From 728127b730a99326e88ec7b0f77d221d81d55e0f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= <mail@jkroepke.de>
Date: Sat, 18 Jan 2025 00:04:07 +0100
Subject: [PATCH] [ci] add github workflow to the bump version of an Chart
 version
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
---
 .../renovate-bump-chart-version.yaml          | 92 +++++++++++++++++++
 renovate.json                                 | 75 ++++++++++-----
 2 files changed, 144 insertions(+), 23 deletions(-)
 create mode 100644 .github/workflows/renovate-bump-chart-version.yaml

diff --git a/.github/workflows/renovate-bump-chart-version.yaml b/.github/workflows/renovate-bump-chart-version.yaml
new file mode 100644
index 000000000000..1c6edc8476e4
--- /dev/null
+++ b/.github/workflows/renovate-bump-chart-version.yaml
@@ -0,0 +1,92 @@
+name: Renovate Bump Chart Version
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'charts/**/*'
+
+jobs:
+  renovate-bump-chart-version:
+    name: Renovate Bump Chart Version
+    runs-on: ubuntu-latest
+    if: github.actor == 'renovate[bot]'
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@v2.6.1
+
+      - name: Detect changed charts
+        id: list-changed
+        run: |
+          changed="$(ct list-changed --config .github/linters/ct.yaml)"
+          if [[ -n "$changed" ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+            echo "changed_list=\"${changed//$'\n'/ }\"" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Bump chart version
+        if: steps.list-changed.outputs.changed == 'true'
+        env:
+          CHART: ${{ steps.list-changed.outputs.changed_list }}
+        run: |
+          if [[ $CHANGED_LIST == *" "* ]]; then
+            echo "Multiple charts changed, skipping bumping chart version"
+            exit 0
+          fi
+
+          CHART_VERSION=$(grep -e "^version:" "$CHART/Chart.yaml" | cut -d ":" -f 2 | tr -d '[:space:]' | tr -d '"')
+          CHART_MAJOR_VERSION=$(printf '%s' "$CHART_VERSION" | cut -d "." -f 1)
+          CHART_MINOR_VERSION=$(printf '%s' "$CHART_VERSION" | cut -d "." -f 2)
+          CHART_MINOR_VERSION=$((CHART_MINOR_VERSION+1))
+          CHART_NEW_VERSION="${CHART_MAJOR_VERSION}.${CHART_MINOR_VERSION}.0"
+          sed -i "s/^version:.*/version: \"${CHART_NEW_VERSION}\"/" "$CHART/Chart.yaml"
+
+      - name: Commit changes
+        if: steps.list-changed.outputs.changed == 'true'
+        env:
+          CHART: ${{ steps.list-changed.outputs.changed_list }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          curl https://api.github.com/graphql -f \
+               -sSf -H "Authorization: Bearer $GITHUB_TOKEN" \
+               --data @- <<GRAPHQL | jq
+          {
+            "query": "mutation (\$input: CreateCommitOnBranchInput!) {
+              createCommitOnBranch(input: \$input) { 
+                commit { 
+                  url 
+                } 
+              } 
+            }",
+            "variables": {
+              "input": {
+                "branch": {
+                  "repositoryNameWithOwner": "${{ github.repository }}",
+                  "branchName": "${{ github.ref_name }}"
+                },
+                "message": { "headline": "Update Chart.yaml" },
+                "fileChanges": {
+                  "additions": [
+                    {
+                      "path": "$CHART/Chart.yaml",
+                      "contents": "$(base64 -w 0 <"$CHART/Chart.yaml")"
+                    }
+                  ]
+                },
+                "expectedHeadOid": "${{ github.sha }}"
+              }
+            }
+          }
+          GRAPHQL
diff --git a/renovate.json b/renovate.json
index 8f6f4cb08c42..6feeaedd3481 100644
--- a/renovate.json
+++ b/renovate.json
@@ -1,49 +1,78 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "extends": [
-    "config:recommended"
+    "config:recommended",
+    "helpers:pinGitHubActionDigestsToSemver"
   ],
   "dependencyDashboardApproval": true,
-  "packageRules": [
+  "customManagers": [
     {
-      "matchPackagePatterns": [
-        "*"
+      "customType": "regex",
+      "fileMatch": [
+        "(^|/).+\\.(py|yaml)$"
       ],
-      "matchPaths": [
-        ".github/workflows/**"
+      "matchStrings": [
+        "\\s*#\\s?renovate: (?<datasource>.*?)=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\s+[\\w+\\.\\-]+(?:[:=]|\\s+\\S+)\\s*[\\\"']?(?<currentValue>[\\w+\\.\\-]*)(?:@(?<currentDigest>sha256:[a-f0-9]+))?[\\\"']?"
       ],
-      "commitMessagePrefix": "[CI] ",
-      "groupName": "github-workflow dependency updates"
+      "datasourceTemplate": "{{#if (equals datasource 'github')}}github-tags{{else}}{{{datasource}}}{{/if}}",
+      "versioningTemplate": "{{#if (equals datasource 'docker')}}docker{{else if versioning}}{{{versioning}}}{{else}}semver{{/if}}"
+    },
+    {
+      "customType": "regex",
+      "fileMatch": [
+        "(^|/).+\\.yaml$"
+      ],
+      "matchStrings": [
+        "\\s*image:\\s+registry:\\s*[\\\"']?(?<registry>.*?)[\\\"']?\\s+name:\\s*[\\\"']?(?<repository>.*?)[\\\"']?\\s+tag:\\s*[\\\"']?(?<currentValue>[\\w+\\.\\-]*)(?:@(?<currentDigest>sha256:[a-f0-9]+))?[\\\"']?"
+      ],
+      "depNameTemplate": "{{{ registry }}}/{{{ repository }}}",
+      "datasourceTemplate": "docker"
+    },
+    {
+      "customType": "regex",
+      "fileMatch": [
+        "(^|/).+\\.yaml$"
+      ],
+      "matchStrings": [
+        "\\s*image:\\s+[\\\"']?(?<registry>.+\\..+?)\\/(?<repository>.*?):(?<currentValue>[\\w+\\.\\-]*)(?:@(?<currentDigest>sha256:[a-f0-9]+))?[\\\"']?"
+      ],
+      "depNameTemplate": "{{{ registry }}}/{{{ repository }}}",
+      "datasourceTemplate": "docker"
+    }
+  ],
+  "packageRules": [
+    {
+      "enabled": false,
+      "matchPackageNames": [
+        "*"
+      ]
     },
     {
+      "enabled": true,
       "matchPackagePatterns": [
         "*"
       ],
       "matchPaths": [
-        "charts/kube-prometheus-stack/**"
-      ],
-      "matchUpdateTypes": [
-        "major"
+        ".github/workflows/**"
       ],
-      "commitMessagePrefix": "[kube-prometheus-stack] ",
-      "groupName": "kube-prometheus-stack dependency major updates"
+      "commitMessagePrefix": "[CI] ",
+      "groupName": "github-workflow dependency updates"
     },
     {
+      "enabled": true,
       "matchPackagePatterns": [
         "*"
       ],
       "matchPaths": [
         "charts/kube-prometheus-stack/**"
       ],
-      "matchUpdateTypes": [
-        "minor",
-        "patch",
-        "digest",
-        "pin",
-        "pinDigest"
-      ],
-      "commitMessagePrefix": "[kube-prometheus-stack] ",
-      "groupName": "kube-prometheus-stack dependency non-major updates"
+      "commitMessagePrefix": "[{{ lookup (split packageFileDir '/') 1 }}] ",
+      "groupName": "{{ lookup (split packageFileDir '/') 1 }} dependency non-major updates",
+      "separateMajorMinor": true,
+      "postUpdateOptions": "helmUpdateSubChartArchives",
+      "major": {
+        "groupName": "{{ lookup (split packageFileDir '/') 1 }} dependency major updates"
+      }
     }
   ]
 }