Merge branch 'main' into feat/merge-onboarding-into-base

renovatebot · May 13, 2023 · 46b0454 · 46b0454
2 parents 90af567 + 0e27bd1
commit 46b0454
Show file tree

Hide file tree

Showing 147 changed files with 3,780 additions and 1,376 deletions.
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -19,7 +19,8 @@
         "dbaeumer.vscode-eslint",
         "esbenp.prettier-vscode",
         "orta.vscode-jest",
-        "EditorConfig.editorconfig"
+        "editorconfig.editorconfig",
+        "github.vscode-github-actions"
       ]
     }
   },

diff --git a/.github/label-actions.yml b/.github/label-actions.yml
@@ -178,6 +178,26 @@
 
     The Renovate team
 
+'pr:discussion-first':
+  comment: >
+    **Please create a GitHub Discussion before continuing with this PR.**
+
+
+    Thank you for your PR, but we need to discuss the requirements and implementation first.
+    This PR will be closed, but you can reopen it after the discussion has been resolved.
+
+
+    Thanks, The Renovate team
+  close: true
+
+'needs-details':
+  comment: >
+    Hi there,
+
+
+    This discussion is missing some details, making it difficult or impossible to help you.
+    Please try again to provide more details.
+
 'needs-discussion':
   unlabel:
     - 'type:bug'

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -30,7 +30,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v2.3.2
+        uses: github/codeql-action/init@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v2.3.3
         with:
           languages: javascript
 
@@ -40,7 +40,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v2.3.2
+        uses: github/codeql-action/autobuild@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v2.3.3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -54,4 +54,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v2.3.2
+        uses: github/codeql-action/analyze@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v2.3.3
diff --git a/.vscode/extensions.json b/.vscode/extensions.json
@@ -3,6 +3,7 @@
     "dbaeumer.vscode-eslint",
     "esbenp.prettier-vscode",
     "orta.vscode-jest",
-    "EditorConfig.editorconfig"
+    "editorconfig.editorconfig",
+    "github.vscode-github-actions"
   ]
 }
diff --git a/docs/usage/.pages b/docs/usage/.pages
@@ -6,6 +6,7 @@ nav:
       - 'Self-hosted': 'self-hosted-configuration.md'
       - 'Repository': 'configuration-options.md'
       - 'Presets': 'config-presets.md'
+      - 'Validation': 'config-validation.md'
   - ... | key-concepts
   - ... | modules
   - Language Support:

diff --git a/docs/usage/config-validation.md b/docs/usage/config-validation.md
@@ -0,0 +1,22 @@
+---
+title: Config Validation
+description: How to validate Renovate's configuration.
+---
+
+# Config Validation
+
+All [`renovate` distributions](getting-started/running.md#available-distributions) contain a standalone validator program (`renovate-config-validator`) that can be used to validate Renovate's configuration.
+
+The validator program checks files passed as CLI arguments.
+If no argument is given, all [default locations](configuration-options.md) (if files exist) and the `RENOVATE_CONFIG_FILE` environment variable are checked.
+
+```console
+$ npm install --global renovate
+added 750 packages, and audited 751 packages in 51s
+$ renovate-config-validator
+INFO: Validating renovate.json
+INFO: Config validated successfully
+```
+
+You can configure a [pre-commit](https://pre-commit.com) hook to validate your configuration automatically.
+Please check out the [`renovatebot/pre-commit-hooks` repository](https://github.com/renovatebot/pre-commit-hooks) for more information.
diff --git a/docs/usage/configuration-options.md b/docs/usage/configuration-options.md
@@ -932,7 +932,7 @@ At other times, the possible files is too vague for Renovate to have any default
 For default, Kubernetes manifests can exist in any `*.yaml` file and we don't want Renovate to parse every single YAML file in every repository just in case some of them have a Kubernetes manifest, so Renovate's default `fileMatch` for manager `kubernetes` is actually empty (`[]`) and needs the user to tell Renovate what directories/files to look in.
 
 Finally, there are cases where Renovate's default `fileMatch` is good, but you may be using file patterns that a bot couldn't possibly guess about.
-For example, Renovate's default `fileMatch` for `Dockerfile` is `['(^|/|\\.)Dockerfile$', '(^|/)Dockerfile[^/]*$']`.
+For example, Renovate's default `fileMatch` for `Dockerfile` is `['(^|/|\\.)([Dd]ocker|[Cc]ontainer)file$', '(^|/)([Dd]ocker|[Cc]ontainer)file[^/]*$']`.
 This will catch files like `backend/Dockerfile`, `prefix.Dockerfile` or `Dockerfile-suffix`, but it will miss files like `ACTUALLY_A_DOCKERFILE.template`.
 Because `fileMatch` is mergeable, you don't need to duplicate the defaults and could just add the missing file like this:
 
@@ -2853,14 +2853,14 @@ Typically you shouldn't need to modify this setting.
 
 Use `regexManagers` entries to configure the `regex` manager in Renovate.
 
-You can define custom managers for cases such as:
+You can define custom managers to handle:
 
 - Proprietary file formats or conventions
 - Popular file formats not yet supported as a manager by Renovate
 
 The custom manager concept is based on using Regular Expression named capture groups.
 
-You must have a named capture group matching (e.g. `(?<depName>.*)`) _or_ configure it's corresponding template (e.g. `depNameTemplate`) for these fields:
+You must have a named capture group matching (e.g. `(?<depName>.*)`) _or_ configure its corresponding template (e.g. `depNameTemplate`) for these fields:
 
 - `datasource`
 - `depName`
@@ -2875,6 +2875,10 @@ If the `versioning` field is missing, then Renovate defaults to using `semver` v
 For more details and examples, see our [documentation for the `regex` manager](/modules/manager/regex/).
 For template fields, use the triple brace `{{{ }}}` notation to avoid Handlebars escaping any special characters.
 
+<!-- prettier-ignore -->
+!!! tip
+    Look at our [Regex Manager Presets](https://docs.renovatebot.com/presets-regexManagers/), they may have what you need.
+
 ### matchStrings
 
 `matchStrings` should each be a valid regular expression, optionally with named capture groups.
@@ -3136,6 +3140,7 @@ This feature works with the following managers:
 - [`kubernetes`](/modules/manager/kubernetes)
 - [`ansible`](/modules/manager/ansible)
 - [`droneci`](/modules/manager/droneci)
+- [`terraform`](/modules/manager/terraform)
 
 ## registryUrls
 

diff --git a/docs/usage/configuration-templates.md b/docs/usage/configuration-templates.md
@@ -14,8 +14,8 @@ If you change the `branchPrefix` while you have ignored some upgrades (closed PR
 
 `branchName` default value is `{{{branchPrefix}}}{{{additionalBranchPrefix}}}{{{branchTopic}}}`.
 
-The most common branch name you will see looks like this: `renovate/react-17.x`.
-In this example, the `branchPrefix` is the default `renovate/`, `additionalBranchPrefix` is empty, and `branchTopic` is `react-17.x`.
+The most common branch name you will see looks like this: `renovate/react-18.x`.
+In this example, the `branchPrefix` is the default `renovate/`, `additionalBranchPrefix` is empty, and `branchTopic` is `react-18.x`.
 
 Most users will be happy with the default `branchPrefix` of `renovate/`, but you can change this if you don't like the default.
 Say you don't want the forward slashes, in that case you would use `renovate-` as your `branchPrefix`.
@@ -47,7 +47,7 @@ You may want to edit this.
 If you think your new `commitMessageTopic` is helpful for others, please [open a PR](https://github.com/renovatebot/renovate/pulls).
 
 `commitMessageExtra` refers to the version being updated to.
-e.g. `to v17` for a major upgrade, or `to v17.0.2` for a patch update.
+e.g. `to v18` for a major upgrade, or `to v18.0.2` for a patch update.
 It can be empty in some cases, like if the action/topic doesn't change a package version, e.g. `Pin Docker digests`.
 
 `commitMessageSuffix` defaults to empty but is currently used in two cases:

diff --git a/docs/usage/docker.md b/docs/usage/docker.md
@@ -388,7 +388,7 @@ To get access to the token a custom Renovate Docker image is needed that include
 The Dockerfile to create such an image can look like this:
 
 ```Dockerfile
-FROM renovate/renovate:35.66.3
+FROM renovate/renovate:35.73.0
 # Include the "Docker tip" which you can find here https://cloud.google.com/sdk/docs/install
 # under "Installation" for "Debian/Ubuntu"
 RUN ...

diff --git a/docs/usage/getting-started/installing-onboarding.md b/docs/usage/getting-started/installing-onboarding.md
@@ -133,15 +133,9 @@ If you want to make config edits directly, follow these steps:
 1. Create a new Git branch to work on
 1. Install or update the `renovate` package globally (`npm i -g renovate` or `yarn global add renovate`) to get the `renovate-config-validator` program
 1. Edit your Renovate configuration file
-1. Validate your config by running `renovate-config-validator`
+1. [Validate your config](../config-validation.md)
 1. If the improved config passes the validation, merge the branch into your mainline branch
 
-The validator program checks files passed as CLI arguments.
-If no argument is given, all [default locations](../configuration-options.md) (if files exist) and the `RENOVATE_CONFIG_FILE` environment variable are checked.
-
-You can configure a [pre-commit](https://pre-commit.com) hook to validate your configuration automatically.
-Please check out the [`renovatebot/pre-commit-hooks` repository](https://github.com/renovatebot/pre-commit-hooks) for more information.
-
 ### Nuke config and re-onboard
 
 Perhaps you really liked the interactive onboarding PR and want to use it again.

diff --git a/docs/usage/troubleshooting.md b/docs/usage/troubleshooting.md
@@ -64,3 +64,8 @@ If none of these steps have helped you, then create a new discussion post to get
 Please locate the relevant parts of the logs as described earlier before asking for help or posting a bug report.
 Do not expect the Renovate maintainers to read through the full logs when trying to help you, as that takes a lot of time on our part.
 If later it turns out that the full logs are necessary, you will be asked for them then.
+
+## Validating configuration changes
+
+Sometimes you will have to change your Renovate configuration to solve a problem.
+The [`renovate-config-validator` program](config-validation.md) helps validate such configuration changes without commiting them to your repository.
diff --git a/lib/config/index.spec.ts b/lib/config/index.spec.ts
@@ -1,4 +1,5 @@
 import { getConfig } from './defaults';
+import { filterConfig, getManagerConfig, mergeChildConfig } from './index';
 
 jest.mock('../modules/datasource/npm');
 try {
@@ -11,7 +12,7 @@ const defaultConfig = getConfig();
 
 describe('config/index', () => {
   describe('mergeChildConfig(parentConfig, childConfig)', () => {
-    it('merges', async () => {
+    it('merges', () => {
       const parentConfig = { ...defaultConfig };
       const childConfig = {
         foo: 'bar',
@@ -20,30 +21,28 @@ describe('config/index', () => {
           schedule: ['on monday'],
         },
       };
-      const configParser = await import('./index');
-      const config = configParser.mergeChildConfig(parentConfig, childConfig);
+      const config = mergeChildConfig(parentConfig, childConfig);
       expect(config.foo).toBe('bar');
       expect(config.rangeStrategy).toBe('replace');
       expect(config.lockFileMaintenance.schedule).toEqual(['on monday']);
       expect(config.lockFileMaintenance).toMatchSnapshot();
     });
 
-    it('merges packageRules', async () => {
+    it('merges packageRules', () => {
       const parentConfig = { ...defaultConfig };
       Object.assign(parentConfig, {
         packageRules: [{ a: 1 }, { a: 2 }],
       });
       const childConfig = {
         packageRules: [{ a: 3 }, { a: 4 }],
       };
-      const configParser = await import('./index');
-      const config = configParser.mergeChildConfig(parentConfig, childConfig);
+      const config = mergeChildConfig(parentConfig, childConfig);
       expect(config.packageRules.map((rule) => rule.a)).toMatchObject([
         1, 2, 3, 4,
       ]);
     });
 
-    it('merges constraints', async () => {
+    it('merges constraints', () => {
       const parentConfig = { ...defaultConfig };
       Object.assign(parentConfig, {
         constraints: {
@@ -56,8 +55,7 @@ describe('config/index', () => {
           node: '<15',
         },
       };
-      const configParser = await import('./index');
-      const config = configParser.mergeChildConfig(parentConfig, childConfig);
+      const config = mergeChildConfig(parentConfig, childConfig);
       expect(config.constraints).toMatchSnapshot();
       expect(config.constraints.node).toBe('<15');
     });
@@ -75,39 +73,48 @@ describe('config/index', () => {
       expect(config.packageRules).toHaveLength(2);
     });
 
-    it('handles null child packageRules', async () => {
+    it('handles null child packageRules', () => {
       const parentConfig = { ...defaultConfig };
       parentConfig.packageRules = [{ a: 3 }, { a: 4 }];
-      const configParser = await import('./index');
-      const config = configParser.mergeChildConfig(parentConfig, {});
+      const config = mergeChildConfig(parentConfig, {});
       expect(config.packageRules).toHaveLength(2);
     });
 
-    it('handles undefined childConfig', async () => {
+    it('handles undefined childConfig', () => {
       const parentConfig = { ...defaultConfig };
-      const configParser = await import('./index');
-      const config = configParser.mergeChildConfig(parentConfig, undefined);
+      const config = mergeChildConfig(parentConfig, undefined);
       expect(config).toMatchObject(parentConfig);
     });
 
-    it('getManagerConfig()', async () => {
+    it('getManagerConfig()', () => {
       const parentConfig = { ...defaultConfig };
-      const configParser = await import('./index');
-      const config = configParser.getManagerConfig(parentConfig, 'npm');
+      const config = getManagerConfig(parentConfig, 'npm');
       expect(config).toContainEntries([
         ['fileMatch', ['(^|/)package\\.json$']],
         ['rollbackPrs', true],
       ]);
-      expect(
-        configParser.getManagerConfig(parentConfig, 'html')
-      ).toContainEntries([['fileMatch', ['\\.html?$']]]);
+      expect(getManagerConfig(parentConfig, 'html')).toContainEntries([
+        ['fileMatch', ['\\.html?$']],
+      ]);
     });
 
-    it('filterConfig()', async () => {
+    it('filterConfig()', () => {
       const parentConfig = { ...defaultConfig };
-      const configParser = await import('./index');
-      const config = configParser.filterConfig(parentConfig, 'pr');
+      const config = filterConfig(parentConfig, 'pr');
       expect(config).toBeObject();
     });
+
+    it('highest vulnerabilitySeverity maintained when config is vulnerability alert', () => {
+      const parentConfig = { ...defaultConfig };
+      Object.assign(parentConfig, {
+        isVulnerabilityAlert: true,
+        vulnerabilitySeverity: 'HIGH',
+      });
+      const childConfig = {
+        vulnerabilitySeverity: 'CRITICAL',
+      };
+      const config = mergeChildConfig(parentConfig, childConfig);
+      expect(config.vulnerabilitySeverity).toBe('CRITICAL');
+    });
   });
 });
diff --git a/lib/config/presets/internal/regex-managers.ts b/lib/config/presets/internal/regex-managers.ts
@@ -7,7 +7,10 @@ export const presets: Record<string, Preset> = {
     description: 'Update `_VERSION` variables in Dockerfiles.',
     regexManagers: [
       {
-        fileMatch: ['(^|/|\\.)Dockerfile$', '(^|/)Dockerfile[^/]*$'],
+        fileMatch: [
+          '(^|/|\\.)([Dd]ocker|[Cc]ontainer)file$',
+          '(^|/)([Dd]ocker|[Cc]ontainer)file[^/]*$',
+        ],
         matchStrings: [
           '# renovate: datasource=(?<datasource>[a-z-]+?) depName=(?<depName>[^\\s]+?)(?: (lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[^\\s]+?))?(?: registryUrl=(?<registryUrl>[^\\s]+?))?\\s(?:ENV|ARG) .+?_VERSION[ =]"?(?<currentValue>.+?)"?\\s',
         ],
@@ -27,7 +30,7 @@ export const presets: Record<string, Preset> = {
     ],
   },
   helmChartYamlAppVersions: {
-    description: 'Update `appVersion` value in Helm chart Chart.yaml.',
+    description: 'Update `appVersion` value in Helm chart `Chart.yaml`.',
     regexManagers: [
       {
         datasourceTemplate: 'docker',

diff --git a/lib/config/presets/local/index.ts b/lib/config/presets/local/index.ts
@@ -24,6 +24,7 @@ const resolvers = {
   gitea,
   github,
   gitlab,
+  local: null,
 } satisfies Record<PlatformId, Resolver | null>;
 
 export function getPreset({

diff --git a/lib/config/types.ts b/lib/config/types.ts
@@ -251,6 +251,7 @@ export interface RenovateConfig
   warnings?: ValidationMessage[];
   vulnerabilityAlerts?: RenovateSharedConfig;
   osvVulnerabilityAlerts?: boolean;
+  vulnerabilitySeverity?: string;
   regexManagers?: RegExManager[];
 
   fetchReleaseNotes?: boolean;
@@ -309,6 +310,7 @@ export interface PackageRule
     UpdateConfig,
     Record<string, unknown> {
   description?: string | string[];
+  isVulnerabilityAlert?: boolean;
   matchFiles?: string[];
   matchPaths?: string[];
   matchLanguages?: string[];
@@ -333,6 +335,7 @@ export interface PackageRule
   matchUpdateTypes?: UpdateType[];
   matchConfidence?: MergeConfidence[];
   registryUrls?: string[] | null;
+  vulnerabilitySeverity?: string;
 }
 
 export interface ValidationMessage {