chore(ci): configure renovate for linters (#1169)

Author: pmalek

.github/workflows/release-pr.yaml

@@ -26,15 +26,15 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
 
-      - name: Setup Go
-        uses: actions/setup-go@v5
+      - uses: jdx/mise-action@v2
         with:
-          go-version-file: third_party/go.mod
+          install: false
 
       - name: Run linters
+        env:
+          MISE_VERBOSE: 1
+          MISE_DEBUG: 1
         run: make lint
 
   lint-test:
@@ -174,6 +174,10 @@ jobs:
       - name: setup helm
         uses: azure/[email protected]
 
+      - uses: jdx/mise-action@v2
+        with:
+          install: false
+
       - name: build helm chart dependency
         run: |
           helm repo add bitnami https://charts.bitnami.com/bitnami

.tools_versions.yaml

@@ -0,0 +1,6 @@
+# renovate: datasource=github-releases depName=stackrox/kube-linter
+kube-linter: "0.7.1"
+# renovate: datasource=github-releases depName=jlandowner/helm-chartsnap
+chartsnap: "0.3.1"
+# renovate: datasource=github-releases depName=koalaman/shellcheck
+shellcheck: "0.10.0"

Makefile

@@ -1,22 +1,45 @@
 PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
-CHARTSNAP_VERSION ?= v0.3.1
+TOOLS_VERSIONS_FILE = .tools_versions.yaml
 
-.PHONY: _download_tool
-_download_tool:
-	(cd third_party && go mod tidy && \
-		GOBIN=$(PROJECT_DIR)/bin go generate -tags=third_party ./$(TOOL).go )
+MISE := $(shell which mise)
+.PHONY: mise
+mise:
+	@mise -V >/dev/null || (echo "mise - https://github.com/jdx/mise - not found. Please install it." && exit 1)
 
-.PHONY: tools
-tools: kube-linter chartsnap
+export MISE_DATA_DIR = $(PROJECT_DIR)/bin/
+
+# NOTE: mise targets use -q to silence the output.
+# Users can use MISE_VERBOSE=1 MISE_DEBUG=1 to get more verbose output.
+
+.PHONY: mise-plugin-install
+mise-plugin-install: mise
+	@$(MISE) plugin install --yes -q $(DEP) $(URL)
+
+.PHONY: mise-install
+mise-install: mise
+	@$(MISE) install -q $(DEP_VER)
 
-KUBE_LINTER = $(PROJECT_DIR)/bin/kube-linter
+KUBE_LINTER_VERSION = $(shell yq -ojson -r '.kube-linter' < $(TOOLS_VERSIONS_FILE))
+KUBE_LINTER = $(PROJECT_DIR)/bin/installs/kube-linter/v$(KUBE_LINTER_VERSION)/bin/kube-linter
 .PHONY: kube-linter
-kube-linter:
-	@$(MAKE) _download_tool TOOL=kube-linter
+kube-linter: mise
+	@$(MAKE) mise-plugin-install DEP=kube-linter
+	@$(MAKE) mise-install DEP_VER=kube-linter@v$(KUBE_LINTER_VERSION)
 
+CHARTSNAP_VERSION = $(shell yq -ojson -r '.chartsnap' < $(TOOLS_VERSIONS_FILE))
 .PHONY: chartsnap
 chartsnap:
-	./scripts/install-chartsnap.sh
+	CHARTSNAP_VERSION=${CHARTSNAP_VERSION} ./scripts/install-chartsnap.sh
+
+SHELLCHECK_VERSION = $(shell yq -ojson -r '.shellcheck' < $(TOOLS_VERSIONS_FILE))
+SHELLCHECK = $(PROJECT_DIR)/bin/installs/shellcheck/$(SHELLCHECK_VERSION)/bin/shellcheck
+.PHONY: shellcheck
+shellcheck: mise
+	@$(MAKE) mise-plugin-install DEP=shellcheck
+	@$(MAKE) mise-install DEP_VER=shellcheck@$(SHELLCHECK_VERSION)
+
+.PHONY: tools
+tools: kube-linter chartsnap shellcheck
 
 .PHONY: lint
 lint: tools lint.charts.kong lint.shellcheck
@@ -25,8 +48,10 @@ lint: tools lint.charts.kong lint.shellcheck
 lint.charts.kong:
 	$(KUBE_LINTER) lint charts/kong
 
-lint.shellcheck:
-	shellcheck ./scripts/*
+.PHONY: lint.shellcheck
+lint.shellcheck: shellcheck
+	$(SHELLCHECK) ./scripts/*
+	$(SHELLCHECK) ./charts/gateway-operator/scripts/*
 
 .PHONY: test.golden
 test.golden:

charts/gateway-operator/scripts/update-rbac-resources.sh

@@ -19,10 +19,10 @@ KGO_REPO_PATH="${1}"
 KGOEE_REPO_PATH="${2}"
 CHARTS_REPO_PATH="${3}"
 
-SED=sed
+SED="sed"
 if [[ $(uname -s) == "Darwin" ]]; then
-  if gsed --version 2>&1 >/dev/null ; then
-    SED=gsed
+  if gsed --version >/dev/null 2>&1 ; then
+    SED="gsed"
   else
     echo "GNU sed is required on macOS. You can install it via Homebrew with 'brew install gnu-sed'."
     exit 1
@@ -44,12 +44,13 @@ function require_var_dir() {
 }
 
 function update_rbac_resources {
-  local TMPFILE=$(mktemp).yaml
+  local TMPFILE
+  TMPFILE=$(mktemp).yaml
 
   # build the kustomize resources
-  kustomize build $KGOEE_REPO_PATH/config/rbac > "${TMPFILE}"
+  kustomize build "${KGOEE_REPO_PATH}/config/rbac" > "${TMPFILE}"
   echo "---" >> "${TMPFILE}"
-  kustomize build $KGO_REPO_PATH/config/rbac/base >> "${TMPFILE}"
+  kustomize build "${KGO_REPO_PATH}/config/rbac/base" >> "${TMPFILE}"
 
   # copy the contents of the file except for the Service Account resource
   yq --inplace e ". | select(.kind != \"ServiceAccount\")" "${TMPFILE}"
@@ -70,7 +71,7 @@ function update_rbac_resources {
   ${SED} -i '/name: {{\|name: https/!s/name: /name: {{ template "kong.fullname" . }}-/g' "${TMPFILE}"
 
   # move the new file to the charts directory
-  mv "${TMPFILE}" $CHARTS_REPO_PATH/charts/gateway-operator/templates/rbac-resources.yaml
+  mv "${TMPFILE}" "${CHARTS_REPO_PATH}/charts/gateway-operator/templates/rbac-resources.yaml"
 }
 
 require_var_dir KGOEE_REPO_PATH

renovate.json

@@ -2,5 +2,26 @@
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "extends": [
     "config:recommended"
+  ],
+  "enabledManagers": [
+    "custom.regex"
+  ],
+  "automerge": false,
+  "separateMinorPatch": true,
+  "labels": [
+    "dependencies"
+  ],
+  "schedule": "before 5am every weekday",
+  "customManagers": [
+    {
+      "description": "Match dependencies in .tools_verisons.yaml that are properly annotated with `# renovate: datasource={} depName={}.`",
+      "customType": "regex",
+      "fileMatch": [
+        "\\.tools_versions\\.yaml$"
+      ],
+      "matchStrings": [
+        "# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)\\n.+\"(?<currentValue>.*?)\""
+      ]
+    }
   ]
 }

scripts/install-chartsnap.sh

@@ -1,6 +1,9 @@
 #!/usr/bin/env bash
 
-CHARTSNAP_VERSION="0.3.1"
+if [ -z "${CHARTSNAP_VERSION}" ]; then
+  echo "ERROR: CHARTSNAP_VERSION is not set"
+  exit 1
+fi
 
 # Only install the plugin if it is not already installed or if the version is different.
 if [[ $(helm plugin list | grep chartsnap | grep -Eo '[0-9]{1,}.[0-9]{1,}.[0-9]{1,}') == "${CHARTSNAP_VERSION}" ]]; then