chore: adds renovate config

[Gowiem]

what

• Adds a renovate configuration for auto-upgrade TF modules + aqua packages

why

• So our usage of TF doesn't go stale

references

• N/A

Summary by CodeRabbit

• New Features
  • Introduced a new configuration for automated dependency management.
  • Set a schedule for updates and defined base branches.
  • Enabled automatic labeling and closure of the dependency dashboard.
  • Specified paths to ignore for Terraform updates.

[coderabbitai]

Walkthrough

A new Renovate configuration file has been added to the repository to manage dependency updates systematically. The configuration establishes a structured approach to automated dependency management, setting specific update schedules, defining base branches, and configuring update behaviors for the project's dependencies.

Changes

File	Change Summary
.github/renovate.json5	Added Renovate configuration with update schedule, base branches, labeling, and Terraform-specific update settings

Poem

🤖 Renovate's dance of code and care,
Updating dependencies with flair,
Mondays before dawn, it softly creeps,
Keeping our project's health in leaps,
A guardian of versions, precise and rare! 🔧

---

📜 Recent review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 249eb8b and 8ef447c.

📒 Files selected for processing (1)

• .github/renovate.json5 (1 hunks)

🔇 Additional comments (4)

.github/renovate.json5 (4)

6-7: Consider standardizing the base branch name.

While supporting both main and master works, it's better to standardize on one primary branch name across your repositories. The industry is moving towards using main as the default branch name.

Let's check which branch name is actually in use:

✅ Verification successful

Consider removing 'master' from baseBranches in renovate.json5

The repository is using main as the default branch. You can simplify the configuration by removing the unused master branch reference from baseBranches.

• Update .github/renovate.json5 to only include "baseBranches": ["main"]

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check default branch name
git symbolic-ref refs/remotes/origin/HEAD | sed 's@^refs/remotes/origin/@@'

Length of output: 82

---

2-5: LGTM! Good practice using recommended configs.

The configuration extends both the recommended defaults and Aqua-specific settings, which is a good practice for standardization.

Let's verify if we're using the latest stable version of the Aqua config:

✅ Verification successful

✅ Using the latest version of aqua-renovate-config

The configuration is correctly pinned to version 2.6.0, which is confirmed to be the latest stable version available.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check latest version of aqua-renovate-config
gh api \
  -H "Accept: application/vnd.github+json" \
  repos/aquaproj/aqua-renovate-config/tags \
  --jq '.[0].name'

Length of output: 113

---

8-9: LGTM! Good labeling practice.

Using a dedicated label for automated upgrades helps with PR management and filtering.

Let's verify if the label exists in the repository:

---

10-14: Consider making the ignore pattern more specific.

While ignoring context.tf is common for shared context files, you might want to be more specific about which directories to ignore to prevent accidentally skipping important files.

Let's check the usage of context.tf files:

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

.github/workflows/renovate.json5 (2)

6-6: Consider more frequent updates for security patches

While weekly updates are reasonable for general dependencies, you might want to configure a more frequent schedule for security updates using vulnerabilityAlerts.

+"vulnerabilityAlerts": {
+  "schedule": ["at any time"]
+},

---

10-14: Consider additional Terraform-specific configurations

The current configuration ignores context.tf files, which is good. Consider adding these Terraform-specific settings for better control:

 "terraform": {
   "ignorePaths": [
     "**/context.tf",
   ]
+  "commitMessageTopic": "Terraform {{depName}}",
+  "commitMessageExtra": "to {{newVersion}}",
+  "lockFileMaintenance": {
+    "enabled": true,
+    "schedule": ["before 5am on Monday"]
+  }
 },

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 34d6023 and 249eb8b.

📒 Files selected for processing (1)

• .github/workflows/renovate.json5 (1 hunks)

🔇 Additional comments (1)

.github/workflows/renovate.json5 (1)

2-5: Verify Aqua renovate config version

The configuration extends recommended defaults and pins Aqua config to version 2.6.0, which is good for stability. However, let's verify if this is the latest stable version.

✅ Verification successful

Aqua renovate config version is up to date

The configuration is correctly pinned to version 2.6.0, which is currently the latest stable version of aqua-renovate-config.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for the latest version of aqua-renovate-config
gh api \
  -H "Accept: application/vnd.github+json" \
  repos/aquaproj/aqua-renovate-config/tags \
  --jq '.[0].name'

Length of output: 113

[coderabbitai]

💡 Codebase verification

Remove 'master' from baseBranches as 'main' is the default branch

The repository is using main as the default branch, so including master in baseBranches is unnecessary and may cause confusion. Consider updating the configuration to only target the active default branch.

🔗 Analysis chain

Verify primary branch naming convention

The configuration targets both main and master branches. This might indicate inconsistent branch naming across repositories.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check which default branch is actually in use
git symbolic-ref refs/remotes/origin/HEAD | sed 's@^refs/remotes/origin/@@'

Length of output: 82

[Gowiem]

We have repositories that are still on master. This is intended to be a shared config for all repositories. I'm just trying it out here. You can safely ignore this.

[coderabbitai]

@Gowiem, understood! We’ll ignore this suggestion for now. Thanks for clarifying that some of your repositories still use the master branch.

---

✏️ Learnings added

Learnt from: Gowiem
PR: masterpointio/terraform-spacelift-automation#19
File: .github/workflows/renovate.json5:7-7
Timestamp: 2024-12-22T19:36:59.395Z
Learning: Some of Gowiem's repositories still use 'master' as the primary branch, so they intentionally keep "master" in Renovate's baseBranches for a shared configuration.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

[coderabbitai]

💡 Codebase verification

Move Renovate configuration file to the standard location

The Renovate configuration file is currently located at .github/workflows/renovate.json5, but this is not a standard location. For better compatibility and to ensure Renovate detects it properly, please move the configuration file to one of these standard locations:

• .github/renovate.json
• .github/renovate.json5
• renovate.json
• renovate.json5

🔗 Analysis chain

Verify Renovate configuration file location

The configuration looks good overall, but let's verify if it's in the standard location that Renovate expects.

---

The previous command had an error, so let's try a different approach to verify the location. The standard locations for Renovate configuration are:

1. renovate.json
2. .renovaterc
3. .github/renovate.json
4. .gitlab/renovate.json
5. package.json (with "renovate" key)

Let's check these locations with a different command.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check if renovate config exists in standard locations
fd -g 'renovate.json*' -g '.renovaterc*' .

Length of output: 103

---

Script:

#!/bin/bash
# Let's try a different approach to find the renovate configuration file
find . -type f -name 'renovate.json*' -o -name '.renovaterc*'

# Also check the content of .github directory specifically
ls -la .github/

Length of output: 471

[Gowiem]

Good callout. I will move it!

[coderabbitai]

@Gowiem, thanks for the prompt response! Looking forward to the updated config file. Let me know if there’s anything else you’d like me to review or assist with.

[oycyc]

🙌