chore: update bifrost-gateway

feat: add renovate
chore: update versions
2025-12-15 09:58:42 +08:00 · 2025-12-14 19:55:30 +08:00 · 2025-12-14 15:18:26 +08:00
27 changed files with 741 additions and 27 deletions
--- a/README.md
+++ b/README.md
@@ -14,7 +14,7 @@ Compose Anything helps users quickly deploy various services by providing a set
 | [Apache Kafka](./src/kafka)                                   | 7.8.0                        |
 | [Apache Pulsar](./src/pulsar)                                 | 4.0.7                        |
 | [Apache RocketMQ](./src/rocketmq)                             | 5.3.1                        |
-| [Bifrost Gateway](./src/bifrost-gateway)                      | 1.2.15                       |
+| [Bifrost Gateway](./src/bifrost-gateway)                      | 1.3.48                       |
 | [Bolt.diy](./src/bolt-diy)                                    | latest                       |
 | [Budibase](./src/budibase)                                    | 3.23.0                       |
 | [Bytebot](./src/bytebot)                                      | edge                         |
@@ -32,7 +32,7 @@ Compose Anything helps users quickly deploy various services by providing a set
 | [Firecrawl](./src/firecrawl)                                  | latest                       |
 | [frpc](./src/frpc)                                            | 0.64.0                       |
 | [frps](./src/frps)                                            | 0.64.0                       |
-| [Gitea Runner](./src/gitea-runner)                            | 0.2.12                       |
+| [Gitea Runner](./src/gitea-runner)                            | 0.2.13                       |
 | [Gitea](./src/gitea)                                          | 1.24.6                       |
 | [GitLab Runner](./src/gitlab-runner)                          | 17.10.1                      |
 | [GitLab](./src/gitlab)                                        | 17.10.4-ce.0                 |
@@ -95,6 +95,7 @@ Compose Anything helps users quickly deploy various services by providing a set
 | [Redpanda](./src/redpanda)                                    | v24.3.1                      |
 | [Redis Cluster](./src/redis-cluster)                          | 8.2.1                        |
 | [Redis](./src/redis)                                          | 8.2.1                        |
 | [Renovate](./src/renovate)                                    | 42.52.5-full                 |
 | [Restate Cluster](./src/restate-cluster)                      | 1.5.3                        |
 | [Restate](./src/restate)                                      | 1.5.3                        |
 | [SearXNG](./src/searxng)                                      | 2025.1.20-1ce14ef99          |
--- a/README.zh.md
+++ b/README.zh.md
@@ -14,7 +14,7 @@ Compose Anything 通过提供一组高质量的 Docker Compose 配置文件，
 | [Apache Kafka](./src/kafka)                                   | 7.8.0                        |
 | [Apache Pulsar](./src/pulsar)                                 | 4.0.7                        |
 | [Apache RocketMQ](./src/rocketmq)                             | 5.3.1                        |
-| [Bifrost Gateway](./src/bifrost-gateway)                      | 1.2.15                       |
+| [Bifrost Gateway](./src/bifrost-gateway)                      | 1.3.48                       |
 | [Bolt.diy](./src/bolt-diy)                                    | latest                       |
 | [Budibase](./src/budibase)                                    | 3.23.0                       |
 | [Bytebot](./src/bytebot)                                      | edge                         |
@@ -32,7 +32,7 @@ Compose Anything 通过提供一组高质量的 Docker Compose 配置文件，
 | [Firecrawl](./src/firecrawl)                                  | latest                       |
 | [frpc](./src/frpc)                                            | 0.64.0                       |
 | [frps](./src/frps)                                            | 0.64.0                       |
-| [Gitea Runner](./src/gitea-runner)                            | 0.2.12                       |
+| [Gitea Runner](./src/gitea-runner)                            | 0.2.13                       |
 | [Gitea](./src/gitea)                                          | 1.24.6                       |
 | [GitLab Runner](./src/gitlab-runner)                          | 17.10.1                      |
 | [GitLab](./src/gitlab)                                        | 17.10.4-ce.0                 |
@@ -95,6 +95,7 @@ Compose Anything 通过提供一组高质量的 Docker Compose 配置文件，
 | [Redpanda](./src/redpanda)                                    | v24.3.1                      |
 | [Redis Cluster](./src/redis-cluster)                          | 8.2.1                        |
 | [Redis](./src/redis)                                          | 8.2.1                        |
 | [Renovate](./src/renovate)                                    | 42.52.5-full                 |
 | [Restate Cluster](./src/restate-cluster)                      | 1.5.3                        |
 | [Restate](./src/restate)                                      | 1.5.3                        |
 | [SearXNG](./src/searxng)                                      | 2025.1.20-1ce14ef99          |
--- a/builds/mineru/.env.example
+++ b/builds/mineru/.env.example
@@ -1,5 +1,5 @@
 # MinerU Docker image
-MINERU_DOCKER_IMAGE=alexsuntop/mineru:2.6.5
+MINERU_DOCKER_IMAGE=alexsuntop/mineru:2.6.6
 # Port configurations
 MINERU_PORT_OVERRIDE_VLLM=30000
--- a/builds/mineru/README.md
+++ b/builds/mineru/README.md
@@ -39,7 +39,7 @@ mineru -p demo.pdf -o ./output -b vlm-http-client -u http://localhost:30000
 ## Configuration
- `MINERU_VERSION`: The version for MinerU, default is `2.6.5`.
+- `MINERU_VERSION`: The version for MinerU, default is `2.6.6`.
 - `MINERU_PORT_OVERRIDE_VLLM`: The host port for the VLLM server, default is `30000`.
 - `MINERU_PORT_OVERRIDE_API`: The host port for the API service, default is `8000`.
 - `MINERU_PORT_OVERRIDE_GRADIO`: The host port for the Gradio WebUI, default is `7860`.
--- a/builds/mineru/README.zh.md
+++ b/builds/mineru/README.zh.md
@@ -39,7 +39,7 @@ mineru -p demo.pdf -o ./output -b vlm-http-client -u http://localhost:30000
 ## 配置
- `MINERU_VERSION`: MinerU 的 Docker 镜像版本，默认为 `2.6.5`。
+- `MINERU_VERSION`: MinerU 的 Docker 镜像版本，默认为 `2.6.6`。
 - `MINERU_PORT_OVERRIDE_VLLM`: VLLM 服务器的主机端口，默认为 `30000`。
 - `MINERU_PORT_OVERRIDE_API`: API 服务的主机端口，默认为 `8000`。
 - `MINERU_PORT_OVERRIDE_GRADIO`: Gradio WebUI 的主机端口，默认为 `7860`。
--- a/builds/mineru/docker-compose.yaml
+++ b/builds/mineru/docker-compose.yaml
@@ -8,7 +8,7 @@ x-defaults: &defaults
 x-mineru-vllm: &mineru-vllm
  <<: *defaults
-  image: ${GLOBAL_REGISTRY:-}alexsuntop/mineru:${MINERU_VERSION:-2.6.5}
+  image: ${GLOBAL_REGISTRY:-}alexsuntop/mineru:${MINERU_VERSION:-2.6.6}
  build:
    context: .
    dockerfile: Dockerfile
--- a/src/bifrost-gateway/.env.example
+++ b/src/bifrost-gateway/.env.example
@@ -1,5 +1,5 @@
 # Bifrost Gateway Version
-BIFROST_VERSION=v1.2.15
+BIFROST_VERSION=v1.3.48
 # Port to bind to on the host machine
 BIFROST_PORT=28080
--- a/src/bifrost-gateway/README.md
+++ b/src/bifrost-gateway/README.md
@@ -10,7 +10,7 @@ Bifrost is a lightweight, high-performance LLM gateway that supports multiple mo
 ## Configuration
- `BIFROST_VERSION`: The version of the Bifrost image, default is `v1.2.15`.
+- `BIFROST_VERSION`: The version of the Bifrost image, default is `v1.3.48`.
 - `BIFROST_PORT`: The port for the Bifrost service, default is `28080`.
 ## Volumes
--- a/src/bifrost-gateway/README.zh.md
+++ b/src/bifrost-gateway/README.zh.md
@@ -10,7 +10,7 @@ Bifrost 是一个轻量级、高性能的 LLM 网关，支持多种模型和提
 ## 配置
- `BIFROST_VERSION`: Bifrost 镜像的版本，默认为 `v1.2.15`。
+- `BIFROST_VERSION`: Bifrost 镜像的版本，默认为 `v1.3.48`。
 - `BIFROST_PORT`: Bifrost 服务的端口，默认为 `28080`。
 ## 卷
--- a/src/bifrost-gateway/docker-compose.yaml
+++ b/src/bifrost-gateway/docker-compose.yaml
@@ -9,7 +9,7 @@ x-defaults: &defaults
 services:
  bifrost:
    <<: *defaults
-    image: ${GLOBAL_REGISTRY:-}maximhq/bifrost:${BIFROST_VERSION:-v1.2.15}
+    image: ${GLOBAL_REGISTRY:-}maximhq/bifrost:${BIFROST_VERSION:-v1.3.48}
    volumes:
      - bifrost_data:/app/data
    ports:
--- a/src/gitea-runner/README.md
+++ b/src/gitea-runner/README.md
@@ -9,7 +9,7 @@ This service sets up a Gitea Runner.
 1. Generate the `config.yaml` file:
   ```bash
-   docker run --entrypoint="" --rm -it gitea/act_runner:0.2.12 act_runner generate-config > config.yaml
+   docker run --entrypoint="" --rm -it gitea/act_runner:0.2.13 act_runner generate-config > config.yaml
   ```
 2. Configure `config.yaml`, for example:
--- a/src/gitea-runner/README.zh.md
+++ b/src/gitea-runner/README.zh.md
@@ -9,7 +9,7 @@
 1. 生成 `config.yaml` 文件：
   ```bash
-   docker run --entrypoint="" --rm -it gitea/act_runner:0.2.12 act_runner generate-config > config.yaml
+   docker run --entrypoint="" --rm -it gitea/act_runner:0.2.13 act_runner generate-config > config.yaml
   ```
 2. 配置 `config.yaml`，例如：
--- a/src/gitea-runner/config.yaml
+++ b/src/gitea-runner/config.yaml
@@ -32,6 +32,11 @@ runner:
  fetch_timeout: 5s
  # The interval for fetching the job from the Gitea instance.
  fetch_interval: 2s
  # The github_mirror of a runner is used to specify the mirror address of the github that pulls the action repository.
  # It works when something like `uses: actions/checkout@v4` is used and DEFAULT_ACTIONS_URL is set to github,
  # and github_mirror is not empty. In this case,
  # it replaces https://github.com with the value here, which is useful for some special network environments.
  github_mirror: ''
  # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
  # Like: "macos-arm64:host" or "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest"
  # Find more images provided by Gitea at https://gitea.com/docker.gitea.com/runner-images .
@@ -66,7 +71,7 @@ container:
  # If it's empty, act_runner will create a network automatically.
  network: ""
  # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
-  privileged: true #! #####CHANGED#####
+  privileged: false
  # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
  options:
  # The parent directory of a job's working directory.
@@ -91,9 +96,13 @@ container:
  # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
  docker_host: ""
  # Pull docker image(s) even if already present
-  force_pull: false #! #####CHANGED#####
+  force_pull: true
  # Rebuild docker image(s) even if already present
  force_rebuild: false
  # Always require a reachable docker daemon, even if not required by act_runner
  require_docker: false
  # Timeout to wait for the docker daemon to be reachable, if docker is required by require_docker or act_runner
  docker_timeout: 0s
 host:
  # The parent directory of a job's working directory.
--- a/src/gitea/.env.example
+++ b/src/gitea/.env.example
@@ -1,5 +1,5 @@
 # Gitea Version
-GITEA_VERSION=1.24.6-rootless
+GITEA_VERSION=1.25.2-rootless
 # Database configuration
 GITEA_DB_TYPE=postgres
@@ -13,4 +13,4 @@ POSTGRES_DB=gitea
 # Gitea ports
 GITEA_HTTP_PORT=3000
-GITEA_SSH_PORT=3022
+GITEA_SSH_PORT=2222
--- a/src/gitea/docker-compose.yaml
+++ b/src/gitea/docker-compose.yaml
@@ -9,7 +9,7 @@ x-defaults: &defaults
 services:
  gitea:
    <<: *defaults
-    image: ${GLOBAL_REGISTRY:-}gitea/gitea:${GITEA_VERSION:-1.24.6-rootless}
+    image: ${GLOBAL_REGISTRY:-}gitea/gitea:${GITEA_VERSION:-1.25.2-rootless}
    environment:
      - USER_UID=1000
      - USER_GID=1000
@@ -20,10 +20,11 @@ services:
      - GITEA__database__NAME=${POSTGRES_DB:-gitea}
      - GITEA__database__PASSWD=${POSTGRES_PASSWORD:-gitea}
    volumes:
-      - ./gitea:/data
+      - gitea_data:/var/lib/gitea
      - gitea_config:/etc/gitea
    ports:
      - "${GITEA_HTTP_PORT:-3000}:3000"
-      - "${GITEA_SSH_PORT:-3022}:22"
+      - "${GITEA_SSH_PORT:-2222}:2222"
    depends_on:
      db:
        condition: service_healthy
@@ -69,4 +70,5 @@ services:
 volumes:
  gitea_data:
  gitea_config:
  postgres:
--- a/src/nexa-sdk/README.md
+++ b/src/nexa-sdk/README.md
@@ -27,7 +27,7 @@ This service deploys NexaSDK Docker for running AI models with OpenAI-compatible
 ### CPU Mode
 ```bash
-docker compose up -d
+docker compose --profile cpu up -d
 ```
 ### GPU Mode (CUDA)
--- a/src/nexa-sdk/README.zh.md
+++ b/src/nexa-sdk/README.zh.md
@@ -27,7 +27,7 @@
 ### CPU 模式
 ```bash
-docker compose up -d
+docker compose --profile cpu up -d
 ```
 ### GPU 模式（CUDA）
--- a/src/nexa-sdk/docker-compose.yaml
+++ b/src/nexa-sdk/docker-compose.yaml
@@ -13,6 +13,8 @@ x-defaults: &defaults
 services:
  nexa-sdk:
    <<: *defaults
    profiles:
      - cpu
    image: ${GLOBAL_REGISTRY:-}nexa4ai/nexasdk:${NEXA_SDK_VERSION:-v0.2.62}
    ports:
      - "${NEXA_SDK_PORT_OVERRIDE:-18181}:18181"
--- a/src/phoenix/.env.example
+++ b/src/phoenix/.env.example
@@ -1,5 +1,5 @@
 # Phoenix version
-PHOENIX_VERSION=version-12.19.0
+PHOENIX_VERSION=12.25.0-nonroot
 # Timezone
 TZ=UTC
--- a/src/phoenix/README.md
+++ b/src/phoenix/README.md
@@ -20,7 +20,7 @@ Arize Phoenix is an open-source AI observability platform for LLM applications.
 | Variable Name              | Description                           | Default Value     |
 | -------------------------- | ------------------------------------- | ----------------- |
-| PHOENIX_VERSION            | Phoenix image version                 | `version-12.19.0` |
+| PHOENIX_VERSION            | Phoenix image version                 | `12.25.0-nonroot` |
 | PHOENIX_PORT_OVERRIDE      | Host port for Phoenix UI and HTTP API | `6006`            |
 | PHOENIX_GRPC_PORT_OVERRIDE | Host port for OTLP gRPC collector     | `4317`            |
 | PHOENIX_ENABLE_PROMETHEUS  | Enable Prometheus metrics endpoint    | `false`           |
--- a/src/phoenix/README.zh.md
+++ b/src/phoenix/README.zh.md
@@ -20,7 +20,7 @@ Arize Phoenix 是一个开源的 AI 可观测性平台，专为 LLM 应用设计
 | 变量名                     | 描述                              | 默认值            |
 | -------------------------- | --------------------------------- | ----------------- |
-| PHOENIX_VERSION            | Phoenix 镜像版本                  | `version-12.19.0` |
+| PHOENIX_VERSION            | Phoenix 镜像版本                  | `12.25.0-nonroot` |
 | PHOENIX_PORT_OVERRIDE      | Phoenix UI 和 HTTP API 的主机端口 | `6006`            |
 | PHOENIX_GRPC_PORT_OVERRIDE | OTLP gRPC 采集器的主机端口        | `4317`            |
 | PHOENIX_ENABLE_PROMETHEUS  | 启用 Prometheus 指标端点          | `false`           |
--- a/src/phoenix/docker-compose.yaml
+++ b/src/phoenix/docker-compose.yaml
@@ -12,7 +12,7 @@ x-defaults: &defaults
 services:
  phoenix:
    <<: *defaults
-    image: ${GLOBAL_REGISTRY:-}arizephoenix/phoenix:${PHOENIX_VERSION:-version-12.19.0}
+    image: ${GLOBAL_REGISTRY:-}arizephoenix/phoenix:${PHOENIX_VERSION:-12.25.0-nonroot}
    ports:
      - "${PHOENIX_PORT_OVERRIDE:-6006}:6006"       # UI and OTLP HTTP collector
      - "${PHOENIX_GRPC_PORT_OVERRIDE:-4317}:4317"  # OTLP gRPC collector
--- a/src/renovate/.env.example
+++ b/src/renovate/.env.example
@@ -0,0 +1,102 @@
 # Renovate Configuration
 # Image version
 RENOVATE_VERSION=42.52.5-full
 # Global registry prefix (optional, e.g., your.registry.com/)
 GLOBAL_REGISTRY=
 # Timezone
 TZ=UTC
 # ==================== Authentication ====================
 # Platform type: github, gitlab, gitea, bitbucket, azure, etc.
 RENOVATE_PLATFORM=github
 # API endpoint (leave empty for github.com, gitlab.com, etc.)
 # For self-hosted: https://gitlab.example.com/api/v4
 RENOVATE_ENDPOINT=
 # Authentication token (REQUIRED)
 # GitHub: Personal Access Token or GitHub App token
 # GitLab: Personal Access Token or Project Access Token
 # Get token from: https://github.com/settings/tokens (for GitHub)
 RENOVATE_TOKEN=
 # Alternative: GitHub.com token (if using GitHub platform)
 GITHUB_COM_TOKEN=
 # ==================== Repositories ====================
 # Repositories to process (comma-separated)
 # Format: owner/repo or org/repo
 # Example: myorg/repo1,myorg/repo2
 # Leave empty to process all accessible repositories
 RENOVATE_REPOSITORIES=
 # ==================== Git Configuration ====================
 # Git author for commits
 RENOVATE_GIT_AUTHOR=Renovate Bot <bot@renovateapp.com>
 # ==================== Behavior ====================
 # Onboarding: Create initial PR to add renovate.json
 RENOVATE_ONBOARDING=true
 # Require config in repository
 # Options: required, optional, ignored
 RENOVATE_REQUIRE_CONFIG=optional
 # Dry run mode (no actual PRs/commits)
 RENOVATE_DRY_RUN=false
 # ==================== Cache ====================
 # Enable repository cache for better performance
 RENOVATE_REPOSITORY_CACHE=enabled
 # Cache directory inside container
 RENOVATE_CACHE_DIR=/tmp/renovate/cache
 # Base directory for cloned repos
 RENOVATE_BASE_DIR=/tmp/renovate/repos
 # ==================== Logging ====================
 # Log level: fatal, error, warn, info, debug, trace
 RENOVATE_LOG_LEVEL=info
 # Log format: text, json
 RENOVATE_LOG_FORMAT=json
 # ==================== Package Registry Authentication ====================
 # Docker Hub credentials (if checking Docker images in private registries)
 RENOVATE_DOCKER_USER=
 RENOVATE_DOCKER_PASSWORD=
 # NPM token (if checking private NPM packages)
 RENOVATE_NPM_TOKEN=
 # ==================== Advanced Configuration ====================
 # Path to config.js file (inside container)
 RENOVATE_CONFIG_FILE=/usr/src/app/config.js
 # ==================== Resources ====================
 # CPU limits
 RENOVATE_CPU_LIMIT=2.0
 RENOVATE_CPU_RESERVATION=0.5
 # Memory limits
 RENOVATE_MEMORY_LIMIT=2G
 RENOVATE_MEMORY_RESERVATION=512M
 # ==================== User/Group ID ====================
 # User and group ID for file permissions
 PUID=1000
 PGID=1000
--- a/src/renovate/README.md
+++ b/src/renovate/README.md
@@ -0,0 +1,227 @@
 # Renovate - Automated Dependency Updates
 [中文文档](README.zh.md)
 Renovate is an automated dependency update tool that keeps your project dependencies up-to-date by creating pull requests when new versions are available.
 ## Features
 - 🤖 Automated dependency updates across multiple platforms
 - 🔄 Support for GitHub, GitLab, Gitea, Bitbucket, Azure DevOps, and more
 - 📦 Multi-language support: JavaScript, Python, Go, Docker, and many more
 - 🎯 Highly configurable with smart defaults
 - 🔒 Security-focused with vulnerability scanning
 - 📊 Detailed update summaries and changelogs
 - ⚙️ Flexible scheduling and auto-merge options
 ## Quick Start
 1. **Copy the example environment file:**
   ```bash
   cp .env.example .env
   ```
 2. **Configure authentication:**
   Edit `.env` and set:
   - `RENOVATE_PLATFORM`: Your platform (e.g., `github`, `gitlab`, `gitea`)
   - `RENOVATE_TOKEN`: Your authentication token (required)
   - `RENOVATE_REPOSITORIES`: Repositories to process (e.g., `myorg/repo1,myorg/repo2`)
 3. **Get authentication token:**
   - **GitHub**: Create a Personal Access Token at <https://github.com/settings/tokens>
     - Required scopes: `repo`, `workflow`
   - **GitLab**: Create a Personal Access Token at <https://gitlab.com/-/profile/personal_access_tokens>
     - Required scopes: `api`, `write_repository`
 4. **Run Renovate:**
   ```bash
   # One-time execution
   docker compose run --rm renovate
   # Or set up a cron job for periodic runs
   # Example: Run daily at 2 AM
   0 2 * * * cd /path/to/renovate && docker compose run --rm renovate
   ```
 ## Configuration
 ### Environment Variables
 Key environment variables in `.env`:
 | Variable                | Description             | Default        |
 | ----------------------- | ----------------------- | -------------- |
 | `RENOVATE_VERSION`      | Renovate image version  | `42.52.5-full` |
 | `RENOVATE_PLATFORM`     | Platform type           | `github`       |
 | `RENOVATE_TOKEN`        | Authentication token    | **(required)** |
 | `RENOVATE_REPOSITORIES` | Repositories to process | `''`           |
 | `RENOVATE_ONBOARDING`   | Create onboarding PR    | `true`         |
 | `RENOVATE_DRY_RUN`      | Dry run mode            | `false`        |
 | `RENOVATE_LOG_LEVEL`    | Log level               | `info`         |
 ### Advanced Configuration
 For advanced configuration, edit `config.js`:
 ```javascript
 module.exports = {
  platform: 'github',
  repositories: ['myorg/repo1', 'myorg/repo2'],
  // Schedule (cron format)
  schedule: ['before 5am on monday'],
  // Auto-merge settings
  automerge: true,
  automergeType: 'pr',
  // Package rules
  packageRules: [
    {
      matchUpdateTypes: ['minor', 'patch'],
      automerge: true,
    },
  ],
 };
 ```
 ## Usage Examples
 ### Run on Specific Repositories
 ```bash
 # Using environment variable
 RENOVATE_REPOSITORIES=myorg/repo1,myorg/repo2 docker compose run --rm renovate
 # Using config.js - edit the file first
 docker compose run --rm renovate
 ```
 ### Dry Run Mode
 Test configuration without creating actual PRs:
 ```bash
 RENOVATE_DRY_RUN=full docker compose run --rm renovate
 ```
 ### Debug Mode
 Enable detailed logging for troubleshooting:
 ```bash
 RENOVATE_LOG_LEVEL=debug docker compose run --rm renovate
 ```
 ### Scheduled Execution
 Create a systemd timer or cron job:
 ```bash
 # Cron example (run daily at 2 AM)
 0 2 * * * cd /path/to/renovate && docker compose run --rm renovate >> /var/log/renovate.log 2>&1
 ```
 ## How It Works
 1. **Onboarding**: On first run, Renovate creates an onboarding PR with a `renovate.json` configuration file
 2. **Scanning**: Renovate scans your repository for dependency files (package.json, requirements.txt, Dockerfile, etc.)
 3. **Detection**: Checks for available updates across all detected dependencies
 4. **PRs**: Creates pull requests for updates based on your configuration
 5. **Scheduling**: Can be configured to run on a schedule (daily, weekly, etc.)
 ## Repository Configuration
 After onboarding, configure Renovate behavior in your repository's `renovate.json`:
 ```json
 {
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": ["config:base"],
  "schedule": ["after 10pm every weekday", "before 5am every weekday", "every weekend"],
  "packageRules": [
    {
      "matchUpdateTypes": ["minor", "patch"],
      "automerge": true
    }
  ]
 }
 ```
 ## Supported Platforms
 - GitHub (github.com and Enterprise Server)
 - GitLab (gitlab.com and Self-Managed)
 - Gitea
 - Bitbucket Cloud and Server
 - Azure DevOps
 - And more...
 ## Supported Languages & Managers
 Renovate supports 100+ package managers including:
 - **JavaScript/Node.js**: npm, yarn, pnpm
 - **Python**: pip, poetry, pipenv
 - **Go**: go modules
 - **Java**: maven, gradle
 - **PHP**: composer
 - **Ruby**: bundler
 - **Rust**: cargo
 - **Docker**: Dockerfile, docker-compose
 - And many more...
 ## Security
 - Runs as non-root user (configurable via `PUID`/`PGID`)
 - Minimal capabilities with security hardening
 - Token-based authentication (never expose tokens in logs)
 - Support for vulnerability scanning and security updates
 ## Resources
 Resource limits can be adjusted in `.env`:
 - **CPU**: 2.0 cores limit, 0.5 cores reserved
 - **Memory**: 2GB limit, 512MB reserved
 ## Troubleshooting
 ### No repositories found
 Ensure `RENOVATE_TOKEN` has proper permissions and `RENOVATE_REPOSITORIES` is set correctly.
 ### Authentication errors
 Verify token scopes:
 - GitHub: `repo`, `workflow`
 - GitLab: `api`, `write_repository`
 ### Rate limiting
 Configure rate limits in `config.js`:
 ```javascript
 prConcurrentLimit: 10,
 prHourlyLimit: 2,
 ```
 ## Documentation
 - Official Documentation: <https://docs.renovatebot.com/>
 - Configuration Options: <https://docs.renovatebot.com/configuration-options/>
 - GitHub Repository: <https://github.com/renovatebot/renovate>
 ## License
 Renovate is licensed under the AGPL-3.0 license. See the [Renovate repository](https://github.com/renovatebot/renovate) for details.
 ## Notes
 - Renovate is designed to run as a scheduled job, not a continuous service
 - First run will create an onboarding PR in each repository
 - Consider setting up a cron job or CI/CD pipeline for regular execution
 - Monitor logs to ensure updates are being processed correctly
--- a/src/renovate/README.zh.md
+++ b/src/renovate/README.zh.md
@@ -0,0 +1,227 @@
 # Renovate - 自动化依赖更新工具
 [English](README.md)
 Renovate 是一个自动化依赖更新工具，当有新版本可用时，它会通过创建拉取请求来保持你的项目依赖最新。
 ## 特性
 - 🤖 跨多平台的自动化依赖更新
 - 🔄 支持 GitHub、GitLab、Gitea、Bitbucket、Azure DevOps 等
 - 📦 多语言支持：JavaScript、Python、Go、Docker 等众多语言
 - 🎯 高度可配置，提供智能默认值
 - 🔒 注重安全，支持漏洞扫描
 - 📊 详细的更新摘要和变更日志
 - ⚙️ 灵活的调度和自动合并选项
 ## 快速开始
 1. **复制示例环境文件：**
   ```bash
   cp .env.example .env
   ```
 2. **配置身份验证：**
   编辑 `.env` 文件并设置：
   - `RENOVATE_PLATFORM`：你的平台（例如：`github`、`gitlab`、`gitea`）
   - `RENOVATE_TOKEN`：你的身份验证令牌（必需）
   - `RENOVATE_REPOSITORIES`：要处理的仓库（例如：`myorg/repo1,myorg/repo2`）
 3. **获取身份验证令牌：**
   - **GitHub**：在 <https://github.com/settings/tokens> 创建个人访问令牌
     - 所需权限：`repo`、`workflow`
   - **GitLab**：在 <https://gitlab.com/-/profile/personal_access_tokens> 创建个人访问令牌
     - 所需权限：`api`、`write_repository`
 4. **运行 Renovate：**
   ```bash
   # 一次性执行
   docker compose run --rm renovate
   # 或设置定时任务以定期运行
   # 示例：每天凌晨 2 点运行
   0 2 * * * cd /path/to/renovate && docker compose run --rm renovate
   ```
 ## 配置
 ### 环境变量
 `.env` 中的关键环境变量：
 | 变量                    | 描述              | 默认值         |
 | ----------------------- | ----------------- | -------------- |
 | `RENOVATE_VERSION`      | Renovate 镜像版本 | `42.52.5-full` |
 | `RENOVATE_PLATFORM`     | 平台类型          | `github`       |
 | `RENOVATE_TOKEN`        | 身份验证令牌      | **（必需）**   |
 | `RENOVATE_REPOSITORIES` | 要处理的仓库      | `''`           |
 | `RENOVATE_ONBOARDING`   | 创建引导 PR       | `true`         |
 | `RENOVATE_DRY_RUN`      | 演练模式          | `false`        |
 | `RENOVATE_LOG_LEVEL`    | 日志级别          | `info`         |
 ### 高级配置
 对于高级配置，编辑 `config.js`：
 ```javascript
 module.exports = {
  platform: 'github',
  repositories: ['myorg/repo1', 'myorg/repo2'],
  // 调度（cron 格式）
  schedule: ['before 5am on monday'],
  // 自动合并设置
  automerge: true,
  automergeType: 'pr',
  // 包规则
  packageRules: [
    {
      matchUpdateTypes: ['minor', 'patch'],
      automerge: true,
    },
  ],
 };
 ```
 ## 使用示例
 ### 在特定仓库上运行
 ```bash
 # 使用环境变量
 RENOVATE_REPOSITORIES=myorg/repo1,myorg/repo2 docker compose run --rm renovate
 # 使用 config.js - 先编辑文件
 docker compose run --rm renovate
 ```
 ### 演练模式
 在不创建实际 PR 的情况下测试配置：
 ```bash
 RENOVATE_DRY_RUN=full docker compose run --rm renovate
 ```
 ### 调试模式
 启用详细日志以进行故障排除：
 ```bash
 RENOVATE_LOG_LEVEL=debug docker compose run --rm renovate
 ```
 ### 定期执行
 创建 systemd 定时器或 cron 任务：
 ```bash
 # Cron 示例（每天凌晨 2 点运行）
 0 2 * * * cd /path/to/renovate && docker compose run --rm renovate >> /var/log/renovate.log 2>&1
 ```
 ## 工作原理
 1. **引导**：首次运行时，Renovate 会创建一个包含 `renovate.json` 配置文件的引导 PR
 2. **扫描**：Renovate 扫描你的仓库以查找依赖文件（package.json、requirements.txt、Dockerfile 等）
 3. **检测**：检查所有检测到的依赖项的可用更新
 4. **创建 PR**：根据你的配置创建更新的拉取请求
 5. **调度**：可以配置为按计划运行（每天、每周等）
 ## 仓库配置
 引导后，在仓库的 `renovate.json` 中配置 Renovate 行为：
 ```json
 {
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": ["config:base"],
  "schedule": ["after 10pm every weekday", "before 5am every weekday", "every weekend"],
  "packageRules": [
    {
      "matchUpdateTypes": ["minor", "patch"],
      "automerge": true
    }
  ]
 }
 ```
 ## 支持的平台
 - GitHub（github.com 和 Enterprise Server）
 - GitLab（gitlab.com 和 Self-Managed）
 - Gitea
 - Bitbucket Cloud 和 Server
 - Azure DevOps
 - 以及更多...
 ## 支持的语言和管理器
 Renovate 支持 100 多个包管理器，包括：
 - **JavaScript/Node.js**：npm、yarn、pnpm
 - **Python**：pip、poetry、pipenv
 - **Go**：go modules
 - **Java**：maven、gradle
 - **PHP**：composer
 - **Ruby**：bundler
 - **Rust**：cargo
 - **Docker**：Dockerfile、docker-compose
 - 以及更多...
 ## 安全性
 - 以非 root 用户运行（可通过 `PUID`/`PGID` 配置）
 - 最小权限与安全加固
 - 基于令牌的身份验证（绝不在日志中暴露令牌）
 - 支持漏洞扫描和安全更新
 ## 资源
 资源限制可在 `.env` 中调整：
 - **CPU**：2.0 核限制，0.5 核保留
 - **内存**：2GB 限制，512MB 保留
 ## 故障排除
 ### 未找到仓库
 确保 `RENOVATE_TOKEN` 具有适当的权限，并且 `RENOVATE_REPOSITORIES` 设置正确。
 ### 身份验证错误
 验证令牌权限：
 - GitHub：`repo`、`workflow`
 - GitLab：`api`、`write_repository`
 ### 速率限制
 在 `config.js` 中配置速率限制：
 ```javascript
 prConcurrentLimit: 10,
 prHourlyLimit: 2,
 ```
 ## 文档
 - 官方文档：<https://docs.renovatebot.com/>
 - 配置选项：<https://docs.renovatebot.com/configuration-options/>
 - GitHub 仓库：<https://github.com/renovatebot/renovate>
 ## 许可证
 Renovate 采用 AGPL-3.0 许可证。详情请参见 [Renovate 仓库](https://github.com/renovatebot/renovate)。
 ## 注意事项
 - Renovate 设计为作为计划任务运行，而不是持续服务
 - 首次运行将在每个仓库中创建一个引导 PR
 - 考虑设置 cron 任务或 CI/CD 管道以定期执行
 - 监控日志以确保更新正在正确处理
--- a/src/renovate/config.js
+++ b/src/renovate/config.js
@@ -0,0 +1,43 @@
 // Renovate configuration file
 // This is a JavaScript configuration file for advanced settings
 // For simple setups, you can configure everything via environment variables
 // Documentation: https://docs.renovatebot.com/configuration-options/
 module.exports = {
  // Uncomment and configure as needed
  // platform: 'github',
  // token: process.env.RENOVATE_TOKEN,
  // repositories: [
  //   'myorg/repo1',
  //   'myorg/repo2',
  // ],
  // onboarding: true,
  // requireConfig: 'optional',
  // // Schedule (cron format)
  // schedule: ['before 5am on monday'],
  // // Auto-merge settings
  // automerge: true,
  // automergeType: 'pr',
  // automergeStrategy: 'squash',
  // // PR settings
  // prConcurrentLimit: 10,
  // prHourlyLimit: 2,
  // // Package rules
  // packageRules: [
  //   {
  //     matchUpdateTypes: ['minor', 'patch'],
  //     automerge: true,
  //   },
  //   {
  //     matchUpdateTypes: ['major'],
  //     labels: ['major-update'],
  //   },
  // ],
 };
--- a/src/renovate/docker-compose.yaml
+++ b/src/renovate/docker-compose.yaml
@@ -0,0 +1,100 @@
 # Renovate - Automated Dependency Updates
 # https://github.com/renovatebot/renovate
 x-defaults: &defaults
  restart: unless-stopped
  logging:
    driver: json-file
    options:
      max-size: 100m
      max-file: "3"
 services:
  renovate:
    <<: *defaults
    image: ${GLOBAL_REGISTRY:-}renovate/renovate:${RENOVATE_VERSION:-42.52.5-full}
    # Renovate runs as a scheduled job, not a continuous service
    # Use 'docker compose run --rm renovate' to execute manually
    # Or configure with cron/scheduler for periodic runs
    restart: "no"
    volumes:
      # Configuration files
      - ./config.js:/usr/src/app/config.js:ro
    environment:
      # Timezone
      - TZ=${TZ:-UTC}
      # Renovate configuration
      - RENOVATE_CONFIG_FILE=${RENOVATE_CONFIG_FILE:-/usr/src/app/config.js}
      # Platform (github, gitlab, gitea, bitbucket, etc.)
      - RENOVATE_PLATFORM=${RENOVATE_PLATFORM:-github}
      - RENOVATE_ENDPOINT=${RENOVATE_ENDPOINT:-}
      # Authentication token (required)
      - RENOVATE_TOKEN=${RENOVATE_TOKEN:-}
      # Or use GitHub App
      - GITHUB_COM_TOKEN=${GITHUB_COM_TOKEN:-}
      # Repositories to process (comma-separated or use config.js)
      - RENOVATE_REPOSITORIES=${RENOVATE_REPOSITORIES:-}
      # Git author for commits
      - RENOVATE_GIT_AUTHOR=${RENOVATE_GIT_AUTHOR:-Renovate Bot <bot@renovateapp.com>}
      # Logging
      - LOG_LEVEL=${RENOVATE_LOG_LEVEL:-info}
      - LOG_FORMAT=${RENOVATE_LOG_FORMAT:-json}
      # Onboarding (create PR to add renovate.json)
      - RENOVATE_ONBOARDING=${RENOVATE_ONBOARDING:-true}
      - RENOVATE_ONBOARDING_CONFIG=${RENOVATE_ONBOARDING_CONFIG:-{"$$schema":"https://docs.renovatebot.com/renovate-schema.json"}}
      # Require config in repo
      - RENOVATE_REQUIRE_CONFIG=${RENOVATE_REQUIRE_CONFIG:-optional}
      # Docker authentication (if checking Docker images)
      - RENOVATE_DOCKER_USER=${RENOVATE_DOCKER_USER:-}
      - RENOVATE_DOCKER_PASSWORD=${RENOVATE_DOCKER_PASSWORD:-}
      # NPM authentication (if checking NPM packages)
      - RENOVATE_NPM_TOKEN=${RENOVATE_NPM_TOKEN:-}
      # Dry run mode (no actual updates)
      - RENOVATE_DRY_RUN=${RENOVATE_DRY_RUN:-false}
      # Cache
      - RENOVATE_REPOSITORY_CACHE=${RENOVATE_REPOSITORY_CACHE:-enabled}
      - RENOVATE_CACHE_DIR=${RENOVATE_CACHE_DIR:-/tmp/renovate/cache}
      # Base directory
      - RENOVATE_BASE_DIR=${RENOVATE_BASE_DIR:-/tmp/renovate/repos}
    # Healthcheck not applicable for one-shot jobs
    # healthcheck:
    #   disable: true
    deploy:
      resources:
        limits:
          cpus: ${RENOVATE_CPU_LIMIT:-2.0}
          memory: ${RENOVATE_MEMORY_LIMIT:-2G}
        reservations:
          cpus: ${RENOVATE_CPU_RESERVATION:-0.5}
          memory: ${RENOVATE_MEMORY_RESERVATION:-512M}
    # Security options
    read_only: false  # Renovate needs to write to cache and clone repos
    user: "${PUID:-1000}:${PGID:-1000}"
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETUID
      - SETGID
      - DAC_OVERRIDE
    security_opt:
      - no-new-privileges:true
Author	SHA1	Message	Date
Sun-ZhenXing	b98e6f652a	chore: update bifrost-gateway	2025-12-15 09:58:42 +08:00
Sun-ZhenXing	efaad72370	feat: add renovate	2025-12-14 19:55:30 +08:00
Sun-ZhenXing	dfcdc3afca	chore: update versions	2025-12-14 15:18:26 +08:00