feat(datasource): add eks addon datasource. merge with main

Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>

.devcontainer/Dockerfile

@@ -1 +1 @@
-FROM ghcr.io/containerbase/devcontainer:13.5.3
+FROM ghcr.io/containerbase/devcontainer:13.7.2

.github/actions/setup-node/action.yml

@@ -53,7 +53,7 @@ runs:
         standalone: true
 
     - name: Setup Node
-      uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+      uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
       with:
         node-version: ${{ inputs.node-version }}
 

.github/label-actions.yml

@@ -263,6 +263,21 @@
     Good luck,
 
 
+    The Renovate team
+
+'auto:no-merge-from-main':
+  comment: >
+    Hi there,
+
+
+    Please don't merge from `main` into your PR's branch unless you have a merge conflict or have a specific reason to do so.
+    Doing so consumes CI systems unnecessarily, and also resets CI approvals if this is your first PR to the repo.
+    This repo uses GitHub's Merge Queue, which will automatically test your PR against `main` before merging, so it's no longer necessary to always keep branches up-to-date.
+
+
+    Thanks,
+
+
     The Renovate team
 
 'auto:discussion-first':

.github/workflows/build.yml

@@ -31,7 +31,7 @@ concurrency:
 env:
   DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
   NODE_VERSION: 22
-  PDM_VERSION: 2.22.1 # renovate: datasource=pypi depName=pdm
+  PDM_VERSION: 2.22.3 # renovate: datasource=pypi depName=pdm
   DRY_RUN: true
   TEST_LEGACY_DECRYPTION: true
   SPARSE_CHECKOUT: |-
@@ -304,7 +304,7 @@ jobs:
           os: ${{ runner.os }}
 
       - name: Lint markdown
-        uses: DavidAnson/markdownlint-cli2-action@eb5ca3ab411449c66620fe7f1b3c9e10547144b0 # v18.0.0
+        uses: DavidAnson/markdownlint-cli2-action@05f32210e84442804257b2a6f20b273450ec8265 # v19.1.0
 
       - name: Lint fenced code blocks
         run: pnpm doc-fence-check
@@ -345,6 +345,9 @@ jobs:
       - name: Test schema
         run: pnpm test-schema
 
+      - name: Lint other
+        run: pnpm lint-other
+
   test:
     needs: [setup, prefetch]
 
@@ -411,7 +414,7 @@ jobs:
 
       - name: Save coverage artifacts
         if: (success() || failure()) && github.event.pull_request.draft != true && matrix.coverage
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: ${{ matrix.upload-artifact-name }}
           path: |
@@ -438,7 +441,7 @@ jobs:
           merge-multiple: true
 
       - name: Codecov
-        uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
+        uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           directory: coverage/lcov
@@ -559,15 +562,18 @@ jobs:
         run: pnpm build
 
       - name: Build docker
-        run: pnpm build:docker build --tries=3
+        run: pnpm build:docker build --tries=3 --args '--load'
         env:
           LOG_LEVEL: debug
 
+      - name: Test docker
+        run: docker run -e LOG_LEVEL=debug --rm renovate/renovate --version
+
       - name: Pack
         run: pnpm test-e2e:pack
 
       - name: Upload
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: renovate-package
           path: renovate-0.0.0-semantic-release.tgz
@@ -611,7 +617,7 @@ jobs:
         run: pnpm test:docs
 
       - name: Upload
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: docs
           path: tmp/docs/
@@ -638,7 +644,7 @@ jobs:
           standalone: true
 
       - name: Setup Node.js
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
         with:
           node-version: ${{ env.NODE_VERSION }}
 
@@ -684,7 +690,7 @@ jobs:
           show-progress: false
 
       - name: docker-config
-        uses: containerbase/internal-tools@c440de95307545d23ff0e0b57018147e02ae217f # v3.5.15
+        uses: containerbase/internal-tools@1d0c5b3aabe4a10a264d309f65ecbbd83d0e672e # v3.5.21
         with:
           command: docker-config
 

.github/workflows/codeql-analysis.yml

@@ -41,7 +41,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+        uses: github/codeql-action/init@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
         with:
           languages: javascript
 
@@ -51,7 +51,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+        uses: github/codeql-action/autobuild@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -65,4 +65,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+        uses: github/codeql-action/analyze@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8

.github/workflows/scorecard.yml

@@ -43,14 +43,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: 'Upload artifact'
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: 'Upload to code-scanning'
-        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+        uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
         with:
           sarif_file: results.sarif

.github/workflows/trivy.yml

@@ -31,7 +31,7 @@ jobs:
           format: 'sarif'
           output: 'trivy-results.sarif'
 
-      - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+      - uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
         with:
           sarif_file: trivy-results.sarif
           category: 'docker-image-${{ matrix.tag }}'

.github/workflows/update-data.yml

@@ -27,7 +27,7 @@ jobs:
           standalone: true
 
       - name: Set up Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache: pnpm
@@ -42,7 +42,7 @@ jobs:
         run: pnpm prettier-fix
 
       - name: Create pull request
-        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
+        uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
         with:
           author: 'Renovate Bot <renovate@whitesourcesoftware.com>'
           branch: 'chore/update-static-data'

.nvmrc

@@ -1 +1 @@
-22.11.0
+22.13.1

docs/development/local-development.md

@@ -177,6 +177,7 @@ If you're only working on the documentation files, you can use the `pnpm doc-fix
 ## Documentation
 
 We use [MkDocs](https://www.mkdocs.org) to generate the documentation.
+To install the required dependency, use `pdm install`.
 You can run `pnpm build:docs` to generate the docs.
 Then use `pnpm mkdocs serve` to preview the documentation locally.
 The docs will update automatically when you run `pnpm build:docs` again, no need to stop the `pnpm mkdocs serve` command.

docs/usage/bazel.md

@@ -80,6 +80,7 @@ If Renovate finds a newer version, it updates `0.15.0` to match that version.
 #### `git_override`
 
 If Renovate finds a [`git_override`](https://bazel.build/rules/lib/globals/module#git_override), it ignores the related `bazel_dep` entry and instead evaluates the `commit` value at the specified `remote`.
+When using `git_override`, the `version` parameter on the `bazel_dep` is optional.
 
 ```python
 bazel_dep(name = "cgrindel_bazel_starlib", version = "0.15.0")
@@ -89,6 +90,13 @@ git_override(
     commit = "fb47f0e9f7c376a7700fc9fe3319231ae57880df",
     remote = "https://github.com/cgrindel/bazel-starlib.git",
 )
+
+bazel_dep(name = "rules_foo")
+git_override(
+    module_name = "rules_foo",
+    remote = "https://github.com/foo/rules_foo.git",
+    commit = "8a1e9abe415eda7cd7f2a744fdac7499ce42cdca",
+)
 ```
 
 If the primary branch has a newer commit than in the list, Renovate updates the `commit` value.
@@ -101,6 +109,7 @@ Renovate only evaluates _two_ attributes from this declaration: `version` and `r
 If a `version` is specified, it overrides the version in the `bazel_dep`.
 In the following example, Renovate notices that the version is pinned to `1.2.3`.
 This results in `rules_foo` being ignored for update evaluation.
+When using `single_version_override`, the `version` parameter on the `bazel_dep` is optional.
 
 ```python
 bazel_dep(name = "rules_foo", version = "1.2.4")
@@ -109,6 +118,13 @@ single_version_override(
   module_name = "rules_foo",
   version = "1.2.3",
 )
+
+bazel_dep(name = "rules_bar")
+
+single_version_override(
+  module_name = "rules_bar",
+  version = "1.2.3",
+)
 ```
 
 If a `registry` is specified, Renovate uses the specified registry URL to check for a new version.
@@ -128,6 +144,7 @@ single_version_override(
 
 If Renovate finds an [`archive_override`](https://bazel.build/rules/lib/globals/module#archive_override) or a [`local_path_override`](https://bazel.build/rules/lib/globals/module#local_path_override), it ignores the related `bazel_dep`.
 Because these declarations lack versionable attributes, Renovate does not update them.
+When using `archive_override` and `local_path_override`, the `version` parameter on the `bazel_dep` is optional.
 
 ```python
 bazel_dep(name = "rules_foo", version = "1.2.3")
@@ -138,13 +155,35 @@ archive_override(
     "https://example.com/archive.tar.gz",
   ],
 )
+
+bazel_dep(name = "rules_bar")
+
+archive_override(
+  module_name = "rules_bar",
+  urls = [
+    "https://example.com/archive.tar.gz",
+  ],
+)
 ```
 
 #### `multiple_version_override`
 
 Renovate ignores [`multiple_version_override`](https://bazel.build/rules/lib/globals/module#multiple_version_override).
 `multiple_version_override` does not affect the processing of version updates for a module.
 
+### `git_repository`
+
+If Renovate finds a [`git_repository`](https://bazel.build/rules/lib/repo/git#git_repository), it evaluates the `commit` value at the specified `remote`.
+`remote` is limited to github repos: `https://github.com/<owner>/<repo>.git`
+
+```python
+git_repository(
+    name = "rules_foo",
+    remote = "https://github.com/fooexample/rules_foo.git",
+    commit = "8c94e11c2b05b6f25ced5f23cd07d0cfd36edc1a",
+)
+```
+
 ## Legacy `WORKSPACE` files
 
 Renovate extracts dependencies from the following repository rules:
@@ -160,7 +199,7 @@ Renovate extracts dependencies from the following repository rules:
 It also recognizes when these repository rule names are prefixed with an underscore.
 For example, `_http_archive` is treated the same as `http_archive`.
 
-### `git_repository`
+### `git_repository` (legacy)
 
 Renovate updates any `git_repository` declaration that has the following: