feat(renovate): source vendor-ee Bitnami images from the published datasource#6435
Merged
Merged
Conversation
…urce Add the bitnami-*-camunda custom datasources (per-image JSON published by camunda-deployment-references: complete upstream tag list, credential-free, with newDigest) and a customManager that opts images in via a '# renovate: datasource=custom.bitnami-<x>-camunda' annotation. Wire it for vendor-ee/postgresql and vendor-ee/elasticsearch in the 8.9 enterprise values and disable their docker/helm-values tracking so they are not bumped twice. Draft: replicate to 8.7/8.8 once validated. Depends on camunda/infraex-common-config#508 and camunda/camunda-deployment-references#2765.
github-actions
Bot
added
version/8.9
A renovate dry-run against the published feed showed 'versioning=docker' does not update across the '-debian-12-rN' revision; use the regex versioning for the vendor-ee/postgresql annotations. Drop the vendor-ee/elasticsearch wiring: the chart pins a plain tag (8.19.x) while the feed uses '<x.y.z>-debian-12-rN', so it needs separate handling.
leiicamundi
requested review from
Copilot and
eamonnmoloney
and removed request for
a team
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the repository’s Renovate configuration to source Bitnami Premium (vendor-ee/*) image tags from the published camunda-deployment-references per-image JSON feeds, and annotates the 8.9 enterprise values so Renovate can opt into that custom datasource for vendor-ee/postgresql.
Changes:
- Added
customDatasourcesentries for Bitnami Premium image tag feeds hosted oncamunda.github.io/camunda-deployment-references. - Added a
customManagersregex manager to updatevalues-enterprise.yamltags based on inline# renovate:annotations. - Annotated the three
vendor-ee/postgresqloccurrences incharts/camunda-platform-8.9/values-enterprise.yamland disabled Renovate’shelm-valuestracking for that image in that file to avoid double-bumping.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| charts/camunda-platform-8.9/values-enterprise.yaml | Adds Renovate annotations to opt vendor-ee/postgresql tags into the new custom datasource/versioning scheme. |
| .github/renovate.json5 | Introduces Bitnami JSON custom datasources, a values-enterprise regex manager, and a rule to disable helm-values updates for vendor-ee/postgresql in 8.9 enterprise values. |
…values Replicate the 8.9 wiring to the other supported chart versions: annotate the three vendor-ee/postgresql instances in 8.7 and 8.8 values-enterprise.yaml with the bitnami-postgresql-camunda custom datasource, and extend the helm-values disable rule so they are not bumped twice. 8.5/8.6 are intentionally excluded (renovate-disabled, out of support).
github-actions
Bot
added
version/8.7
Address Copilot review on #6435: - datasource block: clarify only 'version' is consumed; custom json datasources do not maintain the feed's 'newDigest' (values pin tags). - customManager: example uses versioning=regex (not docker), with the reason docker versioning can't order across the '-debian-12-rN' suffix.
5 tasks
eamonnmoloney
approved these changes
Jun 24, 2026
eamonnmoloney
approved these changes
Jun 25, 2026
distro-ci
Bot
added
the
version:8.7-12.12.1
This was referenced Jun 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Which problem does the PR fix?
Closes #6444 — source the Bitnami Premium (
vendor-ee/*) image tags for Renovate from the published per-image feeds. Part of the infraex tracking issue camunda/team-infrastructure-experience#1038.Note
The published
bitnami_<image>.jsonfeeds are live (camunda/camunda-deployment-references#2765 is merged), so Renovate can resolve the custom datasources. All supported enterprise charts (8.7 / 8.8 / 8.9) are wired. The final gate is the post-merge Renovate scan (see Post-merge validation) — that check is inherently post-merge, as it runs againstmain.What
Make Renovate track the Bitnami Premium (
vendor-ee/*) images from the per-image JSON feeds published bycamunda-deployment-references, instead of thedockerdatasource againstregistry.camunda.cloud.customDatasources(bitnami-*-camunda,format: json), one per image.customManagerthat opts an image in via a# renovate: datasource=custom.bitnami-<x>-camunda depName=<x> versioning=<v>annotation invalues-enterprise.yaml.vendor-ee/postgresql(×3 instances each) in 8.7, 8.8 and 8.9 and disables itshelm-valuestracking so it is not bumped twice.The annotation pins the Bitnami tag versioning explicitly:
versioning=dockeris not used: it does not order across the-debian-12-rNbuild suffix, so the regex versioning is required to bump…-r2 → …-r9etc.Why
The published feed is the complete upstream tag list (including tags from before the November 2025 vendor migration, which
skopeoand the Harbor proxy can no longer list) and needs no registry credentials.Note: digest pinning is not supported on this datasource
Custom (
format: json) datasources track versions only — they cannot maintain an@sha256digest pin (nogetDigest). These helm values pin a tag, not a digest, so this is fine. Any image that pins…@sha256:…(ascamunda/keycloak'sbases.ymldid) must stay on thedockerdatasource — see camunda/keycloak#591.Post-merge validation
After this merges, run a Renovate scan on
camunda-platform-helm(Mend dashboard → Check this box to trigger a request for Renovate to run, or wait for the next scheduled run) and confirm:vendor-ee/postgresqlupdate branches resolve fromcustom.bitnami-postgresql-camunda;Package lookup failures/Could not determine new digestrepository problems.This is the same end-to-end check that validated the
camunda/keycloakwiring — its Mend log came back clean after camunda/keycloak#591.Scope / follow-up
Wired across all renovate-tracked enterprise charts: 8.7, 8.8, 8.9 (three
vendor-ee/postgresqlinstances each). 8.5 / 8.6 are intentionally excluded — they are out of support and already renovate-disabled. 8.10 has novalues-enterprise.yamlyet; annotate it when one is added.vendor-ee/elasticsearchis intentionally not wired: the chart pins a plain tag (e.g.8.19.16) while the feed uses the<x.y.z>-debian-12-rNscheme, so it needs separate handling.os-shell, the exporters andkeycloak-config-cliuse chart-default tags (no explicit tag to track).keycloak-ee/keycloakis the Camunda-built image and intentionally left on its current source.Refs camunda/team-infrastructure-experience#1038.