From d1e26dfee597d0ac44909d6891abc847eca4450f Mon Sep 17 00:00:00 2001 From: Justin Law <81255462+justinthelaw@users.noreply.github.com> Date: Tue, 8 Oct 2024 09:33:25 -0400 Subject: [PATCH] chore: disables renovate and cron-job workflows (#1202) --- .github/renovate.json5 | 259 +----------------- .../workflows/nightly-snapshot-release.yaml | 22 +- .../nightly-uds-badge-verification.yaml | 12 +- .github/workflows/scorecard.yaml | 4 +- .../weekly-registry1-flavor-test.yaml | 24 +- 5 files changed, 32 insertions(+), 289 deletions(-) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index a78b3e0c0..74ccd94de 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -1,260 +1,3 @@ { - "enabled": true, - "forkProcessing": "enabled", - "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": [ - "config:best-practices", - ":semanticCommits", - ":semanticCommitTypeAll(chore)" - ], - // Disable reviewers getting added by renovate to limit notification noise - "reviewersFromCodeOwners": false, - "timezone": "America/New_York", - "rebaseStalePrs": true, - "dependencyDashboard": true, - "dependencyDashboardTitle": "Renovate Dashboard 🤖", - "rebaseWhen": "conflicted", - "commitBodyTable": true, - "suppressNotifications": ["prIgnoreNotification"], - "pre-commit": { - "enabled": true - }, - "helm-values": { - "fileMatch": [".*\\.ya?ml$"] - }, - "kubernetes": { - "fileMatch": [".*\\.ya?ml$"], - "ignorePaths": [ - ".github" - ] - }, - "labels": ["dependencies", "tech-debt"], - "hostRules": [ - { - "matchHost": "registry1.dso.mil", - "hostType": "docker", - "description": "Encrypted creds for registry1, scoped to this Github org using: https://docs.renovatebot.com/getting-started/migrating-secrets/#migrate-your-secrets-in-encrypted-form", - "username": "{{ secrets.IRONBANK_USERNAME }}", - "password": "{{ secrets.IRONBANK_PASSWORD }}" - }, - { - "matchHost": "cgr.dev", - "description": "Encrypted creds for cgr.dev, scoped to this Github org using: https://docs.renovatebot.com/getting-started/migrating-secrets/#migrate-your-secrets-in-encrypted-form", - "username": "{{ secrets.CHAINGUARD_USERNAME }}", - "password": "{{ secrets.CHAINGUARD_PASSWORD }}" - }, - { - "matchHost": "ghcr.io", - "hostType": "docker", - "description": "Encrypted creds for ghcr.io, scoped to this Github org using: https://docs.renovatebot.com/getting-started/migrating-secrets/#migrate-your-secrets-in-encrypted-form", - "username": "renovate", - "password": "{{ secrets.DEFENSEUNICORNS_PACKAGE_READ_PAT }}" - } - ], - "regexManagers": [ - // Matches github-tags pointing to items in githubusercontent (i.e. https://github.com/defenseunicorns/uds-core/blob/e45de0e5917a2ca6c3e30e593e2d9a8d393849a9/.vscode/settings.json#L12) - { - "fileMatch": [".*(\\.ya?ml|\\.json)$"], - "matchStrings": [ - // Test: https://regex101.com/r/r1nWoZ/1 - "https:\\/\\/raw\\.githubusercontent\\.com\\/(?[^\\/]+\\/[^\\/]+)\\/(?[^\\/]+)" - ], - "versioningTemplate": "semver-coerced", - "datasourceTemplate": "github-tags" - }, - // Matches github-tags pointing to items in github.com///raw/ (i.e. https://github.com/defenseunicorns/uds-package-postgres-operator/blob/c88f9fd47c2fbc85e86c86c26b2d6948f6220898/zarf.yaml#L17) - { - "fileMatch": [".*(\\.ya?ml|\\.json)$"], - "matchStrings": [ - // Test: https://regex101.com/r/huQrD4/1 - "https:\\/\\/github\\.com\\/(?[^\\/]+\\/[^\\/]+)\\/raw\\/(?[^\\/]+)" - ], - "versioningTemplate": "semver-coerced", - "datasourceTemplate": "github-tags" - }, - // Matches github-tags pointing to items in github.com///releases/download/ (i.e. https://github.com/defenseunicorns/zarf/blob/c8abe31a5c4bbed933d692fcdeeefdc4b31701a5/packages/distros/k3s/zarf.yaml#L17) - { - "fileMatch": [".*(\\.ya?ml|\\.json)$"], - "matchStrings": [ - // Test: https://regex101.com/r/oGP4dI/1 - "https:\\/\\/github\\.com\\/(?[^\\/]+\\/[^\\/]+)\\/releases\\/download\\/(?[^\\/]+)" - ], - "versioningTemplate": "semver-coerced", - "datasourceTemplate": "github-tags" - }, - // Matches npm modules in npm install commands (i.e. https://github.com/defenseunicorns/uds-core/blob/f8e65159873f87be5912b73cc6f0a5ff26b7bed0/.github/workflows/commitlint.yaml#L26) - { - "fileMatch": [".*(\\.ya?ml|\\.json)$"], - "matchStrings": [ - // Test: https://regex101.com/r/321nL5/1 - "npm install ([\\w\\- ]+ )?(?@?[^\\s]*?)@(?[^\\s]+)" - ], - "datasourceTemplate": "npm" - }, - // Matches specified datasources where a colon separates the version on the following line (i.e. https://github.com/defenseunicorns/zarf/blob/7e91d3b9823b52fe6d0f563d692c8af57faa6005/examples/big-bang/zarf.yaml#L5) - { - "fileMatch": [".*\\.ya?ml$"], - "matchStrings": [ - // Test: https://regex101.com/r/d9t0lt/1 - "# renovate: datasource=(?.*?) depName=(?.*?)( versioning=(?.*?))?( extractVersion=(?.*?))?( registryUrl=(?.*?))?\\s.*:\\s*['\"]?(?[v0-9].*?)['\"]?(\\s|$)" - ], - "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver-coerced{{/if}}", - "extractVersionTemplate": "{{#if extractVersion}}{{{extractVersion}}}{{else}}^(?.*)${{/if}}" - }, - // Matches specified datasources where an environment variable separates the version on the following line (i.e. https://github.com/defenseunicorns/uds-common/blob/ce3ba974ef3ff88058809f4b9a78da281a65ffa0/.github/actions/setup/action.yaml#L9) - { - "fileMatch": [".*\\.ya?ml$", ".*\\.sh$", ".*\\.?Dockerfile$"], - "matchStrings": [ - // Test: https://regex101.com/r/b53bEF/2 - "# renovate: datasource=(?.*?) depName=(?.*?)( versioning=(?.*?))?( extractVersion=(?.*?))?( registryUrl=(?.*?))?\\s.*[A-Z]+=['\"]?(?[v0-9].*?)['\"]?(\\s|$)" - ], - "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver-coerced{{/if}}", - "extractVersionTemplate": "{{#if extractVersion}}{{{extractVersion}}}{{else}}^(?.*)${{/if}}" - }, - // Matches specified datasources for brew where an @ separates the version on the following line (i.e. https://github.com/defenseunicorns/uds-core/blob/5a2666f6a5ba89686c6dc1fecb0db98512b1b9f8/.github/actions/setup/action.yaml#L32) - { - "fileMatch": [".*\\.ya?ml$"], - "matchStrings": [ - // Test: https://regex101.com/r/p3Cpjx/1 - "# renovate: datasource=(?.*?) depName=(?.*?)( versioning=(?.*?))?\\s.*brew.*@\\s*['\"]?(?[v0-9].*?)['\"]?(\\s|$)" - ], - "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver-coerced{{/if}}", - "extractVersionTemplate": "^v(?.*)$" - }, - // Matches images where you need to override the image reference in a Helm Value (i.e. https://github.com/defenseunicorns/uds-capability-rook-ceph/blob/f190c32688e80ad72df6389bcb150b35d779d0f0/values/cluster-values.yaml#L3-L4) - { - "fileMatch": ["\\.*\\.ya?ml$"], - "matchStrings": [ - // Test: https://regex101.com/r/k5ebjz/1 - "# renovate: image=(?.*?)\\s*image:\\s.*:(?[^\\s\"]*)", - ], - "datasourceTemplate": "docker" - }, - // Matches individual images in a `zarf.yaml`'s `images:` section that are tagged with a version (allowing for # renovate overrides) - { - "fileMatch": [ "(^|/)zarf\\.ya?ml$" ], - "matchStrings": [ - // Test: https://regex101.com/r/Bd8IBp/1 - "- ['\"]?(?[^\"'\\s]+):(?[^\"'\\s]+)['\"]?( # renovate:( versioning=(?.*?))?( extractVersion=(?.*?))?)?(\\s|$)" - ], - "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}docker{{/if}}", - "extractVersionTemplate": "{{#if extractVersion}}{{{extractVersion}}}{{else}}^(?.*)${{/if}}", - "datasourceTemplate": "docker" - }, - // Matches individual helm repo charts in a `zarf.yaml`'s `charts:` section that specify `version` then `url` - { - "fileMatch": [ "(^|/)zarf\\.ya?ml$" ], - "matchStringsStrategy": "recursive", - "matchStrings": [ - // Match the chart section. Test: https://regex101.com/r/1DL0tI/3 - "(?m)charts:(.|\\n)*?(^\\s{4}[\\w:]+|\\n$|^\\s{2}-)", - // Match a chart entry. Test: https://regex101.com/r/ibpxYd/1 - "(?m)name:(.|\\n)+?(^\\s{4}[\\w\\-:]+|\\n$|^\\s{2}-|^\\s{6}-)", - // Match the parts of a chart entry. Test: https://regex101.com/r/tVVHYS/1 - "(?m)name: [\"']?(?.+?)[\"']?$(.|\\n)*?version: [\"']?(?.+?)[\"']?$(.|\\n)*?url: [\"']?(?(https|http|file):\\/\\/.+?)[\"']?$" - ], - "datasourceTemplate": "helm" - }, - // Matches individual helm repo charts in a `zarf.yaml`'s `charts:` section that specify `url` then `version` - { - "fileMatch": [ "(^|/)zarf.yaml$" ], - "matchStringsStrategy": "recursive", - "matchStrings": [ - // Match the chart section. Test: https://regex101.com/r/1DL0tI/3 - "(?m)charts:(.|\\n)*?(^\\s{4}[\\w:]+|\\n$|^\\s{2}-)", - // Match a chart entry. Test: https://regex101.com/r/ibpxYd/1 - "(?m)name:(.|\\n)+?(^\\s{4}[\\w\\-:]+|\\n$|^\\s{2}-|^\\s{6}-)", - // Match the parts of a chart entry. Test: https://regex101.com/r/ehfBW6/1 - "(?m)name: [\"']?(?.+?)[\"']?$(.|\\n)*?url: [\"']?(?(https|http|file):\\/\\/.+?)[\"']?$(.|\\n)*?version: [\"']?(?.+?)[\"']?$" - ], - "datasourceTemplate": "helm" - }, - // Matches individual helm git charts in a `zarf.yaml`'s `charts:` section that specify `version` then `url` - { - "fileMatch": [ "(^|/)zarf\\.ya?ml$" ], - "matchStringsStrategy": "recursive", - "matchStrings": [ - // Match the chart section. Test: https://regex101.com/r/1DL0tI/3 - "(?m)charts:(.|\\n)*?(^\\s{4}[\\w:]+|\\n$|^\\s{2}-)", - // Match a chart entry. Test: https://regex101.com/r/ibpxYd/1 - "(?m)name:(.|\\n)+?(^\\s{4}[\\w\\-:]+|\\n$|^\\s{2}-|^\\s{6}-)", - // Match the parts of a chart entry. Test: https://regex101.com/r/PIIH1p/1 - "(?m)name:(.|\\n)*?version: [\"']?(?.+?)[\"']?$(.|\\n)*?url: [\"']?(?.+?\\.git)[\"']?$" - ], - "datasourceTemplate": "git-tags", - // Match the version from the tag. Test: https://regex101.com/r/dzQZiE/1 - "versioningTemplate": "regex:^v?(?\\d+)\\.(?\\d+)\\.(?\\d+)(-[\\w\\.]+\\.(?\\d+))?" - }, - // Matches individual helm git charts in a `zarf.yaml`'s `charts:` section that specify `url` then `version` - { - "fileMatch": [ "(^|/)zarf.yaml$" ], - "matchStringsStrategy": "recursive", - "matchStrings": [ - // Match the chart section. Test: https://regex101.com/r/1DL0tI/3 - "(?m)charts:(.|\\n)*?(^\\s{4}[\\w:]+|\\n$|^\\s{2}-)", - // Match a chart entry. Test: https://regex101.com/r/ibpxYd/1 - "(?m)name:(.|\\n)+?(^\\s{4}[\\w\\-:]+|\\n$|^\\s{2}-|^\\s{6}-)", - // Match the parts of a chart entry. Test: https://regex101.com/r/m71Sn5/1 - "(?m)name:(.|\\n)*?url: [\"']?(?.+?\\.git)[\"']?$(.|\\n)*?version: [\"']?(?.+?)[\"']?$" - ], - "datasourceTemplate": "git-tags", - // Match the version from the tag. Test: https://regex101.com/r/dzQZiE/1 - "versioningTemplate": "regex:^v?(?\\d+)\\.(?\\d+)\\.(?\\d+)(-[\\w\\.]+\\.(?\\d+))?" - }, - // Matches individual helm oci charts in a `zarf.yaml`'s `charts:` section that specify `version` then `url` - { - "fileMatch": [ "(^|/)zarf\\.ya?ml$" ], - "matchStringsStrategy": "recursive", - "matchStrings": [ - // Match the chart section. Test: https://regex101.com/r/1DL0tI/3 - "(?m)charts:(.|\\n)*?(^\\s{4}[\\w:]+|\\n$|^\\s{2}-)", - // Match a chart entry. Test: https://regex101.com/r/ibpxYd/1 - "(?m)name:(.|\\n)+?(^\\s{4}[\\w\\-:]+|\\n$|^\\s{2}-|^\\s{6}-)", - // Match the parts of a chart entry. Test: https://regex101.com/r/gYGkgq/1 - "(?m)name:(.|\\n)*?version: [\"']?(?.+?)[\"']?$(.|\\n)*?url: [\"']?oci:\\/\\/(?.+?)[\"']?$" - ], - "datasourceTemplate": "docker" - }, - // Matches individual helm oci charts in a `zarf.yaml`'s `charts:` section that specify `url` then `version` - { - "fileMatch": [ "(^|/)zarf.yaml$" ], - "matchStringsStrategy": "recursive", - "matchStrings": [ - // Match the chart section. Test: https://regex101.com/r/1DL0tI/3 - "(?m)charts:(.|\\n)*?(^\\s{4}[\\w:]+|\\n$|^\\s{2}-)", - // Match a chart entry. Test: https://regex101.com/r/ibpxYd/1 - "(?m)name:(.|\\n)+?(^\\s{4}[\\w\\-:]+|\\n$|^\\s{2}-|^\\s{6}-)", - // Match the parts of a chart entry. Test: https://regex101.com/r/VDMzhy/1 - "(?m)name:(.|\\n)*?url: [\"']?oci:\\/\\/(?.+?)[\"']?$(.|\\n)*?version: [\"']?(?.+?)[\"']?$" - ], - "datasourceTemplate": "docker" - }, - // Matches individual kustomizations in a `zarf.yaml`'s `manifests:` section using a github url with a ref - { - "fileMatch": [ "(^|/)zarf\\.ya?ml$" ], - "matchStringsStrategy": "recursive", - "matchStrings": [ - // Match the manifests section. Test: https://regex101.com/r/BCfsGu/1 - "(?m)manifests:(.|\\n)*?(^\\s{4}[\\w:]+|\\n$|^\\s{2}-)", - // Match a manifests entry. Test: https://regex101.com/r/UjQa51/1 - "(?m)name:(.|\\n)+?(^\\s{4}[\\w\\-:]+|\\n$|^\\s{2}-|^\\s{6}-)", - // Match the parts of a chart entry. Test: https://regex101.com/r/cumJ2Y/1 - "(?m)name:(.|\\n)*?kustomizations:(.|\n)*?- [\"']?github.com\\/(?.+?)\\/\\/.*\\?ref=(?.+?)[\"']?$" - ], - "versioningTemplate": "semver-coerced", - "datasourceTemplate": "github-tags" - }, - // Matches oci packages in a `uds-bundle.yaml`'s `zarf-packages:` section that specify `repository` then `ref` - { - "fileMatch": [ "(^|/)uds-bundle.yaml$" ], - "matchStringsStrategy": "recursive", - "matchStrings": [ - // Match the parts of a chart entry. Test: https://regex101.com/r/IFgEw0/1 - "(?m)repository: [\"']?(?.+?)[\"']?$(.)*(\n.*){0,2}ref: [\"']?(?.+?)[\"']?$" - ], - "datasourceTemplate": "docker", - // Match versioning used on UDS packages. Test: https://regex101.com/r/BGkYHX/4 - "versioningTemplate": "regex:^v?(?\\d+)(\\.(?\\d+))?(\\.(?\\d+))?(-uds\\.(?\\d))?(-(?\\w+)?)?(.*?)?$" - } - ] + enabled: false, } diff --git a/.github/workflows/nightly-snapshot-release.yaml b/.github/workflows/nightly-snapshot-release.yaml index 050aa49a4..1e6af30c1 100644 --- a/.github/workflows/nightly-snapshot-release.yaml +++ b/.github/workflows/nightly-snapshot-release.yaml @@ -1,18 +1,18 @@ name: nightly-snapshot-release on: - schedule: - - cron: "0 8 * * *" # Runs daily at 12 AM PST + # schedule: + # - cron: "0 8 * * *" # Runs daily at 12 AM PST workflow_dispatch: # trigger manually as needed - pull_request: - types: - - opened # default trigger - - reopened # default trigger - - synchronize # default trigger - - ready_for_review # don't run on draft PRs - - milestoned # allows us to trigger on bot PRs - paths: - - .github/workflows/nightly-snapshot-release.yaml + # pull_request: + # types: + # - opened # default trigger + # - reopened # default trigger + # - synchronize # default trigger + # - ready_for_review # don't run on draft PRs + # - milestoned # allows us to trigger on bot PRs + # paths: + # - .github/workflows/nightly-snapshot-release.yaml concurrency: group: nightly-snapshot-release-${{ github.ref }} diff --git a/.github/workflows/nightly-uds-badge-verification.yaml b/.github/workflows/nightly-uds-badge-verification.yaml index 12060fc3d..74c286e7c 100644 --- a/.github/workflows/nightly-uds-badge-verification.yaml +++ b/.github/workflows/nightly-uds-badge-verification.yaml @@ -1,13 +1,13 @@ name: nightly-uds-badge-verification on: - schedule: - - cron: "0 11 * * *" # Runs daily at 3 AM PST + # schedule: + # - cron: "0 11 * * *" # Runs daily at 3 AM PST workflow_dispatch: # trigger manually as needed - pull_request: - paths: - - .github/workflows/nightly-uds-badge-verification.yaml - - tasks.yaml + # pull_request: + # paths: + # - .github/workflows/nightly-uds-badge-verification.yaml + # - tasks.yaml concurrency: group: nightly-uds-badge-verification-${{ github.ref }} diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index e85e83cc9..56f3c3e37 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -2,8 +2,8 @@ name: OpenSSF Scorecared on: # Only the default branch is supported. branch_protection_rule: - schedule: - - cron: '20 3 * * 0' # Every Sunday at 03:20 UTC + # schedule: + # - cron: '20 3 * * 0' # Every Sunday at 03:20 UTC push: branches: [ "main" ] diff --git a/.github/workflows/weekly-registry1-flavor-test.yaml b/.github/workflows/weekly-registry1-flavor-test.yaml index 4fca5b5fe..3e188083f 100644 --- a/.github/workflows/weekly-registry1-flavor-test.yaml +++ b/.github/workflows/weekly-registry1-flavor-test.yaml @@ -1,19 +1,19 @@ name: weekly-registry1-flavor-test on: - schedule: - - cron: "0 8 * * 0" # Run every Sunday at 12 AM PST + # schedule: + # - cron: "0 8 * * 0" # Run every Sunday at 12 AM PST workflow_dispatch: # trigger manually as needed - pull_request: - types: - - opened # default trigger - - reopened # default trigger - - synchronize # default trigger - - ready_for_review # don't run on draft PRs - - milestoned # allows us to trigger on bot PRs - paths: - - .github/workflows/weekly-registry1-flavor-test.yaml - - bundles/latest/** + # pull_request: + # types: + # - opened # default trigger + # - reopened # default trigger + # - synchronize # default trigger + # - ready_for_review # don't run on draft PRs + # - milestoned # allows us to trigger on bot PRs + # paths: + # - .github/workflows/weekly-registry1-flavor-test.yaml + # - bundles/latest/** concurrency: group: weekly-registry1-flavor-test-${{ github.ref }}