alexsun/compose-anything
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add renovate

Browse Source
This commit is contained in:
Sun-ZhenXing
2025-12-14 19:55:30 +08:00
parent dfcdc3afca
commit efaad72370
7 changed files with 709 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@@ -95,6 +95,7 @@ Compose Anything helps users quickly deploy various services by providing a set
| [Redpanda](./src/redpanda) | v24.3.1 |
| [Redis Cluster](./src/redis-cluster) | 8.2.1 |
| [Redis](./src/redis) | 8.2.1 |
| [Renovate](./src/renovate) | 42.52.5-full |
| [Restate Cluster](./src/restate-cluster) | 1.5.3 |
| [Restate](./src/restate) | 1.5.3 |
| [SearXNG](./src/searxng) | 2025.1.20-1ce14ef99 |

1
README.zh.md
View File

@@ -95,6 +95,7 @@ Compose Anything 通过提供一组高质量的 Docker Compose 配置文件,
| [Redpanda](./src/redpanda) | v24.3.1 |
| [Redis Cluster](./src/redis-cluster) | 8.2.1 |
| [Redis](./src/redis) | 8.2.1 |
| [Renovate](./src/renovate) | 42.52.5-full |
| [Restate Cluster](./src/restate-cluster) | 1.5.3 |
| [Restate](./src/restate) | 1.5.3 |
| [SearXNG](./src/searxng) | 2025.1.20-1ce14ef99 |

102
src/renovate/.env.example Normal file
View File

@@ -0,0 +1,102 @@
# Renovate Configuration
# Image version
RENOVATE_VERSION=42.52.5-full
# Global registry prefix (optional, e.g., your.registry.com/)
GLOBAL_REGISTRY=
# Timezone
TZ=UTC
# ==================== Authentication ====================
# Platform type: github, gitlab, gitea, bitbucket, azure, etc.
RENOVATE_PLATFORM=github
# API endpoint (leave empty for github.com, gitlab.com, etc.)
# For self-hosted: https://gitlab.example.com/api/v4
RENOVATE_ENDPOINT=
# Authentication token (REQUIRED)
# GitHub: Personal Access Token or GitHub App token
# GitLab: Personal Access Token or Project Access Token
# Get token from: https://github.com/settings/tokens (for GitHub)
RENOVATE_TOKEN=
# Alternative: GitHub.com token (if using GitHub platform)
GITHUB_COM_TOKEN=
# ==================== Repositories ====================
# Repositories to process (comma-separated)
# Format: owner/repo or org/repo
# Example: myorg/repo1,myorg/repo2
# Leave empty to process all accessible repositories
RENOVATE_REPOSITORIES=
# ==================== Git Configuration ====================
# Git author for commits
RENOVATE_GIT_AUTHOR=Renovate Bot <bot@renovateapp.com>
# ==================== Behavior ====================
# Onboarding: Create initial PR to add renovate.json
RENOVATE_ONBOARDING=true
# Require config in repository
# Options: required, optional, ignored
RENOVATE_REQUIRE_CONFIG=optional
# Dry run mode (no actual PRs/commits)
RENOVATE_DRY_RUN=false
# ==================== Cache ====================
# Enable repository cache for better performance
RENOVATE_REPOSITORY_CACHE=enabled
# Cache directory inside container
RENOVATE_CACHE_DIR=/tmp/renovate/cache
# Base directory for cloned repos
RENOVATE_BASE_DIR=/tmp/renovate/repos
# ==================== Logging ====================
# Log level: fatal, error, warn, info, debug, trace
RENOVATE_LOG_LEVEL=info
# Log format: text, json
RENOVATE_LOG_FORMAT=json
# ==================== Package Registry Authentication ====================
# Docker Hub credentials (if checking Docker images in private registries)
RENOVATE_DOCKER_USER=
RENOVATE_DOCKER_PASSWORD=
# NPM token (if checking private NPM packages)
RENOVATE_NPM_TOKEN=
# ==================== Advanced Configuration ====================
# Path to config.js file (inside container)
RENOVATE_CONFIG_FILE=/usr/src/app/config.js
# ==================== Resources ====================
# CPU limits
RENOVATE_CPU_LIMIT=2.0
RENOVATE_CPU_RESERVATION=0.5
# Memory limits
RENOVATE_MEMORY_LIMIT=2G
RENOVATE_MEMORY_RESERVATION=512M
# ==================== User/Group ID ====================
# User and group ID for file permissions
PUID=1000
PGID=1000

227
src/renovate/README.md Normal file
View File

@@ -0,0 +1,227 @@
# Renovate - Automated Dependency Updates
[中文文档](README.zh.md)
Renovate is an automated dependency update tool that keeps your project dependencies up-to-date by creating pull requests when new versions are available.
## Features
- 🤖 Automated dependency updates across multiple platforms
- 🔄 Support for GitHub, GitLab, Gitea, Bitbucket, Azure DevOps, and more
- 📦 Multi-language support: JavaScript, Python, Go, Docker, and many more
- 🎯 Highly configurable with smart defaults
- 🔒 Security-focused with vulnerability scanning
- 📊 Detailed update summaries and changelogs
- ⚙️ Flexible scheduling and auto-merge options
## Quick Start
1. **Copy the example environment file:**
```bash
cp .env.example .env
```
2. **Configure authentication:**
Edit `.env` and set:
- `RENOVATE_PLATFORM`: Your platform (e.g., `github`, `gitlab`, `gitea`)
- `RENOVATE_TOKEN`: Your authentication token (required)
- `RENOVATE_REPOSITORIES`: Repositories to process (e.g., `myorg/repo1,myorg/repo2`)
3. **Get authentication token:**
- **GitHub**: Create a Personal Access Token at <https://github.com/settings/tokens>
- Required scopes: `repo`, `workflow`
- **GitLab**: Create a Personal Access Token at <https://gitlab.com/-/profile/personal_access_tokens>
- Required scopes: `api`, `write_repository`
4. **Run Renovate:**
```bash
# One-time execution
docker compose run --rm renovate
# Or set up a cron job for periodic runs
# Example: Run daily at 2 AM
0 2 * * * cd /path/to/renovate && docker compose run --rm renovate
```
## Configuration
### Environment Variables
Key environment variables in `.env`:
| Variable | Description | Default |
| ----------------------- | ----------------------- | -------------- |
| `RENOVATE_VERSION` | Renovate image version | `42.52.5-full` |
| `RENOVATE_PLATFORM` | Platform type | `github` |
| `RENOVATE_TOKEN` | Authentication token | **(required)** |
| `RENOVATE_REPOSITORIES` | Repositories to process | `''` |
| `RENOVATE_ONBOARDING` | Create onboarding PR | `true` |
| `RENOVATE_DRY_RUN` | Dry run mode | `false` |
| `RENOVATE_LOG_LEVEL` | Log level | `info` |
### Advanced Configuration
For advanced configuration, edit `config.js`:
```javascript
module.exports = {
platform: 'github',
repositories: ['myorg/repo1', 'myorg/repo2'],
// Schedule (cron format)
schedule: ['before 5am on monday'],
// Auto-merge settings
automerge: true,
automergeType: 'pr',
// Package rules
packageRules: [
{
matchUpdateTypes: ['minor', 'patch'],
automerge: true,
},
],
};
```
## Usage Examples
### Run on Specific Repositories
```bash
# Using environment variable
RENOVATE_REPOSITORIES=myorg/repo1,myorg/repo2 docker compose run --rm renovate
# Using config.js - edit the file first
docker compose run --rm renovate
```
### Dry Run Mode
Test configuration without creating actual PRs:
```bash
RENOVATE_DRY_RUN=full docker compose run --rm renovate
```
### Debug Mode
Enable detailed logging for troubleshooting:
```bash
RENOVATE_LOG_LEVEL=debug docker compose run --rm renovate
```
### Scheduled Execution
Create a systemd timer or cron job:
```bash
# Cron example (run daily at 2 AM)
0 2 * * * cd /path/to/renovate && docker compose run --rm renovate >> /var/log/renovate.log 2>&1
```
## How It Works
1. **Onboarding**: On first run, Renovate creates an onboarding PR with a `renovate.json` configuration file
2. **Scanning**: Renovate scans your repository for dependency files (package.json, requirements.txt, Dockerfile, etc.)
3. **Detection**: Checks for available updates across all detected dependencies
4. **PRs**: Creates pull requests for updates based on your configuration
5. **Scheduling**: Can be configured to run on a schedule (daily, weekly, etc.)
## Repository Configuration
After onboarding, configure Renovate behavior in your repository's `renovate.json`:
```json
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["config:base"],
"schedule": ["after 10pm every weekday", "before 5am every weekday", "every weekend"],
"packageRules": [
{
"matchUpdateTypes": ["minor", "patch"],
"automerge": true
}
]
}
```
## Supported Platforms
- GitHub (github.com and Enterprise Server)
- GitLab (gitlab.com and Self-Managed)
- Gitea
- Bitbucket Cloud and Server
- Azure DevOps
- And more...
## Supported Languages & Managers
Renovate supports 100+ package managers including:
- **JavaScript/Node.js**: npm, yarn, pnpm
- **Python**: pip, poetry, pipenv
- **Go**: go modules
- **Java**: maven, gradle
- **PHP**: composer
- **Ruby**: bundler
- **Rust**: cargo
- **Docker**: Dockerfile, docker-compose
- And many more...
## Security
- Runs as non-root user (configurable via `PUID`/`PGID`)
- Minimal capabilities with security hardening
- Token-based authentication (never expose tokens in logs)
- Support for vulnerability scanning and security updates
## Resources
Resource limits can be adjusted in `.env`:
- **CPU**: 2.0 cores limit, 0.5 cores reserved
- **Memory**: 2GB limit, 512MB reserved
## Troubleshooting
### No repositories found
Ensure `RENOVATE_TOKEN` has proper permissions and `RENOVATE_REPOSITORIES` is set correctly.
### Authentication errors
Verify token scopes:
- GitHub: `repo`, `workflow`
- GitLab: `api`, `write_repository`
### Rate limiting
Configure rate limits in `config.js`:
```javascript
prConcurrentLimit: 10,
prHourlyLimit: 2,
```
## Documentation
- Official Documentation: <https://docs.renovatebot.com/>
- Configuration Options: <https://docs.renovatebot.com/configuration-options/>
- GitHub Repository: <https://github.com/renovatebot/renovate>
## License
Renovate is licensed under the AGPL-3.0 license. See the [Renovate repository](https://github.com/renovatebot/renovate) for details.
## Notes
- Renovate is designed to run as a scheduled job, not a continuous service
- First run will create an onboarding PR in each repository
- Consider setting up a cron job or CI/CD pipeline for regular execution
- Monitor logs to ensure updates are being processed correctly

227
src/renovate/README.zh.md Normal file
View File

@@ -0,0 +1,227 @@
# Renovate - 自动化依赖更新工具
[English](README.md)
Renovate 是一个自动化依赖更新工具,当有新版本可用时,它会通过创建拉取请求来保持你的项目依赖最新。
## 特性
- 🤖 跨多平台的自动化依赖更新
- 🔄 支持 GitHub、GitLab、Gitea、Bitbucket、Azure DevOps 等
- 📦 多语言支持JavaScript、Python、Go、Docker 等众多语言
- 🎯 高度可配置,提供智能默认值
- 🔒 注重安全,支持漏洞扫描
- 📊 详细的更新摘要和变更日志
- ⚙️ 灵活的调度和自动合并选项
## 快速开始
1. **复制示例环境文件:**
```bash
cp .env.example .env
```
2. **配置身份验证:**
编辑 `.env` 文件并设置:
- `RENOVATE_PLATFORM`:你的平台(例如:`github`、`gitlab`、`gitea`
- `RENOVATE_TOKEN`:你的身份验证令牌(必需)
- `RENOVATE_REPOSITORIES`:要处理的仓库(例如:`myorg/repo1,myorg/repo2`
3. **获取身份验证令牌:**
- **GitHub**:在 <https://github.com/settings/tokens> 创建个人访问令牌
- 所需权限:`repo`、`workflow`
- **GitLab**:在 <https://gitlab.com/-/profile/personal_access_tokens> 创建个人访问令牌
- 所需权限:`api`、`write_repository`
4. **运行 Renovate**
```bash
# 一次性执行
docker compose run --rm renovate
# 或设置定时任务以定期运行
# 示例:每天凌晨 2 点运行
0 2 * * * cd /path/to/renovate && docker compose run --rm renovate
```
## 配置
### 环境变量
`.env` 中的关键环境变量:
| 变量 | 描述 | 默认值 |
| ----------------------- | ----------------- | -------------- |
| `RENOVATE_VERSION` | Renovate 镜像版本 | `42.52.5-full` |
| `RENOVATE_PLATFORM` | 平台类型 | `github` |
| `RENOVATE_TOKEN` | 身份验证令牌 | **(必需)** |
| `RENOVATE_REPOSITORIES` | 要处理的仓库 | `''` |
| `RENOVATE_ONBOARDING` | 创建引导 PR | `true` |
| `RENOVATE_DRY_RUN` | 演练模式 | `false` |
| `RENOVATE_LOG_LEVEL` | 日志级别 | `info` |
### 高级配置
对于高级配置,编辑 `config.js`
```javascript
module.exports = {
platform: 'github',
repositories: ['myorg/repo1', 'myorg/repo2'],
// 调度cron 格式)
schedule: ['before 5am on monday'],
// 自动合并设置
automerge: true,
automergeType: 'pr',
// 包规则
packageRules: [
{
matchUpdateTypes: ['minor', 'patch'],
automerge: true,
},
],
};
```
## 使用示例
### 在特定仓库上运行
```bash
# 使用环境变量
RENOVATE_REPOSITORIES=myorg/repo1,myorg/repo2 docker compose run --rm renovate
# 使用 config.js - 先编辑文件
docker compose run --rm renovate
```
### 演练模式
在不创建实际 PR 的情况下测试配置:
```bash
RENOVATE_DRY_RUN=full docker compose run --rm renovate
```
### 调试模式
启用详细日志以进行故障排除:
```bash
RENOVATE_LOG_LEVEL=debug docker compose run --rm renovate
```
### 定期执行
创建 systemd 定时器或 cron 任务:
```bash
# Cron 示例(每天凌晨 2 点运行)
0 2 * * * cd /path/to/renovate && docker compose run --rm renovate >> /var/log/renovate.log 2>&1
```
## 工作原理
1. **引导**首次运行时Renovate 会创建一个包含 `renovate.json` 配置文件的引导 PR
2. **扫描**Renovate 扫描你的仓库以查找依赖文件package.json、requirements.txt、Dockerfile 等)
3. **检测**:检查所有检测到的依赖项的可用更新
4. **创建 PR**:根据你的配置创建更新的拉取请求
5. **调度**:可以配置为按计划运行(每天、每周等)
## 仓库配置
引导后,在仓库的 `renovate.json` 中配置 Renovate 行为:
```json
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["config:base"],
"schedule": ["after 10pm every weekday", "before 5am every weekday", "every weekend"],
"packageRules": [
{
"matchUpdateTypes": ["minor", "patch"],
"automerge": true
}
]
}
```
## 支持的平台
- GitHubgithub.com 和 Enterprise Server
- GitLabgitlab.com 和 Self-Managed
- Gitea
- Bitbucket Cloud 和 Server
- Azure DevOps
- 以及更多...
## 支持的语言和管理器
Renovate 支持 100 多个包管理器,包括:
- **JavaScript/Node.js**npm、yarn、pnpm
- **Python**pip、poetry、pipenv
- **Go**go modules
- **Java**maven、gradle
- **PHP**composer
- **Ruby**bundler
- **Rust**cargo
- **Docker**Dockerfile、docker-compose
- 以及更多...
## 安全性
- 以非 root 用户运行(可通过 `PUID`/`PGID` 配置)
- 最小权限与安全加固
- 基于令牌的身份验证(绝不在日志中暴露令牌)
- 支持漏洞扫描和安全更新
## 资源
资源限制可在 `.env` 中调整:
- **CPU**2.0 核限制0.5 核保留
- **内存**2GB 限制512MB 保留
## 故障排除
### 未找到仓库
确保 `RENOVATE_TOKEN` 具有适当的权限,并且 `RENOVATE_REPOSITORIES` 设置正确。
### 身份验证错误
验证令牌权限:
- GitHub`repo`、`workflow`
- GitLab`api`、`write_repository`
### 速率限制
在 `config.js` 中配置速率限制:
```javascript
prConcurrentLimit: 10,
prHourlyLimit: 2,
```
## 文档
- 官方文档:<https://docs.renovatebot.com/>
- 配置选项:<https://docs.renovatebot.com/configuration-options/>
- GitHub 仓库:<https://github.com/renovatebot/renovate>
## 许可证
Renovate 采用 AGPL-3.0 许可证。详情请参见 [Renovate 仓库](https://github.com/renovatebot/renovate)。
## 注意事项
- Renovate 设计为作为计划任务运行,而不是持续服务
- 首次运行将在每个仓库中创建一个引导 PR
- 考虑设置 cron 任务或 CI/CD 管道以定期执行
- 监控日志以确保更新正在正确处理

43
src/renovate/config.js Normal file
View File

@@ -0,0 +1,43 @@
// Renovate configuration file
// This is a JavaScript configuration file for advanced settings
// For simple setups, you can configure everything via environment variables
// Documentation: https://docs.renovatebot.com/configuration-options/
module.exports = {
// Uncomment and configure as needed
// platform: 'github',
// token: process.env.RENOVATE_TOKEN,
// repositories: [
// 'myorg/repo1',
// 'myorg/repo2',
// ],
// onboarding: true,
// requireConfig: 'optional',
// // Schedule (cron format)
// schedule: ['before 5am on monday'],
// // Auto-merge settings
// automerge: true,
// automergeType: 'pr',
// automergeStrategy: 'squash',
// // PR settings
// prConcurrentLimit: 10,
// prHourlyLimit: 2,
// // Package rules
// packageRules: [
// {
// matchUpdateTypes: ['minor', 'patch'],
// automerge: true,
// },
// {
// matchUpdateTypes: ['major'],
// labels: ['major-update'],
// },
// ],
};

108
src/renovate/docker-compose.yaml Normal file
View File

@@ -0,0 +1,108 @@
# Renovate - Automated Dependency Updates
# https://github.com/renovatebot/renovate
x-defaults: &defaults
restart: unless-stopped
logging:
driver: json-file
options:
max-size: 100m
max-file: "3"
services:
renovate:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}renovate/renovate:${RENOVATE_VERSION:-42.52.5-full}
# Renovate runs as a scheduled job, not a continuous service
# Use 'docker compose run --rm renovate' to execute manually
# Or configure with cron/scheduler for periodic runs
restart: "no"
volumes:
# Configuration files
- ./config.js:/usr/src/app/config.js:ro
# Cache directory for better performance
- renovate_cache:/tmp/renovate/cache
# Optional: mount repository cache
- renovate_repos:/tmp/renovate/repos
environment:
# Timezone
- TZ=${TZ:-UTC}
# Renovate configuration
- RENOVATE_CONFIG_FILE=${RENOVATE_CONFIG_FILE:-/usr/src/app/config.js}
# Platform (github, gitlab, gitea, bitbucket, etc.)
- RENOVATE_PLATFORM=${RENOVATE_PLATFORM:-github}
- RENOVATE_ENDPOINT=${RENOVATE_ENDPOINT:-}
# Authentication token (required)
- RENOVATE_TOKEN=${RENOVATE_TOKEN:-}
# Or use GitHub App
- GITHUB_COM_TOKEN=${GITHUB_COM_TOKEN:-}
# Repositories to process (comma-separated or use config.js)
- RENOVATE_REPOSITORIES=${RENOVATE_REPOSITORIES:-}
# Git author for commits
- RENOVATE_GIT_AUTHOR=${RENOVATE_GIT_AUTHOR:-Renovate Bot <bot@renovateapp.com>}
# Logging
- LOG_LEVEL=${RENOVATE_LOG_LEVEL:-info}
- LOG_FORMAT=${RENOVATE_LOG_FORMAT:-json}
# Onboarding (create PR to add renovate.json)
- RENOVATE_ONBOARDING=${RENOVATE_ONBOARDING:-true}
- RENOVATE_ONBOARDING_CONFIG=${RENOVATE_ONBOARDING_CONFIG:-{"$$schema":"https://docs.renovatebot.com/renovate-schema.json"}}
# Require config in repo
- RENOVATE_REQUIRE_CONFIG=${RENOVATE_REQUIRE_CONFIG:-optional}
# Docker authentication (if checking Docker images)
- RENOVATE_DOCKER_USER=${RENOVATE_DOCKER_USER:-}
- RENOVATE_DOCKER_PASSWORD=${RENOVATE_DOCKER_PASSWORD:-}
# NPM authentication (if checking NPM packages)
- RENOVATE_NPM_TOKEN=${RENOVATE_NPM_TOKEN:-}
# Dry run mode (no actual updates)
- RENOVATE_DRY_RUN=${RENOVATE_DRY_RUN:-false}
# Cache
- RENOVATE_REPOSITORY_CACHE=${RENOVATE_REPOSITORY_CACHE:-enabled}
- RENOVATE_CACHE_DIR=${RENOVATE_CACHE_DIR:-/tmp/renovate/cache}
# Base directory
- RENOVATE_BASE_DIR=${RENOVATE_BASE_DIR:-/tmp/renovate/repos}
# Healthcheck not applicable for one-shot jobs
# healthcheck:
# disable: true
deploy:
resources:
limits:
cpus: ${RENOVATE_CPU_LIMIT:-2.0}
memory: ${RENOVATE_MEMORY_LIMIT:-2G}
reservations:
cpus: ${RENOVATE_CPU_RESERVATION:-0.5}
memory: ${RENOVATE_MEMORY_RESERVATION:-512M}
# Security options
read_only: false # Renovate needs to write to cache and clone repos
user: "${PUID:-1000}:${PGID:-1000}"
cap_drop:
- ALL
cap_add:
- CHOWN
- SETUID
- SETGID
- DAC_OVERRIDE
security_opt:
- no-new-privileges:true
volumes:
renovate_cache:
renovate_repos: