coop-cloud/renovate
10
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

feat: prepare for v1 release #4

Merged
cyrnel merged 6 commits from release-prep into main 2025-09-15 02:59:49 +00:00
Conversation 4 Commits 6 Files Changed 10 +183 -43
cyrnel commented 2025-09-12 02:05:02 +00:00
Owner
Copy Link

Refactored the recipe in preparation for a v1 release.

Changes:

  • Added .drone.yml (maybe a little silly at this point since it's a cronjob, so it doesn't actually execute, but I guess at least it'll validate the config)
  • Added .env.sample and .abra.sh
  • Removed the config.js file. Since Abra does all config via environment variables and most all Renovate config is controllable by env vars already, I figured this would be simpler.
  • Expanded secrets to cover a github token and an npm token. These optional secrets are implemented via dedicated compose files, since otherwise abra won't let you deploy without setting all secrets.
  • Added entrypoint, which is needed to export the the secrets to env vars
  • Expanded readme
Refactored the recipe in preparation for a v1 release. **Changes:** - Added .drone.yml (maybe a little silly at this point since it's a cronjob, so it doesn't actually execute, but I guess at least it'll validate the config) - Added .env.sample and .abra.sh - Removed the config.js file. Since Abra does all config via environment variables and most all Renovate config is controllable by env vars already, I figured this would be simpler. - Expanded secrets to cover a github token and an npm token. These optional secrets are implemented via dedicated compose files, since otherwise abra won't let you deploy without setting all secrets. - Added entrypoint, which is needed to export the the secrets to env vars - Expanded readme
❤️ 2
cyrnel added 1 commit 2025-09-12 02:05:03 +00:00
feat: prepare for v1 release c786b29226
cyrnel requested review from decentral1se 2025-09-12 02:05:03 +00:00
cyrnel commented 2025-09-12 02:25:38 +00:00
Author
Owner
Copy Link

Tested this out by deploying it on my own server and pointing it at mealie, which seemed to work: coop-cloud/mealie#2

After merging and running again, it created a dependency dashboard, showing it detected some deps automatically: coop-cloud/mealie#3

Tested this out by deploying it on my own server and pointing it at mealie, which seemed to work: https://git.coopcloud.tech/coop-cloud/mealie/pulls/2 After merging and running again, it created a dependency dashboard, showing it detected some deps automatically: https://git.coopcloud.tech/coop-cloud/mealie/issues/3
Ghost force-pushed release-prep from c786b29226 to e23a715a40 2025-09-12 02:41:38 +00:00 Compare
cyrnel force-pushed release-prep from e23a715a40 to dcf08cb12e 2025-09-12 02:44:10 +00:00 Compare
decentral1se reviewed 2025-09-12 17:38:17 +00:00
decentral1se left a comment
Owner
Copy Link

amazing, tysm!

amazing, tysm!
.env.sample Outdated
@ -0,0 +15,4 @@
## If not using autodiscover, you can supply a space-separated list of repos.
## Ex: "coop-cloud/renovate coop-cloud/keycloak"
RENOVATE_REPOSITORIES=""
RENOVATE_TOKEN="token for your git forge"
decentral1se commented 2025-09-12 17:37:08 +00:00
Owner
Copy Link

I know it's tempting to ditch the secrets but this will force every operator to make their renovate configurations private because they have tokens in their env configuration. i think we should keep them and use an entrypoint to expose the secret, using our usual age-old hack, e.g.

entrypoint.sh.tmpl Lines 5 to 28 in 2744684292
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
file_env "PEERTUBE_DB_PASSWORD"
file_env "PEERTUBE_SECRET"

I know it's tempting to ditch the secrets but this will force every operator to make their renovate configurations private because they have tokens in their env configuration. i think we should keep them and use an entrypoint to expose the secret, using our usual age-old hack, e.g. https://git.coopcloud.tech/coop-cloud/peertube/src/commit/2744684292d66053a9681ac57692b9f026863dde/entrypoint.sh.tmpl#L5-L28
👀 1
cyrnel commented 2025-09-12 23:35:43 +00:00
Author
Owner
Copy Link

Hmm I see that SECRET_SMTP_PASSWORD_VERSION is not in abra.sh. Is that the solution for having an optional secret?

Hmm I see that `SECRET_SMTP_PASSWORD_VERSION` is not in `abra.sh`. Is that the solution for having an optional secret?
cyrnel commented 2025-09-14 16:14:28 +00:00
Author
Owner
Copy Link

Ah I see now, abra.sh is only for config versions.

The only way I could see to create optional secrets is to have each secret be in its own COMPOSE_FILE, which is what I've now implemented.

Ah I see now, `abra.sh` is only for config versions. The only way I could see to create optional secrets is to have each secret be in its own COMPOSE_FILE, which is what I've now implemented.
cyrnel marked this conversation as resolved
config.js.tmpl Outdated
@ -5,4 +0,0 @@
logLevel: "error",
unicodeEmoji: false,
onboarding: true,
assignees: [],
decentral1se commented 2025-09-12 17:38:09 +00:00
Owner
Copy Link

Can we configure also the assignees via env var? I really would like to have that for when we implement maintainers and we can ping specific handles. that would be ideal. otherwise, pretty good with ditching this file if possible!

Can we configure also the `assignees` via env var? I really would like to have that for when we implement maintainers and we can ping specific handles. that would be ideal. otherwise, pretty good with ditching this file if possible!
cyrnel commented 2025-09-12 23:04:32 +00:00
Author
Owner
Copy Link

Yep! RENOVATE_ASSIGNEES : https://docs.renovatebot.com/configuration-options/#assignees

Pretty sure it's a space-separated list as well. Will add a commented-out field since it's a common need.

Yep! `RENOVATE_ASSIGNEES` : https://docs.renovatebot.com/configuration-options/#assignees Pretty sure it's a space-separated list as well. Will add a commented-out field since it's a common need.
cyrnel marked this conversation as resolved
cyrnel added 1 commit 2025-09-14 14:41:27 +00:00
feat: reimplement docker secrets 22d5d5e578
cyrnel added 1 commit 2025-09-14 14:45:22 +00:00
fix: Remove compose version; it's deprecated 652be03c06
cyrnel added 1 commit 2025-09-14 15:09:20 +00:00
fix: sync secret names and env vars b209b6514a
cyrnel added 1 commit 2025-09-14 16:06:54 +00:00
fix: add secret file paths to env vars 2b5c94c129
cyrnel commented 2025-09-14 16:17:29 +00:00
Author
Owner
Copy Link

Okay it's fixed now! Secrets implemented and tested 🫡

Okay it's fixed now! Secrets implemented and tested 🫡
🎉 1
cyrnel added 1 commit 2025-09-14 16:53:14 +00:00
fix: lists are comma-separated b06dde0783
3wordchant commented 2025-09-15 02:32:14 +00:00
Owner
Copy Link

Incredible, thanks so much @cyrnel 👏 Merge away!

Incredible, thanks so much @cyrnel 👏 Merge away!
cyrnel merged commit e9b1684bef into main 2025-09-15 02:59:49 +00:00
cyrnel deleted branch release-prep 2025-09-15 02:59:49 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
decentral1se
Labels
No items
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
3wordchant aadil abra-bot ammaratef45 Apfelwurm appletalk arjan basebuilder Brooke carla cas codegod100 coopcloud cyrnel decentral1se fauno flancian Frando iexos jade javielico jmakdah2 joe-irving kawaiipunk knoflook kolaente lambdabundesverband linnealovespie marlon mayel mirsal moritz nicksellen notplants p4u1 pau pharaohgraphy renovate-bot ripclap rix rscmbbng sef simon sixsmith stevensting tobias trav val virtualboys wolcen wykwit xynosis yksflip
No Assignees
4 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: coop-cloud/renovate#4
No description provided.
Delete Branch "release-prep"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?