTypes": ["dependencies"],
             "matchUpdateTypes": ["minor", "patch"],
             "groupName": "npm"
           },
           {
             "matchManagers": ["npm"],
             "matchDepTypes": ["devDependencies"],
             "groupName": "npm dev"
           }
         ]
       },
       "newConfig": {               
         "$schema": "https://docs.renovatebot.com/renovate-schema.json",
         "extends": ["config:recommended", ":gitSignOff"],
         "schedule": ["before 4 am on the first day of the month"],
         "vulnerabilityAlerts": {"schedule": "before 4am"},
         "postUpdateOptions": ["gomodTidy", "gomodUpdateImportPaths"],                                                                                        
         "packageRules": [
           {
             "matchManagers": ["github-actions"],
             "excludePackageNames": ["slsa-framework/slsa-github-generator"],
             "groupName": "github-actions",
             "pinDigests": true
           },
           {
             "matchManagers": ["github-actions"],
             "matchPackageNames": ["slsa-framework/slsa-github-generator"],
             "groupName": "github-actions",
             "pinDigests": false
           },
           {
             "matchManagers": ["dockerfile"],
             "matchPackageNames": ["golang"],
             "matchUpdateTypes": ["minor", "patch"],
             "groupName": "golang"
           },
           {
             "matchManagers": ["gomod"],
             "matchPackageNames": ["go"],
             "matchUpdateTypes": ["minor", "patch"],
             "groupName": "golang"
           },
           {
             "matchManagers": ["gomod"],
             "excludePackageNames": ["go", "github.com/in-toto/in-toto-golang"],
             "matchUpdateTypes": ["minor", "patch"],
             "groupName": "go"
           },
           {
             "matchManagers": ["npm"],
             "matchDepTypes": ["dependencies"],
             "matchUpdateTypes": ["minor", "patch"],
             "groupName": "npm"
           },
           {
             "matchManagers": ["npm"],
             "matchDepTypes": ["devDependencies"],
             "groupName": "npm dev"
           }
         ]
       }
ERROR: Found errors in configuration
       "file": "renovate.json",
       "errors": [
         {
           "topic": "Configuration Error",
           "message": "Invalid schedule: `Invalid schedule: Failed to parse \"before 4 am on the first day of the month\"`"
         }
       ]

ianlewis · 2024-05-14T23:21:47Z

It seems that renovate will reopen the same issue (#404) if the config is invalid rather than creating a new issue. That may be one reason that this went unnoticed.

ramonpetgrave64 · 2024-05-15T16:26:01Z

Fixed the schedule
#3638 (comment)

# Summary Fixes renovate config to use the [`config:best-practices`](https://docs.renovatebot.com/presets-config/#configbest-practices) preset rather than the `config:base` preset since `config:base` seems to have gone away at some point. Also fixes the `schedule` config by using the [`schedule:monthly`](https://docs.renovatebot.com/presets-schedule/#schedulemonthly) preset. The previous `schedule` config seems to have been invalid because "4 am" had space between "4" and "am" (this was fixed in the `slsa-verifier` repo on slsa-framework/slsa-verifier#727 but was never fixed here). Also adds a pre-submit to run the [`renovate-config-validator`](https://docs.renovatebot.com/config-validation/) to ensure that renovate config is valid. This pre-submit will need to be made required in the repository branch protection rule for `main` in the repository settings after this PR is merged. Fixes #3634 #404 ## Testing Process - Run `make renovate-config-validator` to check that the config is valid. ## Checklist - [x] Review the contributing [guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md) - [x] Add a reference to related issues in the PR description. - [x] Update documentation if applicable. - [x] Add unit tests if applicable. - [x] Add changes to the [CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) if applicable. --------- Signed-off-by: Ian Lewis <ianlewis@google.com> Signed-off-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com> Co-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>

ianlewis added type:bug Something isn't working area:tooling An issue with project tooling and config labels May 14, 2024

ianlewis mentioned this issue May 14, 2024

chore: Fix Renovate config #3635

Merged

5 tasks

ramonpetgrave64 closed this as completed May 15, 2024

ramonpetgrave64 reopened this May 15, 2024

ramonpetgrave64 closed this as completed in #3635 May 15, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[bug] Renovate seems broken #3634

[bug] Renovate seems broken #3634

ianlewis commented May 14, 2024

ianlewis commented May 14, 2024 •

edited

ianlewis commented May 14, 2024

ianlewis commented May 14, 2024

ramonpetgrave64 commented May 15, 2024 •

edited

[bug] Renovate seems broken #3634

[bug] Renovate seems broken #3634

Comments

ianlewis commented May 14, 2024

ianlewis commented May 14, 2024 • edited

ianlewis commented May 14, 2024

ianlewis commented May 14, 2024

ramonpetgrave64 commented May 15, 2024 • edited

ianlewis commented May 14, 2024 •

edited

ramonpetgrave64 commented May 15, 2024 •

edited