Skip to content

Make Renovate suggest kind image upgrades#8098

Merged
cert-manager-prow[bot] merged 1 commit intomasterfrom
renovate/reconfigure
Sep 19, 2025
Merged

Make Renovate suggest kind image upgrades#8098
cert-manager-prow[bot] merged 1 commit intomasterfrom
renovate/reconfigure

Conversation

@erikgb
Copy link
Copy Markdown
Member

@erikgb erikgb commented Sep 19, 2025

Pull Request Motivation

This PR should make Renovate suggest (synthetic) kind upgrades. By reusing the current hack-script in a Renovate post-upgrade-task, the kind image shell variables containing kindest/node image digest should be maintained as before.

I am under the impression that #8096 followed by this PR should finally close #4033, a vintage important-soon issue.

Close #8074

Kind

/kind cleanup

Release Note

NONE

@erikgb
Make Renovate suggest kind image upgrades
fd3e2a4 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
@cert-manager-prow cert-manager-prow bot added release-note-none Denotes a PR that doesn't merit a release note. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. labels Sep 19, 2025
@erikgb erikgb requested a review from Copilot September 19, 2025 21:01
@cert-manager-prow cert-manager-prow bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Sep 19, 2025
Copilot AI reviewed Sep 19, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR configures Renovate to automatically suggest kind image upgrades by adding a custom regex manager to track the kind version and execute a post-upgrade task to update the corresponding Docker image digests.

  • Adds Renovate configuration to track the kind version in hack/latest-kind-images.sh
  • Hardcodes the kind version in the script and updates the generation comment
  • Configures a post-upgrade task to automatically run the image update script when kind is upgraded

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
.github/renovate.json5 Adds custom regex manager for kind version tracking and post-upgrade automation
hack/latest-kind-images.sh Hardcodes kind version and updates generation comment for Renovate compatibility
make/kind_images.sh Updates generation comment to reflect new automated process

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@octo-sts
Copy link
Copy Markdown
Contributor

octo-sts bot commented Sep 19, 2025

Reconfigure PR Results

This is an reconfigure PR comment to help you understand and re-configure your renovate bot settings. If this Reconfigure PR were to be merged, we'd expect to see the following outcome:

Detected Package Files

  • hack/containers/Containerfile.acmesolver (dockerfile)
  • hack/containers/Containerfile.cainjector (dockerfile)
  • hack/containers/Containerfile.controller (dockerfile)
  • hack/containers/Containerfile.startupapicheck (dockerfile)
  • hack/containers/Containerfile.webhook (dockerfile)
  • make/config/pebble/Containerfile.pebble (dockerfile)
  • make/config/samplewebhook/Containerfile.samplewebhook (dockerfile)
  • .github/workflows/scorecards.yml (github-actions)
  • cmd/acmesolver/go.mod (gomod)
  • cmd/cainjector/go.mod (gomod)
  • cmd/controller/go.mod (gomod)
  • cmd/startupapicheck/go.mod (gomod)
  • cmd/webhook/go.mod (gomod)
  • go.mod (gomod)
  • test/e2e/go.mod (gomod)
  • test/integration/go.mod (gomod)
  • make/config/pebble/chart/values.yaml (helm-values)
  • make/config/samplewebhook/chart/values.yaml (helm-values)
  • .github/renovate.json5 (renovate-config-presets)
  • make/base_images.mk (regex)
  • make/base_images.mk (regex)
  • hack/latest-kind-images.sh (regex)

Configuration Summary

Based on the default config's presets, Renovate will:

  • Enable Renovate Dependency Dashboard creation.
  • Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
  • Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
  • Group known monorepo packages together.
  • Use curated list of recommended non-monorepo package groupings.
  • Show only the Age and Confidence Merge Confidence badges for pull requests.
  • Apply crowd-sourced package replacement rules.
  • Apply crowd-sourced workarounds for known problems with packages.
  • Pin Docker digests.
  • Pin github-action digests.
  • Enable Renovate configuration migration PRs when needed.
  • Pin dependency versions for development dependencies.
  • Update _VERSION environment variables in GitHub Action files.
  • Append Signed-off-by: to signoff Git commits.
  • Use semantic prefixes for commit messages and PR titles.
  • Disable vulnerability alerts completely.
  • Remove hourly and concurrent rate limits.
  • Enable Renovate Dependency Dashboard creation.
  • Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
  • Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
  • Group known monorepo packages together.
  • Use curated list of recommended non-monorepo package groupings.
  • Show only the Age and Confidence Merge Confidence badges for pull requests.
  • Apply crowd-sourced package replacement rules.
  • Apply crowd-sourced workarounds for known problems with packages.
  • Pin Docker digests.
  • Pin github-action digests.
  • Enable Renovate configuration migration PRs when needed.
  • Pin dependency versions for development dependencies.
  • Update _VERSION environment variables in GitHub Action files.
  • Append Signed-off-by: to signoff Git commits.
  • Use semantic prefixes for commit messages and PR titles.
  • Disable vulnerability alerts completely.
  • Remove hourly and concurrent rate limits.

What to Expect

With your current configuration, Renovate will create 4 Pull Requests:

fix(deps): update k8s.io/kube-openapi digest to 589584f
  • Schedule: ["at any time"]
  • Branch name: renovate/k8s.io-kube-openapi-digest
  • Merge into: master
  • Upgrade k8s.io/kube-openapi to 589584f1c912
fix(deps): update cloud go deps
fix(deps): update module github.com/akamai/akamaiopen-edgegrid-golang/v11 to v12
fix(deps): update module github.com/cloudflare/cloudflare-go/v5 to v6

@erikgb
Copy link
Copy Markdown
Member Author

erikgb commented Sep 19, 2025

/cc @hjoshi123 @ThatsMrTalbot @maelvls

@ThatsMrTalbot
Copy link
Copy Markdown
Contributor

ThatsMrTalbot commented Sep 19, 2025

/lgtm
/approve

@cert-manager-prow
Copy link
Copy Markdown
Contributor

cert-manager-prow bot commented Sep 19, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ThatsMrTalbot

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@cert-manager-prow cert-manager-prow bot added lgtm Indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Sep 19, 2025
@cert-manager-prow cert-manager-prow bot merged commit 9a32899 into master Sep 19, 2025
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@hjoshi123 hjoshi123 Awaiting requested review from hjoshi123

@maelvls maelvls Awaiting requested review from maelvls

@ThatsMrTalbot ThatsMrTalbot Awaiting requested review from ThatsMrTalbot

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm Indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Use renovate to upgrade k8s version for CI and local Automated updates of base images

3 participants

@erikgb @ThatsMrTalbot