diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index c49a5e2..e688555 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -13,6 +13,7 @@ on: description: 'Version of connect-client to use (e.g., 0.9)' required: true type: string + # renovate: datasource=docker depName=public.cr.seqera.io/platform/connect-client default: '0.9' env: diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml new file mode 100644 index 0000000..e87945c --- /dev/null +++ b/.github/workflows/renovate.yml @@ -0,0 +1,21 @@ +name: Renovate + +on: + # Run weekly on Monday mornings + schedule: + - cron: '0 5 * * 1' + # Allow manual trigger + workflow_dispatch: + +jobs: + renovate: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Run Renovate + uses: renovatebot/github-action@v41.0.10 + with: + configurationFile: renovate.json + token: ${{ secrets.RENOVATE_TOKEN }} diff --git a/.opencode/skills/renovate/SKILL.md b/.opencode/skills/renovate/SKILL.md new file mode 100644 index 0000000..4f6b5e1 --- /dev/null +++ b/.opencode/skills/renovate/SKILL.md @@ -0,0 +1,188 @@ +--- +name: renovate +description: > + Run Renovate CLI for dependency updates. Use when checking for outdated dependencies, + testing Renovate config, or manually triggering dependency update PRs in a repository. +--- + +# Renovate CLI Skill + +Renovate is a dependency update tool that can automatically create PRs for outdated dependencies. This skill covers running Renovate locally via CLI for testing, debugging, and manual updates. + +## When to Use Renovate CLI + +**Use Renovate CLI when:** +- Testing a `renovate.json` configuration before deploying +- Debugging why Renovate isn't detecting certain dependencies +- Manually triggering dependency checks outside of scheduled runs +- Checking what updates are available without creating PRs (dry-run) +- Validating custom managers or package rules + +## Quick Reference + +| Task | Command | +|------|---------| +| Dry-run (local, no PRs) | `npx renovate --platform=local --dry-run` | +| Check specific repo | `npx renovate --dry-run owner/repo` | +| Debug dependency detection | `npx renovate --log-level=debug --dry-run` | +| Validate config | `npx renovate-config-validator` | +| See detected dependencies | `LOG_LEVEL=debug npx renovate --dry-run 2>&1 \| grep -E "packageFile\|deps"` | + +## Installation + +```bash +# Via npx (recommended for one-off runs) +npx renovate --help + +# Global install +npm install -g renovate + +# Via nix +nix shell nixpkgs#renovate +``` + +## Common Workflows + +### 1. Test Configuration Locally + +```bash +# Validate JSON syntax and schema +npx renovate-config-validator renovate.json + +# Dry-run to see what Renovate would do +npx renovate --platform=local --dry-run +``` + +### 2. Debug Dependency Detection + +```bash +# Run with debug logging +LOG_LEVEL=debug npx renovate --platform=local --dry-run 2>&1 | tee renovate-debug.log + +# Search for specific package +grep -i "packageName" renovate-debug.log + +# Check which managers are running +grep "manager" renovate-debug.log +``` + +### 3. Check for Available Updates + +```bash +# Local dry-run shows all detected updates +npx renovate --platform=local --dry-run + +# For a GitHub repo (requires token) +RENOVATE_TOKEN=ghp_xxx npx renovate --dry-run owner/repo +``` + +## Configuration + +### Environment Variables + +| Variable | Description | +|----------|-------------| +| `RENOVATE_TOKEN` | GitHub/GitLab token for API access | +| `LOG_LEVEL` | `debug`, `info`, `warn`, `error` | +| `RENOVATE_CONFIG_FILE` | Path to config file (default: `renovate.json`) | + +### Custom Manager Pattern + +For tracking versions in non-standard locations (like `ARG` in Dockerfiles): + +```json +{ + "customManagers": [ + { + "customType": "regex", + "description": "Update VERSION ARG in Dockerfiles", + "fileMatch": ["(^|/)Dockerfile$"], + "matchStrings": [ + "#\\s*renovate:\\s*datasource=(?.*?) depName=(?.*?)\\nARG \\w+=(?.*)" + ], + "versioningTemplate": "semver" + } + ] +} +``` + +Then annotate your Dockerfile: + +```dockerfile +# renovate: datasource=docker depName=myregistry.io/myimage +ARG VERSION=1.2.3 +``` + +## Datasources + +| Datasource | Use Case | Example depName | +|------------|----------|-----------------| +| `docker` | Container images | `python`, `nginx` | +| `pypi` | Python packages | `requests`, `pandas` | +| `npm` | Node packages | `lodash`, `express` | +| `github-releases` | GitHub releases | `owner/repo` | +| `github-tags` | GitHub tags | `owner/repo` | + +## Error Handling + +### "No token provided" + +```bash +# Set token via environment +export RENOVATE_TOKEN=ghp_your_token_here +npx renovate owner/repo + +# Or use --platform=local for local-only testing +npx renovate --platform=local --dry-run +``` + +### "Config validation failed" + +```bash +# Validate config +npx renovate-config-validator renovate.json + +# Check JSON syntax +python3 -c "import json; json.load(open('renovate.json'))" +``` + +### "No dependencies found" + +```bash +# Debug to see what files are being scanned +LOG_LEVEL=debug npx renovate --platform=local --dry-run 2>&1 | grep -E "fileMatch|packageFile" +``` + +## Integration with GitHub Actions + +```yaml +# .github/workflows/renovate.yml +name: Renovate +on: + schedule: + - cron: '0 5 * * 1' # Weekly Monday 5am + workflow_dispatch: + +jobs: + renovate: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: renovatebot/github-action@v41 + with: + configurationFile: renovate.json + token: ${{ secrets.RENOVATE_TOKEN }} +``` + +**Required PAT permissions:** +- `contents: write` - create branches/commits +- `pull-requests: write` - create PRs +- `workflows: write` - update workflow files + +## References + +- [Renovate Docs](https://docs.renovatebot.com/) +- [Configuration Options](https://docs.renovatebot.com/configuration-options/) +- [Custom Managers](https://docs.renovatebot.com/modules/manager/regex/) +- [Datasources](https://docs.renovatebot.com/modules/datasource/) +- [GitHub Action](https://github.com/renovatebot/github-action) diff --git a/cellxgene/Dockerfile b/cellxgene/Dockerfile index 1c0b452..847379c 100644 --- a/cellxgene/Dockerfile +++ b/cellxgene/Dockerfile @@ -1,6 +1,7 @@ # --------------------------------------------------------------- # 1) Multi-stage build: Pull the connect-client binary # --------------------------------------------------------------- +# renovate: datasource=docker depName=public.cr.seqera.io/platform/connect-client ARG CONNECT_CLIENT_VERSION=0.9 FROM public.cr.seqera.io/platform/connect-client:${CONNECT_CLIENT_VERSION} AS connect @@ -27,6 +28,7 @@ RUN apt-get update && apt-get install -y \ && rm -rf /var/lib/apt/lists/* # Install CellxGene and its dependencies +# renovate: datasource=pypi depName=cellxgene RUN pip install cellxgene==1.3.0 # Define CellxGene dataset path and title with defaults diff --git a/marimo/Dockerfile b/marimo/Dockerfile index ea6bc48..42c4c71 100644 --- a/marimo/Dockerfile +++ b/marimo/Dockerfile @@ -1,6 +1,7 @@ # --------------------------------------------------------------- # 1) Multi-stage build: Pull the connect-client binary # --------------------------------------------------------------- +# renovate: datasource=docker depName=public.cr.seqera.io/platform/connect-client ARG CONNECT_CLIENT_VERSION=0.9 FROM public.cr.seqera.io/platform/connect-client:${CONNECT_CLIENT_VERSION} AS connect @@ -18,6 +19,7 @@ ENV UV_SYSTEM_PYTHON=1 WORKDIR /app # Install the requirements using uv +# renovate: datasource=pypi depName=marimo RUN uv pip install scikit-learn pandas altair micropip marimo==0.11.13 # Define the port for the marimo server diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..01b699d --- /dev/null +++ b/renovate.json @@ -0,0 +1,80 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": ["config:recommended"], + "description": "Renovate config for custom-studios-examples - manages Docker base images and connect-client versions", + "schedule": ["before 9am on monday"], + "timezone": "UTC", + "automerge": false, + "labels": ["dependencies"], + "prHourlyLimit": 5, + "prConcurrentLimit": 10, + "customManagers": [ + { + "customType": "regex", + "description": "Update CONNECT_CLIENT_VERSION ARG in Dockerfiles", + "fileMatch": ["(^|/)Dockerfile$"], + "matchStrings": [ + "#\\s*renovate:\\s*datasource=(?.*?) depName=(?.*?)( versioning=(?.*?))?\\nARG CONNECT_CLIENT_VERSION=(?.*)" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}" + }, + { + "customType": "regex", + "description": "Update connect_client_version default in GitHub workflow", + "fileMatch": ["^\\.github/workflows/.*\\.ya?ml$"], + "matchStrings": [ + "#\\s*renovate:\\s*datasource=(?.*?) depName=(?.*?)\\n\\s+default:\\s*['\"]?(?[^'\"\\s]+)['\"]?" + ], + "versioningTemplate": "semver" + }, + { + "customType": "regex", + "description": "Update pip packages with pinned versions", + "fileMatch": ["(^|/)Dockerfile$"], + "matchStrings": [ + "#\\s*renovate:\\s*datasource=(?.*?) depName=(?.*)\\n.*(?:pip install|uv pip install).*\\s\\S*==(?\\d+\\.\\d+\\.\\d+)" + ], + "versioningTemplate": "semver" + } + ], + "packageRules": [ + { + "description": "Group connect-client updates across all Dockerfiles", + "groupName": "connect-client", + "matchDepNames": ["public.cr.seqera.io/platform/connect-client"], + "matchManagers": ["regex", "dockerfile"] + }, + { + "description": "Group Python base image updates", + "groupName": "python-base-images", + "matchDepNames": ["python"], + "matchManagers": ["dockerfile"] + }, + { + "description": "Group GitHub Actions updates", + "groupName": "github-actions", + "matchManagers": ["github-actions"] + }, + { + "description": "Update uv separately", + "groupName": "uv", + "matchDepNames": ["ghcr.io/astral-sh/uv"] + }, + { + "description": "Update Wave images separately", + "groupName": "wave-images", + "matchDepPatterns": ["^community\\.wave\\.seqera\\.io/"] + }, + { + "description": "Python pip packages", + "groupName": "python-packages", + "matchDatasources": ["pypi"] + } + ], + "dockerfile": { + "enabled": true + }, + "github-actions": { + "enabled": true + } +} diff --git a/shiny-simple-example/Dockerfile b/shiny-simple-example/Dockerfile index 149795f..e4beed0 100644 --- a/shiny-simple-example/Dockerfile +++ b/shiny-simple-example/Dockerfile @@ -1,6 +1,7 @@ # --------------------------------------------------------------- # 1) Multi-stage build: Pull the connect-client binary # --------------------------------------------------------------- +# renovate: datasource=docker depName=public.cr.seqera.io/platform/connect-client ARG CONNECT_CLIENT_VERSION=0.9 FROM public.cr.seqera.io/platform/connect-client:${CONNECT_CLIENT_VERSION} AS connect diff --git a/streamlit/Dockerfile b/streamlit/Dockerfile index a47a66b..b5f13fc 100644 --- a/streamlit/Dockerfile +++ b/streamlit/Dockerfile @@ -1,6 +1,7 @@ # --------------------------------------------------------------- # 1) Multi-stage build: Pull the connect-client binary # --------------------------------------------------------------- +# renovate: datasource=docker depName=public.cr.seqera.io/platform/connect-client ARG CONNECT_CLIENT_VERSION=0.9 FROM public.cr.seqera.io/platform/connect-client:${CONNECT_CLIENT_VERSION} AS connect diff --git a/ttyd/Dockerfile b/ttyd/Dockerfile index 1d423fc..ecd0716 100644 --- a/ttyd/Dockerfile +++ b/ttyd/Dockerfile @@ -1,6 +1,7 @@ # --------------------------------------------------------------- # 1) Multi-stage build: Pull the connect-client binary # --------------------------------------------------------------- +# renovate: datasource=docker depName=public.cr.seqera.io/platform/connect-client ARG CONNECT_CLIENT_VERSION=0.9 FROM public.cr.seqera.io/platform/connect-client:${CONNECT_CLIENT_VERSION} AS connect