Merge fix/1287-renovate-github-action: Replace Renovate postUpgradeTasks with GitHub Action

.github/workflows/renovate-sync-versions.yaml

@@ -0,0 +1,54 @@
+---
+name: Renovate - Sync Template Versions
+
+on:  # yamllint disable-line rule:truthy
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'library/**'
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  sync-versions:
+    name: Sync Template Versions
+    # Only run on Renovate PRs
+    if: startsWith(github.head_ref, 'renovate/')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout PR branch
+        uses: actions/checkout@v5
+        with:
+          ref: ${{ github.head_ref }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run template version sync
+        id: sync
+        run: |
+          echo "Running template version sync script..."
+          chmod +x ./scripts/sync-template-version.sh
+          ./scripts/sync-template-version.sh
+
+      - name: Check for changes
+        id: changes
+        run: |
+          if [[ -n $(git status --porcelain library/**/template.yaml) ]]; then
+            echo "has_changes=true" >> $GITHUB_OUTPUT
+            echo "Template version changes detected"
+          else
+            echo "has_changes=false" >> $GITHUB_OUTPUT
+            echo "No template version changes needed"
+          fi
+
+      - name: Commit and push changes
+        if: steps.changes.outputs.has_changes == 'true'
+        run: |
+          git config --local user.email "github-actions[bot]@users.noreply.github.com"
+          git config --local user.name "github-actions[bot]"
+          
+          git add library/**/template.yaml
+          git commit -m "chore: sync template versions with image updates"
+          git push

.renovate/CUSTOM_MANAGERS.md

@@ -1,79 +0,0 @@
-# Renovate Custom Managers
-
-This document describes the custom regex managers configured for the boilerplates repository.
-
-## 1. Docker Compose Templates
-
-**File Pattern:** `library/compose/**/*.j2`
-
-**Detects:** Docker images in compose files
-
-**Example:**
-```yaml
-services:
-  app:
-    image: ghcr.io/goauthentik/server:2025.6.3
-    # Renovate will detect: depName=ghcr.io/goauthentik/server, currentValue=2025.6.3
-```
-
-## 2. Kubernetes Helm Values
-
-**File Patterns:** 
-- `library/kubernetes/**/helm/values.yaml`
-- `library/kubernetes/**/*.j2`
-
-**Detects:** Docker images using repository + tag pattern (common in Helm charts)
-
-**Example:**
-```yaml
-image:
-  repository: "longhornio/longhorn-engine"
-  tag: "v1.9.1"
-# Renovate will detect: depName=longhornio/longhorn-engine, currentValue=v1.9.1
-```
-
-## 3. Terraform Providers
-
-**File Patterns:**
-- `library/terraform/**/*.tf`
-- `library/terraform/**/*.j2`
-
-**Detects:** Terraform provider versions
-
-**Example:**
-```hcl
-terraform {
-  required_providers {
-    proxmox = {
-      source  = "telmate/proxmox"
-      version = "3.0.1-rc9"
-    }
-  }
-}
-# Renovate will detect: depName=telmate/proxmox, currentValue=3.0.1-rc9
-```
-
-## 4. Terraform Modules
-
-**File Patterns:**
-- `library/terraform/**/*.tf`
-- `library/terraform/**/*.j2`
-
-**Detects:** Terraform module versions from Git sources with `?ref=` parameter
-
-**Example:**
-```hcl
-module "vpc" {
-  source = "git::https://github.com/terraform-aws-modules/terraform-aws-vpc.git?ref=v5.1.2"
-}
-# Renovate will detect: depName=github.com/terraform-aws-modules/terraform-aws-vpc, currentValue=v5.1.2
-```
-
-## Post-Upgrade Tasks
-
-After any dependency update, Renovate runs `.renovate/sync-template-version.sh` which:
-1. Detects which `template.yaml` files were affected by the update
-2. Automatically bumps their patch version
-3. Includes the updated `template.yaml` files in the Renovate PR
-
-This ensures template metadata stays in sync with dependency updates across all modules (compose, kubernetes, terraform).

.renovate/README.md

@@ -1,94 +0,0 @@
-# Renovate Configuration
-
-This directory contains helper scripts and configuration for Renovate bot automation.
-
-## Template Version Sync
-
-### Overview
-
-The `sync-template-version.sh` script automatically syncs Docker image versions from `compose.yaml.j2` files to their corresponding `template.yaml` metadata files.
-
-### How It Works
-
-1. **Renovate detects updates**: The custom regex manager in `renovate.json` detects Docker image versions in `.j2` template files
-2. **Updates are applied**: When Renovate creates a PR, it updates the Docker image version in `compose.yaml.j2`
-3. **Post-upgrade task runs**: After the update, the `sync-template-version.sh` script runs automatically
-4. **Metadata synced**: The script extracts the first Docker image version from each `compose.yaml.j2` and updates the `version` field in the corresponding `template.yaml`
-
-### Configuration
-
-In `renovate.json`, the following configuration enables this feature:
-
-```json
-{
-  "customManagers": [
-    {
-      "customType": "regex",
-      "description": "Update Docker images in Jinja2 compose templates",
-      "managerFilePatterns": [
-        "/^library/compose/.+/compose\\.ya?ml\\.j2$/"
-      ],
-      "matchStrings": [
-        "image:\\s*(?<depName>[^:\\s]+):(?<currentValue>[^\\s\\n{]+)"
-      ],
-      "datasourceTemplate": "docker"
-    }
-  ],
-  "postUpgradeTasks": {
-    "commands": [
-      ".renovate/sync-template-version.sh"
-    ],
-    "fileFilters": [
-      "library/compose/**/template.yaml"
-    ],
-    "executionMode": "update"
-  }
-}
-```
-
-### Manual Execution
-
-You can run the script manually at any time:
-
-```bash
-./.renovate/sync-template-version.sh
-```
-
-This will scan all compose templates and update their metadata versions to match the Docker image versions.
-
-### Limitations
-
-- Only updates templates that have a Docker image with a version tag (e.g., `image: name:1.2.3`)
-- Skips templates using Jinja2 variables for versions (e.g., `image: name:{{ version }}`)
-- Uses the **first** image found in the `compose.yaml.j2` file (typically the main application image)
-- Templates without `template.yaml` files are skipped
-
-### Template Structure
-
-Expected directory structure for each template:
-
-```
-library/compose/<template-name>/
-├── compose.yaml.j2     # Jinja2 template with Docker Compose config
-├── template.yaml       # Template metadata (includes version field)
-└── ... (other files)
-```
-
-The `template.yaml` should have a `version` field in the metadata section:
-
-```yaml
----
-kind: compose
-metadata:
-  name: Application Name
-  description: Description
-  version: 0.1.0  # This will be auto-updated
-  author: Christian Lempa
-  date: '2025-10-02'
-```
-
-### Benefits
-
-- **Consistency**: Template versions automatically track Docker image versions
-- **Automation**: No manual version updates needed when Docker images are updated
-- **Traceability**: Easy to see which Docker image version a template was designed for

.renovate/sync-template-version.sh

@@ -1,42 +0,0 @@
-#!/usr/bin/env bash
-# Sync the first Docker image version from compose.yaml.j2 to template.yaml
-# This script is called by Renovate as a post-upgrade task
-
-set -euo pipefail
-
-# Find all template directories
-find library/compose -type f -name "compose.yaml.j2" | while read -r compose_file; do
-    template_dir=$(dirname "$compose_file")
-    template_file="$template_dir/template.yaml"
-    
-    # Skip if template.yaml doesn't exist
-    [ ! -f "$template_file" ] && continue
-    
-    # Extract the first image version from compose.yaml.j2
-    # This matches: image: repo/name:version or image: name:version
-    # Ignores Jinja2 variables like {{ variable }}
-    version=$(grep -E '^\s*image:\s*[^{]*:[^{}\s]+' "$compose_file" | head -n1 | sed -E 's/.*:([^:]+)$/\1/' | tr -d ' ' || true)
-    
-    # Skip if no version found or if it's a Jinja2 variable
-    if [ -z "$version" ] || [[ "$version" =~ \{\{ ]]; then
-        continue
-    fi
-    
-    # Get current template version and trim whitespace
-    current_version=$(grep -E '^\s*version:\s*' "$template_file" | sed -E 's/.*version:\s*['\''"]?([^'\''"]+)['\''"]?/\1/' | tr -d ' ')
-    
-    # Only update if versions are different
-    if [ -n "$current_version" ] && [ "$version" != "$current_version" ]; then
-        echo "Updating $template_file: $current_version -> $version"
-        
-        # Use sed to update the version in template.yaml
-        # Works on both macOS and Linux
-        if [[ "$OSTYPE" == "darwin"* ]]; then
-            sed -i '' "s/version: .*/version: $version/" "$template_file"
-        else
-            sed -i "s/version: .*/version: $version/" "$template_file"
-        fi
-    fi
-done
-
-echo "Template version sync complete"

renovate.json

@@ -160,18 +160,6 @@
       "datasourceTemplate": "terraform-provider"
     }
   ],
-  "allowedCommands": [
-    "^\\.renovate/.*\\.sh$"
-  ],
-  "postUpgradeTasks": {
-    "commands": [
-      ".renovate/sync-template-version.sh"
-    ],
-    "fileFilters": [
-      "library/**/template.yaml"
-    ],
-    "executionMode": "update"
-  },
   "prConcurrentLimit": 30,
   "prHourlyLimit": 5,
   "separateMinorPatch": true,

scripts/sync-template-version.sh

@@ -0,0 +1,143 @@
+#!/usr/bin/env bash
+# Sync Docker image versions to template.yaml metadata
+# This script is triggered by GitHub Actions when Renovate updates dependencies
+#
+# Supports:
+# - Docker Compose templates (compose.yaml.j2)
+# - Kubernetes Helm templates (values.yaml, values.yml)
+# - Kubernetes manifest templates (*.j2 files)
+
+set -euo pipefail
+
+# Color output for better readability
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+echo "Starting template version sync..."
+
+# Function to extract version from Docker image reference
+# Handles: image:tag, registry/image:tag, registry/namespace/image:tag
+extract_version_from_image() {
+    local image_line="$1"
+    # Extract everything after the last colon, excluding Jinja2 variables
+    echo "$image_line" | sed -E 's/.*:([^:]+)$/\1/' | tr -d ' ' | grep -v '{{' || true
+}
+
+# Function to update template.yaml version
+update_template_version() {
+    local template_file="$1"
+    local new_version="$2"
+    
+    # Get current version from template.yaml
+    local current_version
+    current_version=$(grep -E '^\s*version:\s*' "$template_file" | sed -E 's/.*version:\s*['\''"]?([^'\''"]+)['\''"]?/\1/' | tr -d ' ' || true)
+    
+    # Only update if versions are different
+    if [ -n "$current_version" ] && [ "$new_version" != "$current_version" ]; then
+        echo -e "${GREEN}✓${NC} Updating $template_file: ${YELLOW}$current_version${NC} → ${GREEN}$new_version${NC}"
+        
+        # Update version in template.yaml (cross-platform compatible)
+        if [[ "$OSTYPE" == "darwin"* ]]; then
+            sed -i '' "s/version: .*/version: $new_version/" "$template_file"
+        else
+            sed -i "s/version: .*/version: $new_version/" "$template_file"
+        fi
+        return 0
+    fi
+    return 1
+}
+
+# Counter for updated templates
+updated_count=0
+
+# Process Docker Compose templates
+echo ""
+echo "Scanning Docker Compose templates..."
+while IFS= read -r compose_file; do
+    template_dir=$(dirname "$compose_file")
+    template_file="$template_dir/template.yaml"
+    
+    # Skip if template.yaml doesn't exist
+    [ ! -f "$template_file" ] && continue
+    
+    # Extract the first Docker image version from compose.yaml.j2
+    # Matches: image: repo/name:version or image: name:version
+    # Ignores Jinja2 variables like {{ variable }}
+    version=$(grep -E '^\s*image:\s*[^{]*:[^{}\s]+' "$compose_file" | head -n1 | sed -E 's/.*:([^:]+)$/\1/' | tr -d ' ' || true)
+    
+    # Skip if no version found or if it's a Jinja2 variable
+    if [ -z "$version" ] || [[ "$version" =~ \{\{ ]]; then
+        continue
+    fi
+    
+    # Update template version
+    if update_template_version "$template_file" "$version"; then
+        ((updated_count++))
+    fi
+done < <(find library/compose -type f -name "compose.yaml.j2" 2>/dev/null || true)
+
+# Process Kubernetes Helm templates (values.yaml pattern)
+echo ""
+echo "Scanning Kubernetes Helm templates..."
+while IFS= read -r values_file; do
+    template_dir=$(dirname "$values_file")
+    template_file="$template_dir/template.yaml"
+    
+    # Skip if template.yaml doesn't exist
+    [ ! -f "$template_file" ] && continue
+    
+    # Extract version from Helm values.yaml
+    # Matches repository + tag pattern:
+    #   repository: registry/image
+    #   tag: version
+    version=$(grep -A1 'repository:' "$values_file" | grep 'tag:' | sed -E 's/.*tag:\s*['\''"]?([^'\''" ]+)['\''"]?/\1/' | head -n1 | tr -d ' ' || true)
+    
+    # Skip if no version found or if it's a Jinja2 variable
+    if [ -z "$version" ] || [[ "$version" =~ \{\{ ]]; then
+        continue
+    fi
+    
+    # Update template version
+    if update_template_version "$template_file" "$version"; then
+        ((updated_count++))
+    fi
+done < <(find library/kubernetes -type f \( -name "values.yaml" -o -name "values.yml" \) 2>/dev/null || true)
+
+# Process Kubernetes manifest templates (*.j2 files with image: references)
+echo ""
+echo "Scanning Kubernetes manifest templates..."
+while IFS= read -r manifest_file; do
+    template_dir=$(dirname "$manifest_file")
+    template_file="$template_dir/template.yaml"
+    
+    # Skip if template.yaml doesn't exist
+    [ ! -f "$template_file" ] && continue
+    
+    # Extract the first Docker image version from Kubernetes manifest
+    # Matches: image: repo/name:version or image: name:version
+    # Ignores Jinja2 variables like {{ variable }}
+    version=$(grep -E '^\s*image:\s*[^{]*:[^{}\s]+' "$manifest_file" | head -n1 | sed -E 's/.*:([^:]+)$/\1/' | tr -d ' ' || true)
+    
+    # Skip if no version found or if it's a Jinja2 variable
+    if [ -z "$version" ] || [[ "$version" =~ \{\{ ]]; then
+        continue
+    fi
+    
+    # Update template version
+    if update_template_version "$template_file" "$version"; then
+        ((updated_count++))
+    fi
+done < <(find library/kubernetes -type f -name "*.j2" 2>/dev/null || true)
+
+# Process Terraform/Packer templates if needed in the future
+# (Currently no version syncing implemented for these)
+
+echo ""
+echo "=================================================="
+if [ $updated_count -gt 0 ]; then
+    echo -e "${GREEN}✓${NC} Template version sync complete: ${GREEN}$updated_count${NC} template(s) updated"
+else
+    echo "No template version updates needed"
+fi
+echo "=================================================="