commit 9ce654629cd9f9f3da2c549245f9b660ed885899 Author: Markus Pesch Date: Sun Jan 30 21:39:29 2022 +0100 Initial Commit diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..e69de29 diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..51e94ca --- /dev/null +++ b/.drone.yml @@ -0,0 +1,721 @@ +--- +kind: pipeline +type: kubernetes +name: linter + +platform: + os: linux + +steps: +- name: markdown lint + commands: + - markdownlint *.md + image: docker.io/volkerraschek/markdownlint:0.30.0 + resources: + limits: + cpu: 50 + memory: 50M + +- name: email-notification + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + image: docker.io/drillster/drone-email:latest + resources: + limits: + cpu: 50 + memory: 25M + when: + status: + - changed + - failure + +trigger: + event: + exclude: + - tag + +--- +kind: pipeline +type: docker +name: dry-run-amd64 + +platform: + os: linux + arch: amd64 + +steps: +- name: build + image: plugins/docker + settings: + dockerfile: Dockerfile + auto_tag: false + dry_run: true + tags: latest-amd64 + repo: volkerraschek/gosec + username: + from_secret: container_image_registry_user + password: + from_secret: container_image_registry_password + no_cache: true + volumes: + - name: docker_socket + path: /var/run/docker.sock + +- name: notify + image: drillster/drone-email + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + when: + status: + - changed + - failure + +volumes: +- name: docker_socket + host: + path: /var/run/docker.sock + +depends_on: +- linter + +trigger: + branch: + exclude: + - master + event: + - pull_request + - push + repo: + - volker.raschek/gosec-docker + +--- +kind: pipeline +type: docker +name: dry-run-arm-v7 + +platform: + os: linux + arch: arm + +steps: +- name: build + image: plugins/docker + settings: + dockerfile: Dockerfile + auto_tag: false + dry_run: true + tags: latest-arm-v7 + repo: volkerraschek/gosec + username: + from_secret: container_image_registry_user + password: + from_secret: container_image_registry_password + no_cache: true + +- name: notify + image: drillster/drone-email + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + volumes: + - name: docker_socket + path: /var/run/docker.sock + when: + status: + - changed + - failure + +volumes: +- name: docker_socket + host: + path: /var/run/docker.sock + +depends_on: +- linter + +trigger: + branch: + exclude: + - master + event: + - pull_request + - push + repo: + - volker.raschek/gosec-docker + +--- +kind: pipeline +type: docker +name: dry-run-arm64-v8 + +platform: + os: linux + arch: arm64 + +steps: +- name: build + image: plugins/docker + settings: + dockerfile: Dockerfile + auto_tag: false + dry_run: true + tags: latest-arm64-v8 + repo: volkerraschek/gosec + username: + from_secret: container_image_registry_user + password: + from_secret: container_image_registry_password + no_cache: true + +- name: notify + image: drillster/drone-email + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + volumes: + - name: docker_socket + path: /var/run/docker.sock + when: + status: + - changed + - failure + +volumes: +- name: docker_socket + host: + path: /var/run/docker.sock + +depends_on: +- linter + +trigger: + branch: + exclude: + - master + event: + - pull_request + - push + repo: + - volker.raschek/gosec-docker + +--- +kind: pipeline +type: docker +name: latest-amd64 + +platform: + os: linux + arch: amd64 + +steps: +- name: build + image: plugins/docker + settings: + dockerfile: Dockerfile + auto_tag: false + tags: latest-amd64 + repo: volkerraschek/gosec + username: + from_secret: container_image_registry_user + password: + from_secret: container_image_registry_password + no_cache: true + volumes: + - name: docker_socket + path: /var/run/docker.sock + +- name: notify + image: drillster/drone-email + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + when: + status: + - changed + - failure + +volumes: +- name: docker_socket + host: + path: /var/run/docker.sock + +depends_on: +- linter + +trigger: + branch: + - master + event: + - cron + - push + repo: + - volker.raschek/gosec-docker + +--- +kind: pipeline +type: docker +name: latest-arm-v7 + +platform: + os: linux + arch: arm + +steps: +- name: build + image: plugins/docker + settings: + dockerfile: Dockerfile + auto_tag: false + tags: latest-arm-v7 + repo: volkerraschek/gosec + username: + from_secret: container_image_registry_user + password: + from_secret: container_image_registry_password + no_cache: true + +- name: notify + image: drillster/drone-email + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + volumes: + - name: docker_socket + path: /var/run/docker.sock + when: + status: + - changed + - failure + +volumes: +- name: docker_socket + host: + path: /var/run/docker.sock + +depends_on: +- linter + +trigger: + branch: + - master + event: + - cron + - push + repo: + - volker.raschek/gosec-docker + +--- +kind: pipeline +type: docker +name: latest-arm64-v8 + +platform: + os: linux + arch: arm64 + +steps: +- name: build + image: plugins/docker + settings: + dockerfile: Dockerfile + auto_tag: false + tags: latest-arm64-v8 + repo: volkerraschek/gosec + username: + from_secret: container_image_registry_user + password: + from_secret: container_image_registry_password + no_cache: true + +- name: notify + image: drillster/drone-email + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + volumes: + - name: docker_socket + path: /var/run/docker.sock + when: + status: + - changed + - failure + +volumes: +- name: docker_socket + host: + path: /var/run/docker.sock + +depends_on: +- linter + +trigger: + branch: + - master + event: + - cron + - push + repo: + - volker.raschek/gosec-docker + +--- +kind: pipeline +type: kubernetes +name: latest-manifest + +steps: +- name: build-manifest + image: plugins/manifest + settings: + auto_tag: false + ignore_missing: true + spec: manifest.tmpl + username: + from_secret: container_image_registry_user + password: + from_secret: container_image_registry_password + +- name: notify + image: docker.io/drillster/drone-email:latest + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + resources: + limits: + cpu: 50 + memory: 25M + when: + status: + - changed + - failure + +depends_on: +- latest-amd64 +- latest-arm-v7 +- latest-arm64-v8 + +trigger: + branch: + - master + event: + - cron + - push + repo: + - volker.raschek/gosec-docker + +--- +kind: pipeline +type: docker +name: tagged-amd64 + +platform: + os: linux + arch: amd64 + +steps: +- name: build + image: plugins/docker + settings: + dockerfile: Dockerfile + auto_tag: true + auto_tag_suffix: amd64 + repo: volkerraschek/gosec + username: + from_secret: container_image_registry_user + password: + from_secret: container_image_registry_password + build_args: + - HELM_VERSION=${DRONE_TAG} + no_cache: true + volumes: + - name: docker_socket + path: /var/run/docker.sock + +- name: notify + image: drillster/drone-email + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + when: + status: + - changed + - failure + +volumes: +- name: docker_socket + host: + path: /var/run/docker.sock + +trigger: + event: + - tag + repo: + - volker.raschek/gosec-docker + +--- +kind: pipeline +type: docker +name: tagged-arm-v7 + +platform: + os: linux + arch: arm + +steps: +- name: build + image: plugins/docker + settings: + dockerfile: Dockerfile + auto_tag: true + auto_tag_suffix: arm-v7 + repo: volkerraschek/gosec + username: + from_secret: container_image_registry_user + password: + from_secret: container_image_registry_password + build_args: + - HELM_VERSION=${DRONE_TAG} + no_cache: true + volumes: + - name: docker_socket + path: /var/run/docker.sock + +- name: notify + image: drillster/drone-email + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + when: + status: + - changed + - failure + +volumes: +- name: docker_socket + host: + path: /var/run/docker.sock + +trigger: + event: + - tag + repo: + - volker.raschek/gosec-docker + +--- +kind: pipeline +type: docker +name: tagged-arm64-v8 + +platform: + os: linux + arch: arm64 + +steps: +- name: build + image: plugins/docker + settings: + dockerfile: Dockerfile + auto_tag: true + auto_tag_suffix: arm64-v8 + repo: volkerraschek/gosec + username: + from_secret: container_image_registry_user + password: + from_secret: container_image_registry_password + build_args: + - HELM_VERSION=${DRONE_TAG} + no_cache: true + volumes: + - name: docker_socket + path: /var/run/docker.sock + +- name: notify + image: drillster/drone-email + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + when: + status: + - changed + - failure + +volumes: +- name: docker_socket + host: + path: /var/run/docker.sock + +trigger: + event: + - tag + repo: + - volker.raschek/gosec-docker + +--- +kind: pipeline +type: kubernetes +name: tagged-manifest + +steps: +- name: build-manifest + image: plugins/manifest + settings: + auto_tag: true + ignore_missing: true + spec: manifest.tmpl + username: + from_secret: container_image_registry_user + password: + from_secret: container_image_registry_password + +- name: notify + image: docker.io/drillster/drone-email:latest + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + resources: + limits: + cpu: 50 + memory: 25M + when: + status: + - changed + - failure + +depends_on: +- tagged-amd64 +- tagged-arm-v7 +- tagged-arm64-v8 + +trigger: + event: + - tag + repo: + - volker.raschek/gosec-docker + +--- +kind: pipeline +type: kubernetes +name: sync + +platform: + os: linux + arch: amd64 + +steps: +- name: github + image: docker.io/appleboy/drone-git-push:latest + resources: + limits: + cpu: 50 + memory: 25M + settings: + branch: master + remote: ssh://git@github.com/volker-raschek/gosec-docker.git + force: true + ssh_key: + from_secret: ssh_key + +- name: email-notification + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + image: docker.io/drillster/drone-email:latest + resources: + limits: + cpu: 50 + memory: 25M + when: + status: + - changed + - failure + +depends_on: +- latest-manifest + +trigger: + branch: + - master + event: + - cron + - push + repo: + - volker.raschek/gosec-docker diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..b53e68c --- /dev/null +++ b/.editorconfig @@ -0,0 +1,12 @@ +root = true + +[*] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = false + +[Makefile] +indent_style = tab \ No newline at end of file diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..dcd9d00 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +Makefile eol=lf \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..82fbe68 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +# IntelliJ +.idea/ diff --git a/.markdownlint.yaml b/.markdownlint.yaml new file mode 100644 index 0000000..58b704a --- /dev/null +++ b/.markdownlint.yaml @@ -0,0 +1,144 @@ +# markdownlint YAML configuration +# https://github.com/DavidAnson/markdownlint/blob/main/schema/.markdownlint.yaml + +# Default state for all rules +default: true + +# Path to configuration file to extend +extends: null + +# MD003/heading-style/header-style - Heading style +MD003: + # Heading style + style: "atx" + +# MD004/ul-style - Unordered list style +MD004: + style: "dash" + +# MD007/ul-indent - Unordered list indentation +MD007: + # Spaces for indent + indent: 2 + # Whether to indent the first level of the list + start_indented: false + +# MD009/no-trailing-spaces - Trailing spaces +MD009: + # Spaces for line break + br_spaces: 2 + # Allow spaces for empty lines in list items + list_item_empty_lines: false + # Include unnecessary breaks + strict: false + +# MD010/no-hard-tabs - Hard tabs +MD010: + # Include code blocks + code_blocks: true + +# MD012/no-multiple-blanks - Multiple consecutive blank lines +MD012: + # Consecutive blank lines + maximum: 1 + +# MD013/line-length - Line length +MD013: + # Number of characters + line_length: 80 + # Number of characters for headings + heading_line_length: 80 + # Number of characters for code blocks + code_block_line_length: 80 + # Include code blocks + code_blocks: false + # Include tables + tables: false + # Include headings + headings: true + # Include headings + headers: true + # Strict length checking + strict: false + # Stern length checking + stern: false + +# MD022/blanks-around-headings/blanks-around-headers - Headings should be surrounded by blank lines +MD022: + # Blank lines above heading + lines_above: 1 + # Blank lines below heading + lines_below: 1 + +# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content +MD024: + # Only check sibling headings + allow_different_nesting: true + +# MD025/single-title/single-h1 - Multiple top-level headings in the same document +MD025: + # Heading level + level: 1 + # RegExp for matching title in front matter + front_matter_title: "^\\s*title\\s*[:=]" + +# MD026/no-trailing-punctuation - Trailing punctuation in heading +MD026: + # Punctuation characters + punctuation: ".,;:!。,;:!" + +# MD029/ol-prefix - Ordered list item prefix +MD029: + # List style + style: "one_or_ordered" + +# MD030/list-marker-space - Spaces after list markers +MD030: + # Spaces for single-line unordered list items + ul_single: 1 + # Spaces for single-line ordered list items + ol_single: 1 + # Spaces for multi-line unordered list items + ul_multi: 1 + # Spaces for multi-line ordered list items + ol_multi: 1 + +# MD033/no-inline-html - Inline HTML +MD033: + # Allowed elements + allowed_elements: [] + +# MD035/hr-style - Horizontal rule style +MD035: + # Horizontal rule style + style: "---" + +# MD036/no-emphasis-as-heading/no-emphasis-as-header - Emphasis used instead of a heading +MD036: + # Punctuation characters + punctuation: ".,;:!?。,;:!?" + +# MD041/first-line-heading/first-line-h1 - First line in a file should be a top-level heading +MD041: + # Heading level + level: 1 + # RegExp for matching title in front matter + front_matter_title: "^\\s*title\\s*[:=]" + +# MD044/proper-names - Proper names should have the correct capitalization +MD044: + # List of proper names + names: + - helm + # Include code blocks + code_blocks: false + +# MD046/code-block-style - Code block style +MD046: + # Block style + style: "fenced" + +# MD048/code-fence-style - Code fence style +MD048: + # Code fence syle + style: "backtick" \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..b31db55 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,14 @@ +FROM docker.io/library/golang:1.17.5-alpine AS build + +ARG GOSEC_VERSION + +RUN apk update && \ + apk upgrade && \ + apk add git make + +RUN if [ ! -z "${GOSEC_VERSION}" ]; then set -ex; go install github.com/securego/gosec/v2/cmd/gosec@${GOSEC_VERSION}; fi +RUN if [ -z "${GOSEC_VERSION}" ]; then set -ex; go install github.com/securego/gosec/v2/cmd/gosec@latest; fi + +FROM docker.io/library/alpine:3.15.0 +COPY --from=build /go/bin/gosec /usr/bin/gosec +ENTRYPOINT [ "/usr/bin/gosec" ] \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..9ce8f76 --- /dev/null +++ b/LICENSE @@ -0,0 +1,13 @@ +Copyright 2022 Markus Pesch + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..4770487 --- /dev/null +++ b/Makefile @@ -0,0 +1,52 @@ +# GOSEC_VERSION +# Only required to install a specifiy version +GOSEC_VERSION?=v2.9.4 # renovate: datasource=github-releases depName=gosec lookupName=gsecurego/gosec versioning=semver + +# CONTAINER_RUNTIME +# The CONTAINER_RUNTIME variable will be used to specified the path to a +# container runtime. This is needed to start and run a container image. +CONTAINER_RUNTIME?=$(shell which docker) + +# HELM_IMAGE_REGISTRY_NAME +# Defines the name of the new container to be built using several variables. +HELM_IMAGE_REGISTRY_NAME:=docker.io +HELM_IMAGE_REGISTRY_USER:=volkerraschek + +HELM_IMAGE_NAMESPACE?=${HELM_IMAGE_REGISTRY_USER} +HELM_IMAGE_NAME:=gosec +HELM_IMAGE_VERSION?=latest +HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_NAME}/${HELM_IMAGE_NAMESPACE}/${HELM_IMAGE_NAME}:${HELM_IMAGE_VERSION} +HELM_IMAGE_UNQUALIFIED=${HELM_IMAGE_NAMESPACE}/${HELM_IMAGE_NAME}:${HELM_IMAGE_VERSION} + +# BUILD CONTAINER IMAGE +# ============================================================================== +PHONY:=container-image/build +container-image/build: + ${CONTAINER_RUNTIME} build \ + --build-arg GOSEC_VERSION=${GOSEC_VERSION} \ + --file Dockerfile \ + --no-cache \ + --pull \ + --tag ${HELM_IMAGE_FULLY_QUALIFIED} \ + --tag ${HELM_IMAGE_UNQUALIFIED} \ + . + +# DELETE CONTAINER IMAGE +# ============================================================================== +PHONY:=container-image/delete +container-image/delete: + - ${CONTAINER_RUNTIME} image rm ${HELM_IMAGE_FULLY_QUALIFIED} ${HELM_IMAGE_UNQUALIFIED} + - ${CONTAINER_RUNTIME} image rm ${BASE_IMAGE_FULL} + +# PUSH CONTAINER IMAGE +# ============================================================================== +PHONY+=container-image/push +container-image/push: + echo ${HELM_IMAGE_REGISTRY_PASSWORD} | ${CONTAINER_RUNTIME} login ${HELM_IMAGE_REGISTRY_NAME} --username ${HELM_IMAGE_REGISTRY_USER} --password-stdin + ${CONTAINER_RUNTIME} push ${HELM_IMAGE_FULLY_QUALIFIED} + +# PHONY +# ============================================================================== +# Declare the contents of the PHONY variable as phony. We keep that information +# in a variable so we can use it in if_changed. +.PHONY: ${PHONY} \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..96f5da9 --- /dev/null +++ b/README.md @@ -0,0 +1,35 @@ +# gosec-docker + +[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/gosec-docker/status.svg)](https://drone.cryptic.systems/volker.raschek/gosec-docker) +[![Docker Pulls](https://img.shields.io/docker/pulls/volkerraschek/gosec)](https://hub.docker.com/r/volkerraschek/gosec) + +This project contains all sources to build the container image +`docker.io/volkerraschek/gosec`. The primary goal of this project is to package +the binary `gosec` as container image to provide the functionally for CI/CD +workflows. The source code of the binary can be found in the upstream project of +[gosec](github.com/securego/gosec). + +## drone + +Here is an example how to use `docker.io/volkerraschek/gosec` to scan for +vulerabilities. + +```yaml +kind: pipeline +type: kubernetes +name: vulnerability-scan + +platform: + os: linux + arch: amd64 + +steps: +- name: gosec + commands: + - gosec -v ./... + image: docker.io/volkerraschek/gosec:latest + resources: + limits: + cpu: 250 + memory: 500M +``` diff --git a/manifest.alpine.tmpl b/manifest.alpine.tmpl new file mode 100644 index 0000000..259287b --- /dev/null +++ b/manifest.alpine.tmpl @@ -0,0 +1,26 @@ +image: volkerraschek/helm:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}} +{{#if build.tags}} +tags: +{{#each build.tags}} + - {{this}} +{{/each}} + - "latest" +{{/if}} +manifests: + - + image: volkerraschek/helm:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-amd64 + platform: + architecture: amd64 + os: linux + - + image: volkerraschek/helm:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-arm-v7 + platform: + architecture: arm + os: linux + variant: v7 + - + image: volkerraschek/helm:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-arm64-v8 + platform: + architecture: arm64 + os: linux + variant: v8 \ No newline at end of file diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..562005e --- /dev/null +++ b/renovate.json @@ -0,0 +1,34 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "assignees": [ "volker.raschek" ], + "automergeStrategy": "merge-commit", + "automergeType": "pr", + "labels": [ "renovate" ], + "packageRules": [ + { + "addLabels": [ "renovate/droneci", "renovate/automerge" ], + "automerge": true, + "matchManagers": "droneci", + "matchUpdateTypes": [ "minor", "patch"] + }, + { + "addLabels": [ "renovate/gosec", "renovate/automerge" ], + "automerge": false, + "matchPackageNames": [ "gosec" ], + "matchManagers": [ "regex" ] + } + ], + "rebaseLabel": "renovate/rebase", + "rebaseWhen": "behind-base-branch", + "regexManagers": [ + { + "description": "Update version", + "fileMatch": [ + "^Makefile$" + ], + "matchStrings": [ + "GOSEC_VERSION\\?=(?.*) # renovate: datasource=(?.*) depName=(?.*) (lookupName=(?.*))? (versioning=(?.*))?" + ] + } + ] +}