Bladeren bron

Merge remote-tracking branch 'origin/1500-template-add-renovate-self-hosted-template' into release/v0.1.0

xcad 7 maanden geleden
bovenliggende
commit
eb95462110

+ 53 - 0
library/compose/renovate/.env.j2

@@ -0,0 +1,53 @@
+# Renovate CE Configuration
+# Generated by Boilerplates CLI
+
+# License and Platform Configuration
+{% if swarm_enabled %}
+MEND_RNV_LICENSE_KEY_FILE=/run/secrets/{{ license_key_secret_name }}
+{% else %}
+MEND_RNV_LICENSE_KEY={{ license_key }}
+{% endif %}
+MEND_RNV_ACCEPT_TOS=Y
+MEND_RNV_PLATFORM={{ renovate_platform }}
+MEND_RNV_ENDPOINT={{ renovate_endpoint }}
+{% if renovate_autodiscover %}
+MEND_RNV_AUTODISCOVER=true
+{% endif %}
+
+# Platform-specific Authentication
+{% if swarm_enabled %}
+{% if renovate_platform == 'gitlab' %}
+MEND_RNV_GITLAB_PAT_FILE=/run/secrets/{{ git_token_secret_name }}
+{% elif renovate_platform == 'github' %}
+MEND_RNV_GITHUB_APP_KEY_FILE=/run/secrets/{{ git_token_secret_name }}
+{% elif renovate_platform == 'gitea' %}
+MEND_RNV_GITEA_TOKEN_FILE=/run/secrets/{{ git_token_secret_name }}
+{% endif %}
+{% else %}
+{% if renovate_platform == 'gitlab' %}
+MEND_RNV_GITLAB_PAT={{ git_token }}
+{% elif renovate_platform == 'github' %}
+MEND_RNV_GITHUB_APP_KEY={{ git_token }}
+{% elif renovate_platform == 'gitea' %}
+MEND_RNV_GITEA_TOKEN={{ git_token }}
+{% endif %}
+{% endif %}
+
+# GitHub.com token for public package lookups (avoids rate limiting)
+{% if swarm_enabled %}
+GITHUB_COM_TOKEN_FILE=/run/secrets/{{ git_token_secret_name }}
+{% else %}
+GITHUB_COM_TOKEN={{ git_token }}
+{% endif %}
+
+# Webhook Secret
+{% if webhook_secret %}
+{% if swarm_enabled %}
+MEND_RNV_WEBHOOK_SECRET_FILE=/run/secrets/{{ webhook_secret_name }}
+{% else %}
+MEND_RNV_WEBHOOK_SECRET={{ webhook_secret }}
+{% endif %}
+{% endif %}
+
+# Logging
+LOG_LEVEL={{ container_loglevel }}

+ 1 - 0
library/compose/renovate/.env.secret.license.j2

@@ -0,0 +1 @@
+{{ license_key }}

+ 1 - 0
library/compose/renovate/.env.secret.token.j2

@@ -0,0 +1 @@
+{{ git_token }}

+ 1 - 0
library/compose/renovate/.env.secret.webhook.j2

@@ -0,0 +1 @@
+{% if webhook_secret %}{{ webhook_secret }}{% endif %}

+ 131 - 0
library/compose/renovate/compose.yaml.j2

@@ -0,0 +1,131 @@
+---
+services:
+  {{ service_name }}:
+    image: ghcr.io/mend/renovate-ce:10.5.0-full
+    {% if not swarm_enabled %}
+    container_name: {{ container_name }}
+    restart: {{ restart_policy }}
+    {% endif %}
+    hostname: {{ container_hostname }}
+    {% if not traefik_enabled and network_mode == 'bridge' %}
+    ports:
+      - "{{ ports_http }}:8080"
+    {% endif %}
+    env_file:
+      - ./.env
+    {% if swarm_enabled %}
+    secrets:
+      - source: {{ license_key_secret_name }}
+        target: /run/secrets/{{ license_key_secret_name }}
+        mode: 0400
+      - source: {{ git_token_secret_name }}
+        target: /run/secrets/{{ git_token_secret_name }}
+        mode: 0400
+      {% if webhook_secret %}
+      - source: {{ webhook_secret_name }}
+        target: /run/secrets/{{ webhook_secret_name }}
+        mode: 0400
+      {% endif %}
+    deploy:
+      mode: {{ swarm_placement_mode }}
+      {% if swarm_placement_mode == 'replicated' %}
+      replicas: {{ swarm_replicas }}
+      {% endif %}
+      {% if swarm_placement_host %}
+      placement:
+        constraints:
+          - node.hostname == {{ swarm_placement_host }}
+      {% endif %}
+      {% if traefik_enabled %}
+      labels:
+        - traefik.enable=true
+        - traefik.http.services.{{ service_name }}.loadbalancer.server.port=8080
+        - traefik.http.routers.{{ service_name }}-http.rule=Host(`{{ traefik_host }}`)
+        - traefik.http.routers.{{ service_name }}-http.entrypoints={{ traefik_entrypoint }}
+        {% if traefik_tls_enabled %}
+        - traefik.http.routers.{{ service_name }}-https.rule=Host(`{{ traefik_host }}`)
+        - traefik.http.routers.{{ service_name }}-https.entrypoints={{ traefik_tls_entrypoint }}
+        - traefik.http.routers.{{ service_name }}-https.tls=true
+        - traefik.http.routers.{{ service_name }}-https.tls.certresolver={{ traefik_tls_certresolver }}
+        {% endif %}
+      {% endif %}
+    {% else %}
+    {% if traefik_enabled %}
+    labels:
+      - traefik.enable=true
+      - traefik.http.services.{{ service_name }}.loadbalancer.server.port=8080
+      - traefik.http.routers.{{ service_name }}-http.rule=Host(`{{ traefik_host }}`)
+      - traefik.http.routers.{{ service_name }}-http.entrypoints={{ traefik_entrypoint }}
+      {% if traefik_tls_enabled %}
+      - traefik.http.routers.{{ service_name }}-https.rule=Host(`{{ traefik_host }}`)
+      - traefik.http.routers.{{ service_name }}-https.entrypoints={{ traefik_tls_entrypoint }}
+      - traefik.http.routers.{{ service_name }}-https.tls=true
+      - traefik.http.routers.{{ service_name }}-https.tls.certresolver={{ traefik_tls_certresolver }}
+      {% endif %}
+    {% endif %}
+    {% endif %}
+    {% if network_mode == 'host' %}
+    network_mode: host
+    {% else %}
+    networks:
+      {% if traefik_enabled %}
+      {{ traefik_network }}:
+      {% endif %}
+      {% if network_mode == 'macvlan' %}
+      {{ network_name }}:
+        ipv4_address: {{ network_macvlan_ipv4_address }}
+      {% elif network_mode == 'bridge' %}
+      {{ network_name }}:
+      {% endif %}
+    {% endif %}
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8080/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
+
+{% if swarm_enabled %}
+secrets:
+  {{ license_key_secret_name }}:
+    file: ./.env.secret.license
+  {{ git_token_secret_name }}:
+    file: ./.env.secret.token
+  {% if webhook_secret %}
+  {{ webhook_secret_name }}:
+    file: ./.env.secret.webhook
+  {% endif %}
+{% endif %}
+
+{% if network_mode != 'host' %}
+networks:
+  {% if network_mode == 'macvlan' %}
+  {{ network_name }}:
+    {% if network_external %}
+    external: true
+    {% else %}
+    driver: macvlan
+    driver_opts:
+      parent: {{ network_macvlan_parent_interface }}
+    ipam:
+      config:
+        - subnet: {{ network_macvlan_subnet }}
+          gateway: {{ network_macvlan_gateway }}
+    name: {{ network_name }}
+    {% endif %}
+  {% elif network_mode == 'bridge' and network_external %}
+  {{ network_name }}:
+    external: true
+  {% elif network_mode == 'bridge' and not network_external %}
+  {{ network_name }}:
+    {% if swarm_enabled %}
+    driver: overlay
+    attachable: true
+    {% else %}
+    driver: bridge
+    {% endif %}
+  {% endif %}
+  {% if traefik_enabled %}
+  {{ traefik_network }}:
+    external: true
+  {% endif %}

+ 123 - 0
library/compose/renovate/template.yaml

@@ -0,0 +1,123 @@
+---
+kind: compose
+schema: "1.1"
+metadata:
+  name: Renovate
+  description: |
+    **Renovate** is an automated dependency update tool that creates pull requests for newer versions of dependencies.
+    Supports GitHub, GitLab, Bitbucket, Gitea, and more platforms with flexible configuration options.
+    ## Use Cases
+    - Automated dependency updates for all your repositories
+    - Security vulnerability patching
+    - Multi-platform support (GitLab, GitHub, Bitbucket, etc.)
+    - Customizable update schedules and rules
+    - Self-hosted or cloud-based deployment
+    ## Resources
+    - **Project**: https://www.mend.io/renovate/
+    - **Documentation**: https://docs.renovatebot.com/
+    - **GitHub**: https://github.com/renovatebot/renovate
+  version: 10.5.0
+  author: Christian Lempa
+  date: '2025-11-05'
+  tags:
+    - traefik
+    - swarm
+  next_steps: |
+    ## Post-Installation Steps
+    {% if swarm_enabled -%}
+    1. **Deploy to Docker Swarm**:
+       ```bash
+       docker stack deploy -c compose.yaml {{ service_name }}
+       ```
+       Secrets are automatically created from the generated `.env.secret.*` files.
+    2. **Access the Web Interface**:
+       - {%- if traefik_enabled %}Visit: https://{{ traefik_host }}
+       {%- else %}Visit: http://<swarm-node-ip>:{{ ports_http }}{% endif %}
+    3. **Configure webhooks** in your Git platform to trigger Renovate on repository events
+    {% else -%}
+    1. **Deploy with Docker Compose**:
+       ```bash
+       docker compose up -d
+       ```
+    2. **Access the Web Interface**:
+       - {%- if traefik_enabled %}Visit: https://{{ traefik_host }}
+       {%- else %}Visit: http://localhost:{{ ports_http }}{% endif %}
+    3. **Configure webhooks** in your Git platform to trigger Renovate on repository events
+    {% endif -%}
+spec:
+  general:
+    vars:
+      service_name:
+        default: "renovate"
+      container_name:
+        default: "renovate"
+      container_hostname:
+        default: "renovate"
+      container_loglevel:
+        default: "info"
+  renovate_settings:
+    title: "Renovate Settings"
+    required: true
+    vars:
+      renovate_platform:
+        type: "enum"
+        description: "Git Platform Type"
+        options:
+          - "gitlab"
+          - "github"
+          - "gitea"
+        default: "gitlab"
+      renovate_endpoint:
+        type: "url"
+        description: "Git Platform Endpoint URL"
+        default: "https://gitlab.com"
+        extra: "e.g., https://gitlab.com, https://github.com, https://selfhosted.home.arpa, ..."
+      renovate_autodiscover:
+        type: "bool"
+        description: "Auto-discover repositories"
+        default: false
+        extra: "Automatically find and process all accessible repositories"
+  authentication:
+    title: "Authentication"
+    required: true
+    vars:
+      git_token:
+        type: "str"
+        description: "Git platform Personal Access Token"
+        sensitive: true
+        extra: "Also used for public package lookups to avoid rate limiting"
+      license_key:
+        type: "str"
+        description: "Mend Renovate CE License Key"
+        sensitive: true
+        extra: "Get a FREE license key at https://www.mend.io/mend-renovate-community/#self-hosted"
+      webhook_secret:
+        type: "str"
+        description: "Webhook secret for platform integration"
+        sensitive: true
+        optional: true
+        default: "renovate"
+  ports:
+    vars:
+      ports_http:
+        type: "int"
+        description: "External HTTP port for web interface"
+        default: 8080
+  traefik:
+    vars:
+      traefik_host:
+        default: "renovate.home.arpa"
+  swarm:
+    vars:
+      license_key_secret_name:
+        type: "str"
+        description: "Docker Swarm secret name for license key"
+        default: "renovate_license_key"
+      git_token_secret_name:
+        type: "str"
+        description: "Docker Swarm secret name for Git platform token"
+        default: "renovate_git_token"
+      webhook_secret_name:
+        type: "str"
+        description: "Docker Swarm secret name for webhook secret"
+        default: "renovate_webhook_secret"