alexsun/compose-anything
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: alexsun:a9679a484f9dc58b6c91911dedde3eeda80183a3
Branches Tags
alexsun:main
...
compare: alexsun:main
Branches Tags
alexsun:main

3 Commits
a9679a484f ... main

Author SHA1 Message Date
Sun-ZhenXing
b98e6f652a chore: update bifrost-gateway 2025-12-15 09:58:42 +08:00
Sun-ZhenXing
efaad72370 feat: add renovate 2025-12-14 19:55:30 +08:00
Sun-ZhenXing
dfcdc3afca chore: update versions 2025-12-14 15:18:26 +08:00
27 changed files with 741 additions and 27 deletions
Expand all files Collapse all files

5
README.md
View File

@@ -14,7 +14,7 @@ Compose Anything helps users quickly deploy various services by providing a set
| [Apache Kafka](./src/kafka) | 7.8.0 |
| [Apache Pulsar](./src/pulsar) | 4.0.7 |
| [Apache RocketMQ](./src/rocketmq) | 5.3.1 |
| [Bifrost Gateway](./src/bifrost-gateway) | 1.2.15 |
| [Bifrost Gateway](./src/bifrost-gateway) | 1.3.48 |
| [Bolt.diy](./src/bolt-diy) | latest |
| [Budibase](./src/budibase) | 3.23.0 |
| [Bytebot](./src/bytebot) | edge |
@@ -32,7 +32,7 @@ Compose Anything helps users quickly deploy various services by providing a set
| [Firecrawl](./src/firecrawl) | latest |
| [frpc](./src/frpc) | 0.64.0 |
| [frps](./src/frps) | 0.64.0 |
| [Gitea Runner](./src/gitea-runner) | 0.2.12 |
| [Gitea Runner](./src/gitea-runner) | 0.2.13 |
| [Gitea](./src/gitea) | 1.24.6 |
| [GitLab Runner](./src/gitlab-runner) | 17.10.1 |
| [GitLab](./src/gitlab) | 17.10.4-ce.0 |
@@ -95,6 +95,7 @@ Compose Anything helps users quickly deploy various services by providing a set
| [Redpanda](./src/redpanda) | v24.3.1 |
| [Redis Cluster](./src/redis-cluster) | 8.2.1 |
| [Redis](./src/redis) | 8.2.1 |
| [Renovate](./src/renovate) | 42.52.5-full |
| [Restate Cluster](./src/restate-cluster) | 1.5.3 |
| [Restate](./src/restate) | 1.5.3 |
| [SearXNG](./src/searxng) | 2025.1.20-1ce14ef99 |

5
README.zh.md
View File

@@ -14,7 +14,7 @@ Compose Anything 通过提供一组高质量的 Docker Compose 配置文件,
| [Apache Kafka](./src/kafka) | 7.8.0 |
| [Apache Pulsar](./src/pulsar) | 4.0.7 |
| [Apache RocketMQ](./src/rocketmq) | 5.3.1 |
| [Bifrost Gateway](./src/bifrost-gateway) | 1.2.15 |
| [Bifrost Gateway](./src/bifrost-gateway) | 1.3.48 |
| [Bolt.diy](./src/bolt-diy) | latest |
| [Budibase](./src/budibase) | 3.23.0 |
| [Bytebot](./src/bytebot) | edge |
@@ -32,7 +32,7 @@ Compose Anything 通过提供一组高质量的 Docker Compose 配置文件,
| [Firecrawl](./src/firecrawl) | latest |
| [frpc](./src/frpc) | 0.64.0 |
| [frps](./src/frps) | 0.64.0 |
| [Gitea Runner](./src/gitea-runner) | 0.2.12 |
| [Gitea Runner](./src/gitea-runner) | 0.2.13 |
| [Gitea](./src/gitea) | 1.24.6 |
| [GitLab Runner](./src/gitlab-runner) | 17.10.1 |
| [GitLab](./src/gitlab) | 17.10.4-ce.0 |
@@ -95,6 +95,7 @@ Compose Anything 通过提供一组高质量的 Docker Compose 配置文件,
| [Redpanda](./src/redpanda) | v24.3.1 |
| [Redis Cluster](./src/redis-cluster) | 8.2.1 |
| [Redis](./src/redis) | 8.2.1 |
| [Renovate](./src/renovate) | 42.52.5-full |
| [Restate Cluster](./src/restate-cluster) | 1.5.3 |
| [Restate](./src/restate) | 1.5.3 |
| [SearXNG](./src/searxng) | 2025.1.20-1ce14ef99 |

2
builds/mineru/.env.example
View File

@@ -1,5 +1,5 @@
# MinerU Docker image
MINERU_DOCKER_IMAGE=alexsuntop/mineru:2.6.5
MINERU_DOCKER_IMAGE=alexsuntop/mineru:2.6.6
# Port configurations
MINERU_PORT_OVERRIDE_VLLM=30000

2
builds/mineru/README.md
View File

@@ -39,7 +39,7 @@ mineru -p demo.pdf -o ./output -b vlm-http-client -u http://localhost:30000
## Configuration
- `MINERU_VERSION`: The version for MinerU, default is `2.6.5`.
- `MINERU_VERSION`: The version for MinerU, default is `2.6.6`.
- `MINERU_PORT_OVERRIDE_VLLM`: The host port for the VLLM server, default is `30000`.
- `MINERU_PORT_OVERRIDE_API`: The host port for the API service, default is `8000`.
- `MINERU_PORT_OVERRIDE_GRADIO`: The host port for the Gradio WebUI, default is `7860`.

2
builds/mineru/README.zh.md
View File

@@ -39,7 +39,7 @@ mineru -p demo.pdf -o ./output -b vlm-http-client -u http://localhost:30000
## 配置
- `MINERU_VERSION`: MinerU 的 Docker 镜像版本,默认为 `2.6.5`。
- `MINERU_VERSION`: MinerU 的 Docker 镜像版本,默认为 `2.6.6`。
- `MINERU_PORT_OVERRIDE_VLLM`: VLLM 服务器的主机端口,默认为 `30000`。
- `MINERU_PORT_OVERRIDE_API`: API 服务的主机端口,默认为 `8000`。
- `MINERU_PORT_OVERRIDE_GRADIO`: Gradio WebUI 的主机端口,默认为 `7860`。

2
builds/mineru/docker-compose.yaml
View File

@@ -8,7 +8,7 @@ x-defaults: &defaults
x-mineru-vllm: &mineru-vllm
<<: *defaults
image: ${GLOBAL_REGISTRY:-}alexsuntop/mineru:${MINERU_VERSION:-2.6.5}
image: ${GLOBAL_REGISTRY:-}alexsuntop/mineru:${MINERU_VERSION:-2.6.6}
build:
context: .
dockerfile: Dockerfile

2
src/bifrost-gateway/.env.example
View File

@@ -1,5 +1,5 @@
# Bifrost Gateway Version
BIFROST_VERSION=v1.2.15
BIFROST_VERSION=v1.3.48
# Port to bind to on the host machine
BIFROST_PORT=28080

2
src/bifrost-gateway/README.md
View File

@@ -10,7 +10,7 @@ Bifrost is a lightweight, high-performance LLM gateway that supports multiple mo
## Configuration
- `BIFROST_VERSION`: The version of the Bifrost image, default is `v1.2.15`.
- `BIFROST_VERSION`: The version of the Bifrost image, default is `v1.3.48`.
- `BIFROST_PORT`: The port for the Bifrost service, default is `28080`.
## Volumes

2
src/bifrost-gateway/README.zh.md
View File

@@ -10,7 +10,7 @@ Bifrost 是一个轻量级、高性能的 LLM 网关,支持多种模型和提
## 配置
- `BIFROST_VERSION`: Bifrost 镜像的版本,默认为 `v1.2.15`
- `BIFROST_VERSION`: Bifrost 镜像的版本,默认为 `v1.3.48`
- `BIFROST_PORT`: Bifrost 服务的端口,默认为 `28080`
## 卷

2
src/bifrost-gateway/docker-compose.yaml
View File

@@ -9,7 +9,7 @@ x-defaults: &defaults
services:
bifrost:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}maximhq/bifrost:${BIFROST_VERSION:-v1.2.15}
image: ${GLOBAL_REGISTRY:-}maximhq/bifrost:${BIFROST_VERSION:-v1.3.48}
volumes:
- bifrost_data:/app/data
ports:

2
src/gitea-runner/README.md
View File

@@ -9,7 +9,7 @@ This service sets up a Gitea Runner.
1. Generate the `config.yaml` file:
```bash
docker run --entrypoint="" --rm -it gitea/act_runner:0.2.12 act_runner generate-config > config.yaml
docker run --entrypoint="" --rm -it gitea/act_runner:0.2.13 act_runner generate-config > config.yaml
```
2. Configure `config.yaml`, for example:

2
src/gitea-runner/README.zh.md
View File

@@ -9,7 +9,7 @@
1. 生成 `config.yaml` 文件:
```bash
docker run --entrypoint="" --rm -it gitea/act_runner:0.2.12 act_runner generate-config > config.yaml
docker run --entrypoint="" --rm -it gitea/act_runner:0.2.13 act_runner generate-config > config.yaml
```
2. 配置 `config.yaml`,例如:

13
src/gitea-runner/config.yaml
View File

@@ -32,6 +32,11 @@ runner:
fetch_timeout: 5s
# The interval for fetching the job from the Gitea instance.
fetch_interval: 2s
# The github_mirror of a runner is used to specify the mirror address of the github that pulls the action repository.
# It works when something like `uses: actions/checkout@v4` is used and DEFAULT_ACTIONS_URL is set to github,
# and github_mirror is not empty. In this case,
# it replaces https://github.com with the value here, which is useful for some special network environments.
github_mirror: ''
# The labels of a runner are used to determine which jobs the runner can run, and how to run them.
# Like: "macos-arm64:host" or "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest"
# Find more images provided by Gitea at https://gitea.com/docker.gitea.com/runner-images .
@@ -66,7 +71,7 @@ container:
# If it's empty, act_runner will create a network automatically.
network: ""
# Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
privileged: true #! #####CHANGED#####
privileged: false
# And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
options:
# The parent directory of a job's working directory.
@@ -91,9 +96,13 @@ container:
# If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
docker_host: ""
# Pull docker image(s) even if already present
force_pull: false #! #####CHANGED#####
force_pull: true
# Rebuild docker image(s) even if already present
force_rebuild: false
# Always require a reachable docker daemon, even if not required by act_runner
require_docker: false
# Timeout to wait for the docker daemon to be reachable, if docker is required by require_docker or act_runner
docker_timeout: 0s
host:
# The parent directory of a job's working directory.

4
src/gitea/.env.example
View File

@@ -1,5 +1,5 @@
# Gitea Version
GITEA_VERSION=1.24.6-rootless
GITEA_VERSION=1.25.2-rootless
# Database configuration
GITEA_DB_TYPE=postgres
@@ -13,4 +13,4 @@ POSTGRES_DB=gitea
# Gitea ports
GITEA_HTTP_PORT=3000
GITEA_SSH_PORT=3022
GITEA_SSH_PORT=2222

8
src/gitea/docker-compose.yaml
View File

@@ -9,7 +9,7 @@ x-defaults: &defaults
services:
gitea:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}gitea/gitea:${GITEA_VERSION:-1.24.6-rootless}
image: ${GLOBAL_REGISTRY:-}gitea/gitea:${GITEA_VERSION:-1.25.2-rootless}
environment:
- USER_UID=1000
- USER_GID=1000
@@ -20,10 +20,11 @@ services:
- GITEA__database__NAME=${POSTGRES_DB:-gitea}
- GITEA__database__PASSWD=${POSTGRES_PASSWORD:-gitea}
volumes:
- ./gitea:/data
- gitea_data:/var/lib/gitea
- gitea_config:/etc/gitea
ports:
- "${GITEA_HTTP_PORT:-3000}:3000"
- "${GITEA_SSH_PORT:-3022}:22"
- "${GITEA_SSH_PORT:-2222}:2222"
depends_on:
db:
condition: service_healthy
@@ -69,4 +70,5 @@ services:
volumes:
gitea_data:
gitea_config:
postgres:

2
src/nexa-sdk/README.md
View File

@@ -27,7 +27,7 @@ This service deploys NexaSDK Docker for running AI models with OpenAI-compatible
### CPU Mode
```bash
docker compose up -d
docker compose --profile cpu up -d
```
### GPU Mode (CUDA)

2
src/nexa-sdk/README.zh.md
View File

@@ -27,7 +27,7 @@
### CPU 模式
```bash
docker compose up -d
docker compose --profile cpu up -d
```
### GPU 模式CUDA

2
src/nexa-sdk/docker-compose.yaml
View File

@@ -13,6 +13,8 @@ x-defaults: &defaults
services:
nexa-sdk:
<<: *defaults
profiles:
- cpu
image: ${GLOBAL_REGISTRY:-}nexa4ai/nexasdk:${NEXA_SDK_VERSION:-v0.2.62}
ports:
- "${NEXA_SDK_PORT_OVERRIDE:-18181}:18181"

2
src/phoenix/.env.example
View File

@@ -1,5 +1,5 @@
# Phoenix version
PHOENIX_VERSION=version-12.19.0
PHOENIX_VERSION=12.25.0-nonroot
# Timezone
TZ=UTC

2
src/phoenix/README.md
View File

@@ -20,7 +20,7 @@ Arize Phoenix is an open-source AI observability platform for LLM applications.
| Variable Name | Description | Default Value |
| -------------------------- | ------------------------------------- | ----------------- |
| PHOENIX_VERSION | Phoenix image version | `version-12.19.0` |
| PHOENIX_VERSION | Phoenix image version | `12.25.0-nonroot` |
| PHOENIX_PORT_OVERRIDE | Host port for Phoenix UI and HTTP API | `6006` |
| PHOENIX_GRPC_PORT_OVERRIDE | Host port for OTLP gRPC collector | `4317` |
| PHOENIX_ENABLE_PROMETHEUS | Enable Prometheus metrics endpoint | `false` |

2
src/phoenix/README.zh.md
View File

@@ -20,7 +20,7 @@ Arize Phoenix 是一个开源的 AI 可观测性平台,专为 LLM 应用设计
| 变量名 | 描述 | 默认值 |
| -------------------------- | --------------------------------- | ----------------- |
| PHOENIX_VERSION | Phoenix 镜像版本 | `version-12.19.0` |
| PHOENIX_VERSION | Phoenix 镜像版本 | `12.25.0-nonroot` |
| PHOENIX_PORT_OVERRIDE | Phoenix UI 和 HTTP API 的主机端口 | `6006` |
| PHOENIX_GRPC_PORT_OVERRIDE | OTLP gRPC 采集器的主机端口 | `4317` |
| PHOENIX_ENABLE_PROMETHEUS | 启用 Prometheus 指标端点 | `false` |

2
src/phoenix/docker-compose.yaml
View File

@@ -12,7 +12,7 @@ x-defaults: &defaults
services:
phoenix:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}arizephoenix/phoenix:${PHOENIX_VERSION:-version-12.19.0}
image: ${GLOBAL_REGISTRY:-}arizephoenix/phoenix:${PHOENIX_VERSION:-12.25.0-nonroot}
ports:
- "${PHOENIX_PORT_OVERRIDE:-6006}:6006" # UI and OTLP HTTP collector
- "${PHOENIX_GRPC_PORT_OVERRIDE:-4317}:4317" # OTLP gRPC collector

102
src/renovate/.env.example Normal file
View File

@@ -0,0 +1,102 @@
# Renovate Configuration
# Image version
RENOVATE_VERSION=42.52.5-full
# Global registry prefix (optional, e.g., your.registry.com/)
GLOBAL_REGISTRY=
# Timezone
TZ=UTC
# ==================== Authentication ====================
# Platform type: github, gitlab, gitea, bitbucket, azure, etc.
RENOVATE_PLATFORM=github
# API endpoint (leave empty for github.com, gitlab.com, etc.)
# For self-hosted: https://gitlab.example.com/api/v4
RENOVATE_ENDPOINT=
# Authentication token (REQUIRED)
# GitHub: Personal Access Token or GitHub App token
# GitLab: Personal Access Token or Project Access Token
# Get token from: https://github.com/settings/tokens (for GitHub)
RENOVATE_TOKEN=
# Alternative: GitHub.com token (if using GitHub platform)
GITHUB_COM_TOKEN=
# ==================== Repositories ====================
# Repositories to process (comma-separated)
# Format: owner/repo or org/repo
# Example: myorg/repo1,myorg/repo2
# Leave empty to process all accessible repositories
RENOVATE_REPOSITORIES=
# ==================== Git Configuration ====================
# Git author for commits
RENOVATE_GIT_AUTHOR=Renovate Bot <bot@renovateapp.com>
# ==================== Behavior ====================
# Onboarding: Create initial PR to add renovate.json
RENOVATE_ONBOARDING=true
# Require config in repository
# Options: required, optional, ignored
RENOVATE_REQUIRE_CONFIG=optional
# Dry run mode (no actual PRs/commits)
RENOVATE_DRY_RUN=false
# ==================== Cache ====================
# Enable repository cache for better performance
RENOVATE_REPOSITORY_CACHE=enabled
# Cache directory inside container
RENOVATE_CACHE_DIR=/tmp/renovate/cache
# Base directory for cloned repos
RENOVATE_BASE_DIR=/tmp/renovate/repos
# ==================== Logging ====================
# Log level: fatal, error, warn, info, debug, trace
RENOVATE_LOG_LEVEL=info
# Log format: text, json
RENOVATE_LOG_FORMAT=json
# ==================== Package Registry Authentication ====================
# Docker Hub credentials (if checking Docker images in private registries)
RENOVATE_DOCKER_USER=
RENOVATE_DOCKER_PASSWORD=
# NPM token (if checking private NPM packages)
RENOVATE_NPM_TOKEN=
# ==================== Advanced Configuration ====================
# Path to config.js file (inside container)
RENOVATE_CONFIG_FILE=/usr/src/app/config.js
# ==================== Resources ====================
# CPU limits
RENOVATE_CPU_LIMIT=2.0
RENOVATE_CPU_RESERVATION=0.5
# Memory limits
RENOVATE_MEMORY_LIMIT=2G
RENOVATE_MEMORY_RESERVATION=512M
# ==================== User/Group ID ====================
# User and group ID for file permissions
PUID=1000
PGID=1000

227
src/renovate/README.md Normal file
View File

@@ -0,0 +1,227 @@
# Renovate - Automated Dependency Updates
[中文文档](README.zh.md)
Renovate is an automated dependency update tool that keeps your project dependencies up-to-date by creating pull requests when new versions are available.
## Features
- 🤖 Automated dependency updates across multiple platforms
- 🔄 Support for GitHub, GitLab, Gitea, Bitbucket, Azure DevOps, and more
- 📦 Multi-language support: JavaScript, Python, Go, Docker, and many more
- 🎯 Highly configurable with smart defaults
- 🔒 Security-focused with vulnerability scanning
- 📊 Detailed update summaries and changelogs
- ⚙️ Flexible scheduling and auto-merge options
## Quick Start
1. **Copy the example environment file:**
```bash
cp .env.example .env
```
2. **Configure authentication:**
Edit `.env` and set:
- `RENOVATE_PLATFORM`: Your platform (e.g., `github`, `gitlab`, `gitea`)
- `RENOVATE_TOKEN`: Your authentication token (required)
- `RENOVATE_REPOSITORIES`: Repositories to process (e.g., `myorg/repo1,myorg/repo2`)
3. **Get authentication token:**
- **GitHub**: Create a Personal Access Token at <https://github.com/settings/tokens>
- Required scopes: `repo`, `workflow`
- **GitLab**: Create a Personal Access Token at <https://gitlab.com/-/profile/personal_access_tokens>
- Required scopes: `api`, `write_repository`
4. **Run Renovate:**
```bash
# One-time execution
docker compose run --rm renovate
# Or set up a cron job for periodic runs
# Example: Run daily at 2 AM
0 2 * * * cd /path/to/renovate && docker compose run --rm renovate
```
## Configuration
### Environment Variables
Key environment variables in `.env`:
| Variable | Description | Default |
| ----------------------- | ----------------------- | -------------- |
| `RENOVATE_VERSION` | Renovate image version | `42.52.5-full` |
| `RENOVATE_PLATFORM` | Platform type | `github` |
| `RENOVATE_TOKEN` | Authentication token | **(required)** |
| `RENOVATE_REPOSITORIES` | Repositories to process | `''` |
| `RENOVATE_ONBOARDING` | Create onboarding PR | `true` |
| `RENOVATE_DRY_RUN` | Dry run mode | `false` |
| `RENOVATE_LOG_LEVEL` | Log level | `info` |
### Advanced Configuration
For advanced configuration, edit `config.js`:
```javascript
module.exports = {
platform: 'github',
repositories: ['myorg/repo1', 'myorg/repo2'],
// Schedule (cron format)
schedule: ['before 5am on monday'],
// Auto-merge settings
automerge: true,
automergeType: 'pr',
// Package rules
packageRules: [
{
matchUpdateTypes: ['minor', 'patch'],
automerge: true,
},
],
};
```
## Usage Examples
### Run on Specific Repositories
```bash
# Using environment variable
RENOVATE_REPOSITORIES=myorg/repo1,myorg/repo2 docker compose run --rm renovate
# Using config.js - edit the file first
docker compose run --rm renovate
```
### Dry Run Mode
Test configuration without creating actual PRs:
```bash
RENOVATE_DRY_RUN=full docker compose run --rm renovate
```
### Debug Mode
Enable detailed logging for troubleshooting:
```bash
RENOVATE_LOG_LEVEL=debug docker compose run --rm renovate
```
### Scheduled Execution
Create a systemd timer or cron job:
```bash
# Cron example (run daily at 2 AM)
0 2 * * * cd /path/to/renovate && docker compose run --rm renovate >> /var/log/renovate.log 2>&1
```
## How It Works
1. **Onboarding**: On first run, Renovate creates an onboarding PR with a `renovate.json` configuration file
2. **Scanning**: Renovate scans your repository for dependency files (package.json, requirements.txt, Dockerfile, etc.)
3. **Detection**: Checks for available updates across all detected dependencies
4. **PRs**: Creates pull requests for updates based on your configuration
5. **Scheduling**: Can be configured to run on a schedule (daily, weekly, etc.)
## Repository Configuration
After onboarding, configure Renovate behavior in your repository's `renovate.json`:
```json
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["config:base"],
"schedule": ["after 10pm every weekday", "before 5am every weekday", "every weekend"],
"packageRules": [
{
"matchUpdateTypes": ["minor", "patch"],
"automerge": true
}
]
}
```
## Supported Platforms
- GitHub (github.com and Enterprise Server)
- GitLab (gitlab.com and Self-Managed)
- Gitea
- Bitbucket Cloud and Server
- Azure DevOps
- And more...
## Supported Languages & Managers
Renovate supports 100+ package managers including:
- **JavaScript/Node.js**: npm, yarn, pnpm
- **Python**: pip, poetry, pipenv
- **Go**: go modules
- **Java**: maven, gradle
- **PHP**: composer
- **Ruby**: bundler
- **Rust**: cargo
- **Docker**: Dockerfile, docker-compose
- And many more...
## Security
- Runs as non-root user (configurable via `PUID`/`PGID`)
- Minimal capabilities with security hardening
- Token-based authentication (never expose tokens in logs)
- Support for vulnerability scanning and security updates
## Resources
Resource limits can be adjusted in `.env`:
- **CPU**: 2.0 cores limit, 0.5 cores reserved
- **Memory**: 2GB limit, 512MB reserved
## Troubleshooting
### No repositories found
Ensure `RENOVATE_TOKEN` has proper permissions and `RENOVATE_REPOSITORIES` is set correctly.
### Authentication errors
Verify token scopes:
- GitHub: `repo`, `workflow`
- GitLab: `api`, `write_repository`
### Rate limiting
Configure rate limits in `config.js`:
```javascript
prConcurrentLimit: 10,
prHourlyLimit: 2,
```
## Documentation
- Official Documentation: <https://docs.renovatebot.com/>
- Configuration Options: <https://docs.renovatebot.com/configuration-options/>
- GitHub Repository: <https://github.com/renovatebot/renovate>
## License
Renovate is licensed under the AGPL-3.0 license. See the [Renovate repository](https://github.com/renovatebot/renovate) for details.
## Notes
- Renovate is designed to run as a scheduled job, not a continuous service
- First run will create an onboarding PR in each repository
- Consider setting up a cron job or CI/CD pipeline for regular execution
- Monitor logs to ensure updates are being processed correctly

227
src/renovate/README.zh.md Normal file
View File

@@ -0,0 +1,227 @@
# Renovate - 自动化依赖更新工具
[English](README.md)
Renovate 是一个自动化依赖更新工具,当有新版本可用时,它会通过创建拉取请求来保持你的项目依赖最新。
## 特性
- 🤖 跨多平台的自动化依赖更新
- 🔄 支持 GitHub、GitLab、Gitea、Bitbucket、Azure DevOps 等
- 📦 多语言支持JavaScript、Python、Go、Docker 等众多语言
- 🎯 高度可配置,提供智能默认值
- 🔒 注重安全,支持漏洞扫描
- 📊 详细的更新摘要和变更日志
- ⚙️ 灵活的调度和自动合并选项
## 快速开始
1. **复制示例环境文件:**
```bash
cp .env.example .env
```
2. **配置身份验证:**
编辑 `.env` 文件并设置:
- `RENOVATE_PLATFORM`:你的平台(例如:`github`、`gitlab`、`gitea`
- `RENOVATE_TOKEN`:你的身份验证令牌(必需)
- `RENOVATE_REPOSITORIES`:要处理的仓库(例如:`myorg/repo1,myorg/repo2`
3. **获取身份验证令牌:**
- **GitHub**:在 <https://github.com/settings/tokens> 创建个人访问令牌
- 所需权限:`repo`、`workflow`
- **GitLab**:在 <https://gitlab.com/-/profile/personal_access_tokens> 创建个人访问令牌
- 所需权限:`api`、`write_repository`
4. **运行 Renovate**
```bash
# 一次性执行
docker compose run --rm renovate
# 或设置定时任务以定期运行
# 示例:每天凌晨 2 点运行
0 2 * * * cd /path/to/renovate && docker compose run --rm renovate
```
## 配置
### 环境变量
`.env` 中的关键环境变量:
| 变量 | 描述 | 默认值 |
| ----------------------- | ----------------- | -------------- |
| `RENOVATE_VERSION` | Renovate 镜像版本 | `42.52.5-full` |
| `RENOVATE_PLATFORM` | 平台类型 | `github` |
| `RENOVATE_TOKEN` | 身份验证令牌 | **(必需)** |
| `RENOVATE_REPOSITORIES` | 要处理的仓库 | `''` |
| `RENOVATE_ONBOARDING` | 创建引导 PR | `true` |
| `RENOVATE_DRY_RUN` | 演练模式 | `false` |
| `RENOVATE_LOG_LEVEL` | 日志级别 | `info` |
### 高级配置
对于高级配置,编辑 `config.js`
```javascript
module.exports = {
platform: 'github',
repositories: ['myorg/repo1', 'myorg/repo2'],
// 调度cron 格式)
schedule: ['before 5am on monday'],
// 自动合并设置
automerge: true,
automergeType: 'pr',
// 包规则
packageRules: [
{
matchUpdateTypes: ['minor', 'patch'],
automerge: true,
},
],
};
```
## 使用示例
### 在特定仓库上运行
```bash
# 使用环境变量
RENOVATE_REPOSITORIES=myorg/repo1,myorg/repo2 docker compose run --rm renovate
# 使用 config.js - 先编辑文件
docker compose run --rm renovate
```
### 演练模式
在不创建实际 PR 的情况下测试配置:
```bash
RENOVATE_DRY_RUN=full docker compose run --rm renovate
```
### 调试模式
启用详细日志以进行故障排除:
```bash
RENOVATE_LOG_LEVEL=debug docker compose run --rm renovate
```
### 定期执行
创建 systemd 定时器或 cron 任务:
```bash
# Cron 示例(每天凌晨 2 点运行)
0 2 * * * cd /path/to/renovate && docker compose run --rm renovate >> /var/log/renovate.log 2>&1
```
## 工作原理
1. **引导**首次运行时Renovate 会创建一个包含 `renovate.json` 配置文件的引导 PR
2. **扫描**Renovate 扫描你的仓库以查找依赖文件package.json、requirements.txt、Dockerfile 等)
3. **检测**:检查所有检测到的依赖项的可用更新
4. **创建 PR**:根据你的配置创建更新的拉取请求
5. **调度**:可以配置为按计划运行(每天、每周等)
## 仓库配置
引导后,在仓库的 `renovate.json` 中配置 Renovate 行为:
```json
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["config:base"],
"schedule": ["after 10pm every weekday", "before 5am every weekday", "every weekend"],
"packageRules": [
{
"matchUpdateTypes": ["minor", "patch"],
"automerge": true
}
]
}
```
## 支持的平台
- GitHubgithub.com 和 Enterprise Server
- GitLabgitlab.com 和 Self-Managed
- Gitea
- Bitbucket Cloud 和 Server
- Azure DevOps
- 以及更多...
## 支持的语言和管理器
Renovate 支持 100 多个包管理器,包括:
- **JavaScript/Node.js**npm、yarn、pnpm
- **Python**pip、poetry、pipenv
- **Go**go modules
- **Java**maven、gradle
- **PHP**composer
- **Ruby**bundler
- **Rust**cargo
- **Docker**Dockerfile、docker-compose
- 以及更多...
## 安全性
- 以非 root 用户运行(可通过 `PUID`/`PGID` 配置)
- 最小权限与安全加固
- 基于令牌的身份验证(绝不在日志中暴露令牌)
- 支持漏洞扫描和安全更新
## 资源
资源限制可在 `.env` 中调整:
- **CPU**2.0 核限制0.5 核保留
- **内存**2GB 限制512MB 保留
## 故障排除
### 未找到仓库
确保 `RENOVATE_TOKEN` 具有适当的权限,并且 `RENOVATE_REPOSITORIES` 设置正确。
### 身份验证错误
验证令牌权限:
- GitHub`repo`、`workflow`
- GitLab`api`、`write_repository`
### 速率限制
在 `config.js` 中配置速率限制:
```javascript
prConcurrentLimit: 10,
prHourlyLimit: 2,
```
## 文档
- 官方文档:<https://docs.renovatebot.com/>
- 配置选项:<https://docs.renovatebot.com/configuration-options/>
- GitHub 仓库:<https://github.com/renovatebot/renovate>
## 许可证
Renovate 采用 AGPL-3.0 许可证。详情请参见 [Renovate 仓库](https://github.com/renovatebot/renovate)。
## 注意事项
- Renovate 设计为作为计划任务运行,而不是持续服务
- 首次运行将在每个仓库中创建一个引导 PR
- 考虑设置 cron 任务或 CI/CD 管道以定期执行
- 监控日志以确保更新正在正确处理

43
src/renovate/config.js Normal file
View File

@@ -0,0 +1,43 @@
// Renovate configuration file
// This is a JavaScript configuration file for advanced settings
// For simple setups, you can configure everything via environment variables
// Documentation: https://docs.renovatebot.com/configuration-options/
module.exports = {
// Uncomment and configure as needed
// platform: 'github',
// token: process.env.RENOVATE_TOKEN,
// repositories: [
// 'myorg/repo1',
// 'myorg/repo2',
// ],
// onboarding: true,
// requireConfig: 'optional',
// // Schedule (cron format)
// schedule: ['before 5am on monday'],
// // Auto-merge settings
// automerge: true,
// automergeType: 'pr',
// automergeStrategy: 'squash',
// // PR settings
// prConcurrentLimit: 10,
// prHourlyLimit: 2,
// // Package rules
// packageRules: [
// {
// matchUpdateTypes: ['minor', 'patch'],
// automerge: true,
// },
// {
// matchUpdateTypes: ['major'],
// labels: ['major-update'],
// },
// ],
};

100
src/renovate/docker-compose.yaml Normal file
View File

@@ -0,0 +1,100 @@
# Renovate - Automated Dependency Updates
# https://github.com/renovatebot/renovate
x-defaults: &defaults
restart: unless-stopped
logging:
driver: json-file
options:
max-size: 100m
max-file: "3"
services:
renovate:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}renovate/renovate:${RENOVATE_VERSION:-42.52.5-full}
# Renovate runs as a scheduled job, not a continuous service
# Use 'docker compose run --rm renovate' to execute manually
# Or configure with cron/scheduler for periodic runs
restart: "no"
volumes:
# Configuration files
- ./config.js:/usr/src/app/config.js:ro
environment:
# Timezone
- TZ=${TZ:-UTC}
# Renovate configuration
- RENOVATE_CONFIG_FILE=${RENOVATE_CONFIG_FILE:-/usr/src/app/config.js}
# Platform (github, gitlab, gitea, bitbucket, etc.)
- RENOVATE_PLATFORM=${RENOVATE_PLATFORM:-github}
- RENOVATE_ENDPOINT=${RENOVATE_ENDPOINT:-}
# Authentication token (required)
- RENOVATE_TOKEN=${RENOVATE_TOKEN:-}
# Or use GitHub App
- GITHUB_COM_TOKEN=${GITHUB_COM_TOKEN:-}
# Repositories to process (comma-separated or use config.js)
- RENOVATE_REPOSITORIES=${RENOVATE_REPOSITORIES:-}
# Git author for commits
- RENOVATE_GIT_AUTHOR=${RENOVATE_GIT_AUTHOR:-Renovate Bot <bot@renovateapp.com>}
# Logging
- LOG_LEVEL=${RENOVATE_LOG_LEVEL:-info}
- LOG_FORMAT=${RENOVATE_LOG_FORMAT:-json}
# Onboarding (create PR to add renovate.json)
- RENOVATE_ONBOARDING=${RENOVATE_ONBOARDING:-true}
- RENOVATE_ONBOARDING_CONFIG=${RENOVATE_ONBOARDING_CONFIG:-{"$$schema":"https://docs.renovatebot.com/renovate-schema.json"}}
# Require config in repo
- RENOVATE_REQUIRE_CONFIG=${RENOVATE_REQUIRE_CONFIG:-optional}
# Docker authentication (if checking Docker images)
- RENOVATE_DOCKER_USER=${RENOVATE_DOCKER_USER:-}
- RENOVATE_DOCKER_PASSWORD=${RENOVATE_DOCKER_PASSWORD:-}
# NPM authentication (if checking NPM packages)
- RENOVATE_NPM_TOKEN=${RENOVATE_NPM_TOKEN:-}
# Dry run mode (no actual updates)
- RENOVATE_DRY_RUN=${RENOVATE_DRY_RUN:-false}
# Cache
- RENOVATE_REPOSITORY_CACHE=${RENOVATE_REPOSITORY_CACHE:-enabled}
- RENOVATE_CACHE_DIR=${RENOVATE_CACHE_DIR:-/tmp/renovate/cache}
# Base directory
- RENOVATE_BASE_DIR=${RENOVATE_BASE_DIR:-/tmp/renovate/repos}
# Healthcheck not applicable for one-shot jobs
# healthcheck:
# disable: true
deploy:
resources:
limits:
cpus: ${RENOVATE_CPU_LIMIT:-2.0}
memory: ${RENOVATE_MEMORY_LIMIT:-2G}
reservations:
cpus: ${RENOVATE_CPU_RESERVATION:-0.5}
memory: ${RENOVATE_MEMORY_RESERVATION:-512M}
# Security options
read_only: false # Renovate needs to write to cache and clone repos
user: "${PUID:-1000}:${PGID:-1000}"
cap_drop:
- ALL
cap_add:
- CHOWN
- SETUID
- SETGID
- DAC_OVERRIDE
security_opt:
- no-new-privileges:true