Merge branch 'main' into feat/support-git-vendir

renovatebot · Mar 28, 2024 · c27b9b1 · c27b9b1
2 parents 1eda6f0 + a6f90f2
commit c27b9b1
Show file tree

Hide file tree

Showing 73 changed files with 2,265 additions and 737 deletions.
diff --git a/.eslintrc.js b/.eslintrc.js
@@ -16,7 +16,6 @@ module.exports = {
     'plugin:@typescript-eslint/recommended-requiring-type-checking',
     'plugin:promise/recommended',
     'plugin:jest-formatting/recommended',
-    'prettier',
   ],
   parserOptions: {
     ecmaVersion: 9,

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -606,7 +606,7 @@ jobs:
           filter: blob:none # we don't need all blobs, only the full tree
 
       - name: docker-config
-        uses: containerbase/internal-tools@fcbf031ba03a836d9502ea4da2f15f2848359561 # v3.0.68
+        uses: containerbase/internal-tools@a988aa91013c6f1f235d461ab48b6b572facaac4 # v3.0.70
         with:
           command: docker-config
 

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -39,7 +39,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8
+        uses: github/codeql-action/init@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
         with:
           languages: javascript
 
@@ -49,7 +49,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8
+        uses: github/codeql-action/autobuild@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -63,4 +63,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8
+        uses: github/codeql-action/analyze@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -12,4 +12,4 @@ jobs:
         uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
 
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@0fa40c3c10055986a88de3baa0d6ec17c5a894b3 # v4.2.3
+        uses: actions/dependency-review-action@5bbc3ba658137598168acb2ab73b21c432dd411b # v4.2.5
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -50,6 +50,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: 'Upload to code-scanning'
-        uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8
+        uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -31,7 +31,7 @@ jobs:
           format: 'sarif'
           output: 'trivy-results.sarif'
 
-      - uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8
+      - uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
         with:
           sarif_file: trivy-results.sarif
           category: 'docker-image-${{ matrix.tag }}'
diff --git a/docs/usage/.pages b/docs/usage/.pages
@@ -4,6 +4,7 @@ nav:
   - ... | getting-started
   - Troubleshooting: 'troubleshooting.md'
   - Configuration:
+      - 'Overview': 'config-overview.md'
       - 'Repository': 'configuration-options.md'
       - 'Self-hosted': 'self-hosted-configuration.md'
       - 'Presets': 'config-presets.md'

diff --git a/docs/usage/config-overview.md b/docs/usage/config-overview.md
diff --git a/docs/usage/configuration-options.md b/docs/usage/configuration-options.md
@@ -1452,7 +1452,7 @@ If this option is enabled, reviewers will need to create a new PR if more change
 By default, Renovate skips any forked repositories when in `autodiscover` mode.
 It even skips a forked repository that has a Renovate configuration file, because Renovate doesn't know if that file was added by the forked repository.
 
-**Process a fork in `autodiscover` mode`**
+**Process a fork in `autodiscover` mode**
 
 If you want Renovate to run on a forked repository when in `autodiscover` mode then:
 
@@ -3773,6 +3773,15 @@ Configure this to `true` if you wish to get one PR for every separate major vers
 e.g. if you are on webpack@v1 currently then default behavior is a PR for upgrading to webpack@v3 and not for webpack@v2.
 If this setting is true then you would get one PR for webpack@v2 and one for webpack@v3.
 
+## separateMultipleMinor
+
+Enable this for dependencies when it is important to split updates into separate PRs per minor release stream (e.g. `python`).
+
+For example, if you are on `[email protected]` currently, then by default Renovate creates a PR to upgrade you to the latest version such as `[email protected]`.
+By default, Renovate skips versions in between, like `[email protected]`.
+
+But if you set `separateMultipleMinor=true` then you get separate PRs for each minor stream, like `[email protected]`, `[email protected]` and `[email protected]`, etc.
+
 ## skipInstalls
 
 By default, Renovate will use the most efficient approach to updating package files and lock files, which in most cases skips the need to perform a full module install by the bot.

diff --git a/docs/usage/docker.md b/docs/usage/docker.md
@@ -383,7 +383,7 @@ To get access to the token a custom Renovate Docker image is needed that include
 The Dockerfile to create such an image can look like this:
 
 ```Dockerfile
-FROM renovate/renovate:37.252.0
+FROM renovate/renovate:37.269.3
 # Include the "Docker tip" which you can find here https://cloud.google.com/sdk/docs/install
 # under "Installation" for "Debian/Ubuntu"
 RUN ...

diff --git a/docs/usage/python.md b/docs/usage/python.md
@@ -23,24 +23,6 @@ Legacy versions with the `===` prefix are ignored.
 1. Renovate searches for the latest version on [PyPI](https://pypi.org/) to decide if there are upgrades
 1. If the source package includes a GitHub URL as its source, and has a "changelog" file _or_ uses GitHub releases, a Release Note will be embedded in the generated PR
 
-## Alternative file names
-
-For the `pip_requirements` manager, the default file matching regex for `requirements.txt` follows common file name conventions.
-
-It will match `requirements.txt` and `requirements.pip`, and any file in the format `requirements-*.txt` or `requirements-*.pip`, to allow for common filename patterns such as `requirements-dev.txt`.
-
-But Renovate may not find all your files.
-
-You can tell Renovate where to find your file(s) by setting your own `fileMatch` regex:
-
-```json title="Setting a custom fileMatch regex"
-{
-  "pip_requirements": {
-    "fileMatch": ["my/specifically-named.file", "\\.requirements$"]
-  }
-}
-```
-
 ## Alternate registries
 
 By default Renovate checks for upgrades on the `pypi.org` registry.

diff --git a/docs/usage/self-hosted-configuration.md b/docs/usage/self-hosted-configuration.md
@@ -672,6 +672,58 @@ By default, Renovate does not autodiscover repositories that are mirrors.
 
 Change this setting to `true` to include repositories that are mirrors as Renovate targets.
 
+## inheritConfig
+
+When you enable this option, Renovate will look for the `inheritConfigFileName` file in the `inheritConfigRepoName` repository before processing a repository, and read this in as config.
+
+If the repository is in a nested organization or group on a supported platform such as GitLab, such as `topGroup/nestedGroup/projectName` then Renovate will look in `topGroup/nestedGroup/renovate-config`.
+
+If `inheritConfig` is `true` but the inherited config file does _not_ exist then Renovate will proceed without warning.
+If the file exists but cannot be parsed, then Renovate will raise a config warning issue and abort the job.
+
+The inherited config may include all valid repository config and these config options:
+
+- `bbUseDevelopmentBranch`
+- `onboarding`
+- `onboardingBranch`
+- `onboardingCommitMessage`
+- `onboardingConfig`
+- `onboardingConfigFileName`
+- `onboardingNoDeps`
+- `onboardingPrTitle`
+- `onboardingRebaseCheckbox`
+- `requireConfig`
+
+<!-- prettier-ignore -->
+!!! note
+    The above list is prepared manually and may become out of date.
+    Consult the self-hosted configuration docs and look for `inheritConfigSupport` values there for the definitive list.
+
+This way organizations can change/control the default behavior, like whether configs are required and how repositories are onboarded.
+
+We disabled `inheritConfig` in the Mend Renovate App to avoid wasting millions of API calls per week.
+This is because each `404` response from the GitHub API due to a missing org inherited config counts as a used API call.
+We will add a smart/dynamic approach in future, so that we can selectively enable `inheritConfig` per organization.
+
+## inheritConfigFileName
+
+Change this setting if you want Renovate to look for a different file name within the `inheritConfigRepoName` repository.
+You may use nested files, for example: `"some-dir/config.json"`.
+
+## inheritConfigRepoName
+
+Change this setting if you want Renovate to look in an alternative repository for the inherited config.
+The repository must be on the same platform and endpoint, and Renovate's token must have `read` permissions to the repository.
+
+## inheritConfigStrict
+
+By default Renovate will silently (debug log message only) ignore cases where `inheritConfig=true` but no inherited config is found.
+When you set `inheritConfigStrict=true` then Renovate will abort the run and raise a config error if Renovate can't find the inherited config.
+
+<!-- prettier-ignore -->
+!!! warning
+    Only set this config option to `true` if _every_ organization has an inherited config file _and_ you want to make sure Renovate _always_ uses that inherited config.
+
 ## logContext
 
 `logContext` is included with each log entry only if `logFormat="json"` - it is not included in the pretty log output.

diff --git a/docs/usage/self-hosted-experimental.md b/docs/usage/self-hosted-experimental.md
@@ -93,6 +93,10 @@ If set to any value, Renovate will use the Docker Hub API (`https://hub.docker.c
 If set to an integer, Renovate will use this as max page number for docker tags lookup on docker registries, instead of the default 20 pages.
 This is useful for registries which ignores the `n` parameter in the query string and only return 50 tags per page.
 
+## `RENOVATE_X_EAGER_GLOBAL_EXTENDS`
+
+Resolve and merge `globalExtends` presets before other global config, instead of after.
+
 ## `RENOVATE_X_EXEC_GPID_HANDLE`
 
 If set, Renovate will terminate the whole process group of a terminated child process spawned by Renovate.
@@ -177,6 +181,6 @@ Don't combine with `redisUrl`, Redis would be preferred over SQlite.
 
 Suppress the pre-commit support warning in PR bodies.
 
-## `RENOVATE_X_YARN_IGNORE_PROXY`
+## `RENOVATE_X_YARN_PROXY`
 
-Skip configuring global Yarn proxy settings if HTTP proxy environment variables are detected.
+Configure global Yarn proxy settings if HTTP proxy environment variables are detected.
diff --git a/docs/usage/templates.md b/docs/usage/templates.md
@@ -110,6 +110,12 @@ Returns `true` if at least one expression is `true`.
 
 `{{#if (or isPatch isSingleVersion}}Small update, safer to merge and release.{{else}}Check out the changelog for all versions before merging!{{/if}}`
 
+### includes
+
+Returns `true` if the value is included on the list given.
+
+`{{#if (includes labels 'dependencies')}}Production Dependencies{{else}}Not Production Dependencies{{/if}}`
+
 ## Environment variables
 
 By default, you can only access a handful of basic environment variables like `HOME` or `PATH`.

diff --git a/lib/config/index.spec.ts b/lib/config/index.spec.ts
@@ -1,5 +1,10 @@
 import { getConfig } from './defaults';
-import { filterConfig, getManagerConfig, mergeChildConfig } from './index';
+import {
+  filterConfig,
+  getManagerConfig,
+  mergeChildConfig,
+  removeGlobalConfig,
+} from './index';
 
 jest.mock('../modules/datasource/npm');
 jest.mock('../../config.js', () => ({}), { virtual: true });
@@ -131,4 +136,20 @@ describe('config/index', () => {
       expect(config.vulnerabilitySeverity).toBe('CRITICAL');
     });
   });
+
+  describe('removeGlobalConfig()', () => {
+    it('removes all global config', () => {
+      const filteredConfig = removeGlobalConfig(defaultConfig, false);
+      expect(filteredConfig).not.toHaveProperty('onboarding');
+      expect(filteredConfig).not.toHaveProperty('binarySource');
+      expect(filteredConfig.prHourlyLimit).toBe(2);
+    });
+
+    it('retains inherited config', () => {
+      const filteredConfig = removeGlobalConfig(defaultConfig, true);
+      expect(filteredConfig).toHaveProperty('onboarding');
+      expect(filteredConfig).not.toHaveProperty('binarySource');
+      expect(filteredConfig.prHourlyLimit).toBe(2);
+    });
+  });
 });
diff --git a/lib/config/index.ts b/lib/config/index.ts
@@ -31,6 +31,22 @@ export function getManagerConfig(
   return managerConfig;
 }
 
+export function removeGlobalConfig(
+  config: RenovateConfig,
+  keepInherited: boolean,
+): RenovateConfig {
+  const outputConfig: RenovateConfig = { ...config };
+  for (const option of options.getOptions()) {
+    if (keepInherited && option.inheritConfigSupport) {
+      continue;
+    }
+    if (option.globalOnly) {
+      delete outputConfig[option.name];
+    }
+  }
+  return outputConfig;
+}
+
 export function filterConfig(
   inputConfig: AllConfig,
   targetStage: RenovateConfigStage,
@@ -39,6 +55,7 @@ export function filterConfig(
   const outputConfig: RenovateConfig = { ...inputConfig };
   const stages: (string | undefined)[] = [
     'global',
+    'inherit',
     'repository',
     'package',
     'branch',