commit f83d91d9917cb0075624f5aceb89f13320511cca Author: Markus Pesch Date: Thu Oct 28 19:41:17 2021 +0200 Initial Commit diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..b90b6f4 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,103 @@ +--- +kind: pipeline +type: kubernetes +name: linter + +platform: + os: linux + arch: amd64 + +steps: +- name: helm lint + commands: + - helm lint + image: quay.io/helmpack/chart-testing:latest + resources: + limits: + cpu: 50 + memory: 50M + +- name: markdown lint + commands: + - markdownlint *.md + image: docker.io/volkerraschek/markdownlint:0.28.1 + resources: + limits: + cpu: 50 + memory: 50M + +- name: email-notification + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + image: docker.io/drillster/drone-email:latest + resources: + limits: + cpu: 50 + memory: 25M + when: + status: + - changed + - failure + +trigger: + event: + exclude: + - tag + +--- +kind: pipeline +type: kubernetes +name: sync + +platform: + os: linux + arch: amd64 + +steps: +- name: github + image: docker.io/appleboy/drone-git-push:latest + resources: + limits: + cpu: 50 + memory: 25M + settings: + branch: master + remote: ssh://git@github.com/volker-raschek/renovate-charts.git + force: true + ssh_key: + from_secret: ssh_key + +- name: email-notification + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + image: docker.io/drillster/drone-email:latest + resources: + limits: + cpu: 50 + memory: 25M + when: + status: + - changed + - failure + +trigger: + branch: + - master + event: + - push + repo: + - volker.raschek/renovate-charts diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..1166a4a --- /dev/null +++ b/.editorconfig @@ -0,0 +1,12 @@ +# EditorConfig is awesome: https://EditorConfig.org + +# top-most EditorConfig file +root = true + +[*] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = false \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..cdcaed9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +*.tgz +values2.yml +values2.yaml \ No newline at end of file diff --git a/.helmignore b/.helmignore new file mode 100644 index 0000000..9ef5400 --- /dev/null +++ b/.helmignore @@ -0,0 +1,30 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# drone +.drone.yml +# markdownlint +.markdownlint.yaml +# customized values +values2.yml +values2.yaml \ No newline at end of file diff --git a/.markdownlint.yaml b/.markdownlint.yaml new file mode 100644 index 0000000..c158976 --- /dev/null +++ b/.markdownlint.yaml @@ -0,0 +1,144 @@ +# markdownlint YAML configuration +# https://github.com/DavidAnson/markdownlint/blob/main/schema/.markdownlint.yaml + +# Default state for all rules +default: true + +# Path to configuration file to extend +extends: null + +# MD003/heading-style/header-style - Heading style +MD003: + # Heading style + style: "atx" + +# MD004/ul-style - Unordered list style +MD004: + style: "dash" + +# MD007/ul-indent - Unordered list indentation +MD007: + # Spaces for indent + indent: 2 + # Whether to indent the first level of the list + start_indented: false + +# MD009/no-trailing-spaces - Trailing spaces +MD009: + # Spaces for line break + br_spaces: 2 + # Allow spaces for empty lines in list items + list_item_empty_lines: false + # Include unnecessary breaks + strict: false + +# MD010/no-hard-tabs - Hard tabs +MD010: + # Include code blocks + code_blocks: true + +# MD012/no-multiple-blanks - Multiple consecutive blank lines +MD012: + # Consecutive blank lines + maximum: 1 + +# MD013/line-length - Line length +MD013: + # Number of characters + line_length: 80 + # Number of characters for headings + heading_line_length: 80 + # Number of characters for code blocks + code_block_line_length: 80 + # Include code blocks + code_blocks: false + # Include tables + tables: false + # Include headings + headings: true + # Include headings + headers: true + # Strict length checking + strict: false + # Stern length checking + stern: false + +# MD022/blanks-around-headings/blanks-around-headers - Headings should be surrounded by blank lines +MD022: + # Blank lines above heading + lines_above: 1 + # Blank lines below heading + lines_below: 1 + +# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content +MD024: + # Only check sibling headings + allow_different_nesting: true + +# MD025/single-title/single-h1 - Multiple top-level headings in the same document +MD025: + # Heading level + level: 1 + # RegExp for matching title in front matter + front_matter_title: "^\\s*title\\s*[:=]" + +# MD026/no-trailing-punctuation - Trailing punctuation in heading +MD026: + # Punctuation characters + punctuation: ".,;:!。,;:!" + +# MD029/ol-prefix - Ordered list item prefix +MD029: + # List style + style: "one_or_ordered" + +# MD030/list-marker-space - Spaces after list markers +MD030: + # Spaces for single-line unordered list items + ul_single: 1 + # Spaces for single-line ordered list items + ol_single: 1 + # Spaces for multi-line unordered list items + ul_multi: 1 + # Spaces for multi-line ordered list items + ol_multi: 1 + +# MD033/no-inline-html - Inline HTML +MD033: + # Allowed elements + allowed_elements: [] + +# MD035/hr-style - Horizontal rule style +MD035: + # Horizontal rule style + style: "---" + +# MD036/no-emphasis-as-heading/no-emphasis-as-header - Emphasis used instead of a heading +MD036: + # Punctuation characters + punctuation: ".,;:!?。,;:!?" + +# MD041/first-line-heading/first-line-h1 - First line in a file should be a top-level heading +MD041: + # Heading level + level: 1 + # RegExp for matching title in front matter + front_matter_title: "^\\s*title\\s*[:=]" + +# MD044/proper-names - Proper names should have the correct capitalization +MD044: + # List of proper names + # names: + # - drone + # Include code blocks + code_blocks: false + +# MD046/code-block-style - Code block style +MD046: + # Block style + style: "fenced" + +# MD048/code-fence-style - Code fence style +MD048: + # Code fence syle + style: "backtick" \ No newline at end of file diff --git a/Chart.yaml b/Chart.yaml new file mode 100644 index 0000000..bbf2b99 --- /dev/null +++ b/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: renovate +description: Helm chart for renovate bot +type: application +version: 0.1.0 +appVersion: 28.14.0-slim +icon: https://avatars3.githubusercontent.com/u/38656520?s=400&v=4 + +keywords: +- renovate +- github +- gitlab +- gitea +- ci/cd +- bot + +sources: +- https://github.com/renovatebot/renovate +- https://hub.docker.com/r/renovate/renovate +- https://git.cryptic.systems/volker.raschek/renovate-charts + +maintainers: +- name: Markus Pesch + email: markus.pesch+apps@cryptic.systems diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..bf58594 --- /dev/null +++ b/LICENSE @@ -0,0 +1,13 @@ +Copyright 2021 Markus Pesch + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..52364fb --- /dev/null +++ b/README.md @@ -0,0 +1,23 @@ +# renovate-charts + +[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/renovate-charts/status.svg)](https://drone.cryptic.systems/volker.raschek/renovate-charts) +[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/volker-raschek)](https://artifacthub.io/packages/search?repo=volker-raschek) + +This is an inofficial helm chart for +[renovate](https://github.com/renovatebot/renovate/). Goal of this chart is to +be more lightweight than the official one. + +This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and +can be installed via helm. + +```bash +helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek +helm install drone volker.raschek/renovate +``` + +## Customization + +All [configuration +options](https://docs.drone.io/runner/kubernetes/configuration/reference/) can +be defined in the `values.yml` file below the `config` section. Alternatively +can be the options passed via the `--set` flag of the `helm install` command. diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl new file mode 100644 index 0000000..d301608 --- /dev/null +++ b/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "renovate.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "renovate.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "renovate.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "renovate.labels" -}} +helm.sh/chart: {{ include "renovate.chart" . }} +{{ include "renovate.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "renovate.selectorLabels" -}} +app.kubernetes.io/name: {{ include "renovate.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "renovate.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "renovate.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/templates/configmap.yaml b/templates/configmap.yaml new file mode 100644 index 0000000..e026ea2 --- /dev/null +++ b/templates/configmap.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "renovate.fullname" . }}-env + labels: + {{- include "renovate.labels" . | nindent 4 }} +data: + + {{- if not (hasKey .Values.renovate "env") -}} + {{- $_ := set .Values "env" dict -}} + {{- end -}} + + {{/* SETUP CONFIG */}} + {{ range $key, $value := .Values.renovate.env }} + {{ upper $key}}: {{ quote $value }} + {{ end }} \ No newline at end of file diff --git a/templates/cronjob.yaml b/templates/cronjob.yaml new file mode 100644 index 0000000..97877e9 --- /dev/null +++ b/templates/cronjob.yaml @@ -0,0 +1,95 @@ +{{- if semverCompare ">=1.21-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: batch/v1 +{{- else -}} +apiVersion: batch/v1beta1 +{{- end }} +kind: CronJob +metadata: + name: {{ include "renovate.fullname" . }} + labels: + {{- include "renovate.labels" . | nindent 4 }} +spec: + schedule: "{{ .Values.cronjob.schedule }}" + {{- with .Values.cronjob.concurrencyPolicy }} + concurrencyPolicy: {{ . }} + {{- end }} + {{- with .Values.cronjob.failedJobsHistoryLimit }} + failedJobsHistoryLimit: {{ . }} + {{- end }} + {{- with .Values.cronjob.successfulJobsHistoryLimit }} + successfulJobsHistoryLimit: {{ . }} + {{- end }} + jobTemplate: + spec: + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 12 }} + {{- end }} + spec: + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 12 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + {{- if or .Values.renovate.env .Values.renovate.secEnv }} + envFrom: + {{- if .Values.renovate.env }} + - configMapRef: + name: {{ include "renovate.fullname" . }}-env + {{- end }} + {{- if .Values.renovate.secEnv }} + - secretRef: + name: {{ include "renovate.fullname" . }}-secret-env + {{- end }} + {{- end }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: + {{- toYaml .Values.resources | nindent 16 }} + securityContext: + {{- toYaml .Values.securityContext | nindent 16 }} + volumeMounts: + {{- if .Values.renovate.appConfig }} + - name: app-config + mountPath: /usr/src/app/config.json + subPath: config.json + {{- end }} + {{- if .Values.renovate.sshConfig.enabled }} + - name: ssh-config + mountPath: /home/ubuntu/.ssh + readOnly: true + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 12 }} + {{- end }} + restartPolicy: Never + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 12 }} + serviceAccountName: {{ include "renovate.serviceAccountName" . }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 12 }} + {{- end }} + volumes: + {{- if .Values.renovate.appConfig }} + - name: app-config + secret: + secretName: {{ include "renovate.fullname" . }}-app-config + {{- end }} + {{- if and .Values.renovate.sshConfig.enabled (not .Values.renovate.sshConfig.existingSecret) }} + - name: ssh-config + secret: + secretName: {{ include "renovate.fullname" . }}-ssh-config + {{- else if and .Values.renovate.sshConfig.enabled .Values.renovate.sshConfig.existingSecret -}} + - name: ssh-config + secret: + secretName: {{ .Values.renovate.sshConfig.existingSecret }} + {{- end -}} \ No newline at end of file diff --git a/templates/secrets.yaml b/templates/secrets.yaml new file mode 100644 index 0000000..03b60c4 --- /dev/null +++ b/templates/secrets.yaml @@ -0,0 +1,55 @@ +{{- if .Values.renovate.secEnv }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "renovate.fullname" . }}-secret-env + labels: + {{- include "renovate.labels" . | nindent 4 }} +type: Opaque +stringData: + + {{- if not (hasKey .Values.renovate "secEnv") -}} + {{- $_ := set .Values "secEnv" dict -}} + {{- end -}} + + {{/* SETUP CONFIG */}} + {{ range $key, $value := .Values.renovate.secEnv }} + {{ upper $key}}: {{ quote $value }} + {{ end }} +{{- end }} + +{{- if .Values.renovate.appConfig }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "renovate.fullname" . }}-app-config + labels: + {{- include "renovate.labels" . | nindent 4 }} +type: Opaque +stringData: + config.json: {{ .Values.renovate.appConfig | quote }} +{{- end }} + +{{- if .Values.renovate.sshConfig.enabled }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "renovate.fullname" . }}-ssh-config + labels: + {{- include "renovate.labels" . | nindent 4 }} +type: Opaque +stringData: + + {{- if and .Values.renovate.sshConfig.id_rsa .Values.renovate.sshConfig.id_rsa_pub }} + id_rsa: {{ .Values.renovate.sshConfig.id_rsa | quote }} + id_rsa.pub: {{ .Values.renovate.sshConfig.id_rsa_pub | quote }} + {{- end }} + + {{- if and .Values.renovate.sshConfig.id_ed25519 .Values.renovate.sshConfig.id_ed25519_pub }} + id_ed25519: {{ .Values.renovate.sshConfig.id_ed25519 | quote }} + id_ed25519.pub: {{ .Values.renovate.sshConfig.id_ed25519_pub | quote }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/templates/serviceaccount.yaml b/templates/serviceaccount.yaml new file mode 100644 index 0000000..e7ce2d3 --- /dev/null +++ b/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "renovate.serviceAccountName" . }} + labels: + {{- include "renovate.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/values.yaml b/values.yaml new file mode 100644 index 0000000..ebccdfe --- /dev/null +++ b/values.yaml @@ -0,0 +1,103 @@ +# Default values for renovate. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: docker.io/renovate/renovate + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +cronjob: + # At 01:00 every day + schedule: '*/5 * * * *' + concurrencyPolicy: '' + failedJobsHistoryLimit: '' + successfulJobsHistoryLimit: '' + +renovate: + env: {} + # LOG_LEVEL + # Define the log level of renovate + # LOG_LEVEL: "" + + # RENOVATE_AUTODISCOVER + # You can set RENOVATE_AUTODISCOVER to true to run Renovate on all repos you + # have push access to. Alternatively can this property also be defined via + # config.json file. + # https://docs.renovatebot.com/self-hosted-configuration/#autodiscover + + # RENOVATE_ENDPOINT + # Custom endpoint. Mostly path to the API of the SCM software. Alternatively + # can this property also be defined via config.json file. + # https://docs.renovatebot.com/self-hosted-configuration/#endpoint + # RENOVATE_ENDPOINT: "" + + # RENOVATE_GIT_AUTHOR + # Name and email adress for the renovate bot. Alternatively can this + # property also be defined via config.json file. + # RENOVATE_GIT_AUTHOR: "Firstname Lastname