Notes on renovateBot with helm

renovatebot_with_helm.md

Setting up Self Hosted RenovateBot via GitHub Actions

There's enough little things necessary here, that you may forget one or two, so I've documented all the files you need to create/change to get RenovateBot automatically creating PRs for your helm chart. This flow uses the renovatebot/github-action.

Example .github/config.js

Set the repositories to your own repo. In this case, jessebot/vaultwarden references github.com/jessebot/vaultwarden.

The regexManagers bumps the Chart.yaml appVersion, based on the command in the Chart.yaml below. See docs.

The postUpgradeTasks makes sure to bump to the Chart.yaml version field. See renovatebot/renovate #8231.

module.exports = {
  branchPrefix: 'test-renovate/',
  username: 'renovate-release',
  gitAuthor: 'Renovate Bot <[email protected]>',
  platform: 'github',
  includeForks: true,
  dryRun: null,
  repositories: ['jessebot/vaultwarden'],
    extends: ['config:base'],
    allowPostUpgradeCommandTemplating: true,
    allowedPostUpgradeCommands: ['^.*'],
    regexManagers: [
        {
            fileMatch: ['(^|/)Chart\\.yaml$'],
            matchStrings: [
                '#\\s?renovate: image=(?<depName>.*?)\\s?appVersion:\\s?\\"?(?<currentValue>[\\w+\\.\\-]*)',
            ],
            datasourceTemplate: 'docker',
        },
    ],
    packageRules: [
        {
            matchManagers: ['helm-requirements', 'helm-values', 'regex'],
            postUpgradeTasks: {
                commands: [
                  `version=$(grep '^version:' {{{parentDir}}}/Chart.yaml | awk '{print $2}')
                  major=$(echo $version | cut -d. -f1)
                  minor=$(echo $version | cut -d. -f2)
                  patch=$(echo $version | cut -d. -f3)
                  minor=$(expr $minor + 1)
                  echo "Replacing $version with $major.$minor.$patch"
                  sed -i "s/^version:.*/version: $\{major\}.$\{minor\}.$\{patch\}/g" {{{parentDir}}}/Chart.yaml
                  cat {{{parentDir}}}/Chart.yaml
                  `,
                ],
            },
            fileFilters: ['**/Chart.yaml'],
            executionMode: 'branch',
        },
    ],
};

Example Chart.yaml

Notice the comment with # renovate: image:vaultwarden/server. This makes sure to update the appVersion to the latest docker image tag for vaultwarden/server.

apiVersion: v2
name: vaultwarden
description: vaultwarden is an unofficial Bitwarden-compatible server written in Rust
keywords:
  - Rust
  - vaultwarden
sources:
  - https://github.com/guerzon/vaultwarden
  - https://github.com/dani-garcia/vaultwarden

# renovate: image:vaultwarden/server
appVersion: 1.29.1
maintainers:
  # Lester Guerzon
  - name: guerzon
    email: [email protected]
    url: https://github.com/guerzon
  - name: jessebot
    email: [email protected]
    url: https://github.com/jessebot
version: 0.14.1

Example .github/workflows/renovatebot.yml

Note: for any of this to work, you must generate a personal access token, and add it your GitHub Actions repository Secrets, under: Settings > Security > Secrets and Variables > Actions > Repository Secrets

name: Renovate - check for dependency updates
on:
  schedule:
    # The "*" (#42, asterisk) character has special semantics in YAML, so this
    # string has to be quoted.
    - cron: '1 * * * *'
jobs:
  renovate:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Self-hosted Renovate
        uses: renovatebot/[email protected]
        with:
          token: ${{ secrets.RENOVATE_TOKEN }}
          configurationFile: .github/config.js

@cloudymax you may find this useful