.gitlab-ci.yml

+# variables in the GitLab CI/CD variables:
+  #   GITLAB_TOKEN to support the semantic-release
+  #   DOCKER_AUTH_CONFIG to support the usage of private docker images as job docker image
+  #   TMPL_RELEASE_ENABLED to enable the semantic-release job
+  #   TBC_NAMESPACE: smartdatalab/public/ci-cd-components
+
 include:
-  - project: "to-be-continuous/tools/gitlab-ci"
-    ref: "master"
-    file: "/templates/extract.yml"
-  - project: "to-be-continuous/tools/gitlab-ci"
-    ref: "master"
-    file: "/templates/validation.yml"
-  - project: "to-be-continuous/kicker"
-    ref: "master"
-    file: "/templates/validation.yml"
-  - component: $CI_SERVER_FQDN/to-be-continuous/bash/gitlab-ci-bash@3.4
+  - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/gitlab-ci/extract@master
+    inputs:
+      extract-script-job-tags: ["docker"]
+  - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/gitlab-ci/validation@master
+    inputs:
+      check-links-job-tags: ["docker"]
+      tbc-check-job-tags: ["docker"]
+      tbc-check-image: cicd-docker-dev.artifact.tecnalia.dev/tbc-check:master
+      gitlab-ci-lint-job-tags: ["docker"]
+  - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/kicker/validation@master
     inputs:
+      kicker-validation-job-tags: ["docker"]
+      schema-base-url: "https://git.code.tecnalia.dev/api/v4/projects/smartdatalab%2Fpublic%2Fci-cd-components%2Fkicker/repository/files"
+  - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/bash/gitlab-ci-bash@master
+    inputs:
+      bash-shellcheck-job-tags: ["docker"]
       shellcheck-files: "*.sh"
-  - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.11
+  - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/semantic-release/gitlab-ci-semrel@master
+    inputs:
+      semantic-release-job-tags: ["docker"]
+  - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/gitleaks/gitlab-ci-gitleaks@master
+    inputs:
+      gitleaks-job-tags: ["docker"]
 
 variables:
   GITLAB_CI_FILES: "templates/gitlab-ci-renovate.yml"
+  GIT_STRATEGY: clone
 
 semantic-release:
   rules:

CHANGELOG.md

+## [1.4.1](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/renovate/compare/1.4.0...1.4.1) (2025-01-20)
+
+
+### Bug Fixes
+
+* renovate cannot upgrade overwritten TBC Docker images ([6a3794b](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/renovate/commit/6a3794bddfeed511543c3b8a912729302739f6ff))
+* specifiy user agent to fix check links issue on mend.io ([2814754](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/renovate/commit/2814754b05915cafb1e171df4a212f65f855c2a7))
+
+## [1.4.1](https://gitlab.com/to-be-continuous/renovate/compare/1.4.0...1.4.1) (2024-12-09)
+
+
+### Bug Fixes
+
+* renovate cannot upgrade overwritten TBC Docker images ([6a3794b](https://gitlab.com/to-be-continuous/renovate/commit/6a3794bddfeed511543c3b8a912729302739f6ff))
+* specifiy user agent to fix check links issue on mend.io ([2814754](https://gitlab.com/to-be-continuous/renovate/commit/2814754b05915cafb1e171df4a212f65f855c2a7))
+
 # [1.4.0](https://gitlab.com/to-be-continuous/renovate/compare/1.3.0...1.4.0) (2024-08-30)
 
 
@@ -10,12 +26,12 @@
 
 ### Bug Fixes
 
-* remove RENOVATE_PLATFORM as configurable param ([37f1aca](https://gitlab.com/to-be-continuous/renovate/commit/37f1acad5097a5021b4efd7505be1a4f4288a503))
+* remove RENOVATE_PLATFORM as configurable param ([37f1aca](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/renovate/commit/37f1acad5097a5021b4efd7505be1a4f4288a503))
 
 
 ### Features
 
-* add $CI_SERVER_FQDN as Renovate registryAlias ([b9705d5](https://gitlab.com/to-be-continuous/renovate/commit/b9705d55b2709bbfe84d88d3575e41602b47adcb))
+* add $CI_SERVER_FQDN as Renovate registryAlias ([b9705d5](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/renovate/commit/b9705d55b2709bbfe84d88d3575e41602b47adcb))
 
 ## [1.2.2](https://gitlab.com/to-be-continuous/renovate/compare/1.2.1...1.2.2) (2024-05-05)
 

README.md

@@ -14,7 +14,7 @@ Add the following to your `.gitlab-ci.yml`:
 ```yaml
 include:
   # include the component
-  - component: $CI_SERVER_FQDN/to-be-continuous/renovate/gitlab-ci-renovate@1.4.0
+  - component: $CI_SERVER_FQDN/to-be-continuous/renovate/gitlab-ci-renovate@1.4.1
 ```
 
 ### Use as a CI/CD template (legacy)
@@ -25,7 +25,7 @@ Add the following to your `.gitlab-ci.yml`:
 include:
   # include the template
   - project: "to-be-continuous/renovate"
-    ref: "1.2.2"
+    ref: "1.4.1"
     file: "/templates/gitlab-ci-renovate.yml"
 ```
 
@@ -33,11 +33,13 @@ include:
 
 The Renovate template uses some global configuration used throughout all jobs.
 
-| Input / Variable           | Description                                                                                                                                               | Default value                                      |
-| -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- |
-| `image` / `RENOVATE_IMAGE` | The Docker image used to run Renovate                                                                                                                     | `registry.hub.docker.com/renovate/renovate:latest` |
-| :lock: `RENOVATE_TOKEN`    | A GitLab access token to allow Renovate crawl your projects. [See doc](https://docs.renovatebot.com/modules/platform/gitlab/#authentication)              | _none_                                             |
-| :lock: `GITHUB_COM_TOKEN`  | A GitHub access token to allow Renovate fetch changelogs. [See doc](https://docs.renovatebot.com/getting-started/running/#githubcom-token-for-changelogs) | _none_                                             |
+| Input / Variable | Description                                                                     | Default value     |
+|------------------------|---------------------------------------------------------------------------------|-------------------|
+| `image` / `RENOVATE_IMAGE` | The Docker image used to run Renovate                                           | `registry.hub.docker.com/renovate/renovate:latest` |
+| :lock: `RENOVATE_TOKEN`| A GitLab access token to allow Renovate crawl your projects. [See doc](https://docs.renovatebot.com/modules/platform/gitlab/#authentication) | _none_ |
+| :lock: `GITHUB_COM_TOKEN`| A GitHub access token to allow Renovate fetch changelogs. [See doc](https://docs.renovatebot.com/getting-started/running/#githubcom-token-for-changelogs) | _none_ |
+| `renovate-validator-job-tags` / `RENOVATE_VALIDATOR_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]`            |
+| `renovate-depcheck-job-tags` / `RENOVATE_DEPCHECK_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]`            |
 
 This template will help you using [Renovate](https://www.mend.io/renovate/) from a GitLab project to
 automate your dependency updates within your groups or projects.
@@ -70,6 +72,38 @@ Defaults values are set to manage GitLab features :
 | [`RENOVATE_LOG_FILE`](https://docs.renovatebot.com/config-overview/#logging-variables)                       | `renovate-log.ndjson`                     |
 | [`RENOVATE_LOG_FILE_LEVEL`](https://docs.renovatebot.com/config-overview/#logging-variables)                 | `debug`                                   |
 
+#### Default onboarding configuration
+`
+The default [onboarding configuration](https://docs.renovatebot.com/self-hosted-configuration/#onboardingconfig) is suitable for projects using to-be-continuous:
+
+- looks for user-defined inputs and variables in your `.gitlab-ci.yml` defining Docker images (ex: `SOMETOOL_IMAGE: docker.io/sometool:1.2.2`)
+
+```json
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended",
+    ":dependencyDashboard"
+  ],
+  "labels": [
+    "dependencies"
+  ],
+  "customManagers": [
+    {
+      "customType": "regex",
+      "fileMatch": [ "\\.gitlab-ci\\.ya?ml$" ], 
+      "matchStrings": [ "\\s?_IMAGE:\\s['\"](?<registryUrls>.*?)\\/(?<depName>.*?):(?<currentValue>.*)['\"]" ], 
+      "datasourceTemplate": "docker" 
+    },
+    {
+      "customType": "regex",
+      "fileMatch": [ "\\.gitlab-ci\\.ya?ml$" ], 
+      "matchStrings": [ "\\s?image:\\s['\"](?<registryUrls>.*?)\\/(?<depName>.*?):(?<currentValue>.*)['\"]" ], 
+      "datasourceTemplate": "docker" 
+    }
+  ] 
+}
+```
 ### Dry-run implementation details
 
 Depending on the source of a pipeline, the template will either perform your dependency updates (create/update/delete branches and MRs)

bumpversion.sh

@@ -27,7 +27,7 @@ if [[ "$curVer" ]]; then
   log_info "Bump version from \\e[33;1m${curVer}\\e[0m to \\e[33;1m${nextVer}\\e[0m (release type: $relType)..."
 
   # replace in README
-  sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\”/ref: \”$nextVer\”/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next
+  sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\"/ref: \"$nextVer\"/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next
   mv -f README.md.next README.md
 
   # replace in template and variants

kicker.json

@@ -11,6 +11,11 @@
       "description": "The Docker image used to run Renovate",
       "default": "registry.hub.docker.com/renovate/renovate:latest"
     },
+    {
+      "name": "RENOVATE_ONBOARDING_CONFIG",
+      "description": "Renovate configuration to use for onboarding PRs",
+      "default": "{\n  \"$$schema\": \"https://docs.renovatebot.com/renovate-schema.json\",\n  \"extends\": [\n    \"config:recommended\",\n    \":dependencyDashboard\"\n  ],\n \"labels\": [\n   \"dependencies\"\n  ],\n  \"customManagers\": [\n    {\n      \"customType\": \"regex\",\n      \"fileMatch\": [ \"\\\\.gitlab-ci\\\\.ya?ml$\" ], \n      \"matchStrings\": [ \"\\\\s?_IMAGE:\\\\s['\\\"](?<registryUrls>.*?)\\\\/(?<depName>.*?):(?<currentValue>.*)['\\\"]\" ], \n      \"datasourceTemplate\": \"docker\" \n    },\n    {\n      \"customType\": \"regex\",\n      \"fileMatch\": [ \"\\\\.gitlab-ci\\\\.ya?ml$\" ], \n      \"matchStrings\": [ \"\\\\s?image:\\\\s['\\\"](?<registryUrls>.*?)\\\\/(?<depName>.*?):(?<currentValue>.*)['\\\"]\" ], \n      \"datasourceTemplate\": \"docker\" \n    }\n  ] \n}"
+    },
     {
       "name": "RENOVATE_TOKEN",
       "description": "A GitLab access token to allow Renovate crawl your projects. [See doc](https://docs.renovatebot.com/modules/platform/gitlab/#authentication)",
@@ -20,6 +25,20 @@
       "name": "GITHUB_COM_TOKEN",
       "description": "A GitHub access token to allow Renovate fetch changelogs. [See doc](https://docs.renovatebot.com/getting-started/running/#githubcom-token-for-changelogs)",
       "secret": true
+    },
+    {
+      "name": "RENOVATE_RENOVATE_VALIDATOR_JOB_TAGS",
+      "description": "Tags to be used for selecting runners for the job",
+      "type": "array",
+      "default": [],
+      "advanced": true
+    },
+    {
+      "name": "RENOVATE_RENOVATE_DEPCHECK_JOB_TAGS",
+      "description": "Tags to be used for selecting runners for the job",
+      "type": "array",
+      "default": [],
+      "advanced": true
     }
   ]
 }

lychee.toml

+
+#############################  Requests  ############################
+
+# User agent to send with each request.
+user_agent = "Mozilla/version Gecko/version Firefox/version"

templates/gitlab-ci-renovate.yml

@@ -19,6 +19,41 @@ spec:
     image:
       description: The Docker image used to run Renovate
       default: registry.hub.docker.com/renovate/renovate:latest
+    renovate-validator-job-tags:
+      description: tags to filter applicable runners for renovate-validator job
+      default: []
+      type: array
+    renovate-depcheck-job-tags:
+      description: tags to filter applicable runners for renovate-depcheck job
+      default: []
+      type: array
+    onboarding-config:
+      description: Renovate configuration to use for onboarding PRs
+      default: >-
+        {
+          "$$schema": "https://docs.renovatebot.com/renovate-schema.json",
+          "extends": [
+            "config:recommended",
+            ":dependencyDashboard"
+          ],
+         "labels": [
+           "dependencies"
+          ],
+          "customManagers": [
+            {
+              "customType": "regex",
+              "fileMatch": [ "\\.gitlab-ci\\.ya?ml$" ], 
+              "matchStrings": [ "\\s?_IMAGE:\\s['\"](?<registryUrls>.*?)\\/(?<depName>.*?):(?<currentValue>.*)['\"]" ], 
+              "datasourceTemplate": "docker" 
+            },
+            {
+              "customType": "regex",
+              "fileMatch": [ "\\.gitlab-ci\\.ya?ml$" ], 
+              "matchStrings": [ "\\s?image:\\s['\"](?<registryUrls>.*?)\\/(?<depName>.*?):(?<currentValue>.*)['\"]" ], 
+              "datasourceTemplate": "docker" 
+            }
+          ] 
+        }
 ---
 workflow:
   rules:
@@ -62,6 +97,7 @@ variables:
   RENOVATE_LOG_FILE: renovate-log.ndjson
   RENOVATE_LOG_FILE_LEVEL: debug
   LOG_LEVEL: info
+  RENOVATE_ONBOARDING_CONFIG: $[[ inputs.onboarding-config ]]
 
 .renovate-scripts: &renovate-scripts |
   # BEGSCRIPT
@@ -303,7 +339,7 @@ stages:
   image: $RENOVATE_IMAGE
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "renovate", "1.4.0"]
+      command: ["--service", "renovate", "1.4.1"]
   variables:
     RENOVATE_BASE_DIR: $CI_PROJECT_DIR
     RENOVATE_CACHE_DIR: $CI_PROJECT_DIR/.cache/renovate
@@ -326,6 +362,7 @@ renovate-validator:
   dependencies: []
   script:
     - renovate-config-validator
+  tags: $[[ inputs.renovate-validator-job-tags ]]
 
 # dependency check job: on manual or schedule (dry-run otherwise)
 renovate-depcheck:
@@ -349,3 +386,4 @@ renovate-depcheck:
       variables:
         RENOVATE_DRY_RUN: "false"
     - if: $RENOVATE_TOKEN
+  tags: $[[ inputs.renovate-depcheck-job-tags ]]