From b10b8db912894854ce2551862dba63f0b86b0446 Mon Sep 17 00:00:00 2001
From: Max Leske <maxleske@gmail.com>
Date: Fri, 26 Apr 2024 08:56:56 +0200
Subject: [PATCH] feat: manage deps with renovate

---
 docker-bake.hcl | 17 ++++++---
 renovate.json   | 99 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 111 insertions(+), 5 deletions(-)
 create mode 100644 renovate.json

diff --git a/docker-bake.hcl b/docker-bake.hcl
index 67a659a..7d04c20 100644
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@@ -1,25 +1,31 @@
 # docker-bake.hcl
 variable "modsec3-version" {
+    # renovate: depName=ModSecurity3 packageName=owasp-modsecurity/ModSecurity datasource=github-releases
     default = "3.0.12"
 }
 
 variable "modsec2-version" {
+    # renovate: depName=ModSecurity2 packageName=owasp-modsecurity/ModSecurity datasource=github-releases
     default = "2.9.7"
 }
 
 variable "crs-version" {
-    default = "4.2.0"
+    # renovate: depName=coreruleset/coreruleset datasource=github-releases
+    default = "4.1.0"
 }
 
 variable "nginx-version" {
+    # renovate: depName=nginxinc/nginx-unprivileged datasource=docker
     default = "1.25.3"
 }
 
 variable "httpd-version" {
+    # renovate: depName=httpd datasource=docker
     default = "2.4.59"
 }
 
 variable "openresty-version" {
+    # renovate: depName=openresty/openresty datasource=docker
     default = "1.25.3.1"
 }
 
@@ -27,6 +33,11 @@ variable "lua-version" {
     default = "5.3"
 }
 
+variable "lmdb-version" {
+    default = "0.9.29"
+}
+
+
 variable "lua-modules-alpine" {
   default = [
     "lua-lzlib",
@@ -49,10 +60,6 @@ variable "lua-modules-luarocks" {
   ]
 }
 
-variable "lmdb-version" {
-    default = "0.9.29"
-}
-
 variable "REPOS" {
     # List of repositories to tag
     default = [
diff --git a/renovate.json b/renovate.json
new file mode 100644
index 0000000..7d28d1b
--- /dev/null
+++ b/renovate.json
@@ -0,0 +1,99 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "local>coreruleset/renovate-config",
+    "schedule:weekly"
+  ],
+  "enabledManagers": [
+    "custom.regex"
+  ],
+  "packageRules": [
+    {
+      "groupName": "all non-major dependencies",
+      "groupSlug": "all-minor-patch",
+      "matchPackagePatterns": [
+        "*"
+      ],
+      "matchUpdateTypes": [
+        "minor",
+        "patch"
+      ],
+      "prBodyColumns": [
+        "Package",
+        "Type",
+        "Update",
+        "Change",
+        "Pending"
+      ]
+    },
+    {
+      "groupName": "all major dependencies",
+      "groupSlug": "all-major",
+      "matchPackagePatterns": [
+        "*"
+      ],
+      "matchUpdateTypes": [
+        "major"
+      ],
+      "prBodyColumns": [
+        "Package",
+        "Type",
+        "Update",
+        "Change",
+        "Pending"
+      ]
+    },
+    {
+      "matchDepNames": ["ModSecurity2"],
+      "allowedVersions": "/^v2.*/"
+    }
+  ],
+  "customManagers": [
+    {
+      "description": "Bake file",
+      "customType": "regex",
+      "fileMatch": [
+        "^docker-bake\\.hcl$"
+      ],
+      "matchStrings": [
+        "depName=(?<depName>[^\\s]+)(?:\\s+packageName=(?<packageName>[^\\s]+))?\\s+datasource=(?<datasource>[^\\s]+)\\s+[^\"]+\"(?<currentValue>[^\"]+)\""
+      ]
+    },
+    {
+      "description": "Docs: nginx",
+      "customType": "regex",
+      "fileMatch": [
+        "^README\\.md$"
+      ],
+      "matchStrings": [
+        ".*on [Nn]ginx (?<currentValue>\\d+\\.\\d+\\.\\d+)"
+      ],
+      "depNameTemplate": "nginxinc/nginx-unprivileged",
+      "datasourceTemplate": "docker"
+    },
+    {
+      "description": "Docs: httpd",
+      "customType": "regex",
+      "fileMatch": [
+        "^README\\.md$"
+      ],
+      "matchStrings": [
+        ".*on Apache (?<currentValue>\\d+\\.\\d+\\.\\d+)"
+      ],
+      "depNameTemplate": "httpd",
+      "datasourceTemplate": "docker"
+    },
+    {
+      "description": "Docs: CRS",
+      "customType": "regex",
+      "fileMatch": [
+        "^README\\.md$"
+      ],
+      "matchStrings": [
+        "OWASP CRS (?<currentValue>\\d+\\.\\d+\\.\\d+)"
+      ],
+      "depNameTemplate": "coreruleset/coreruleset",
+      "datasourceTemplate": "github-releases"
+    }
+  ]
+}