build/renovate.json5 at main · armbian/build · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
{
	$schema: "https://docs.renovatebot.com/renovate-schema.json",
	extends: ["config:recommended"],

	// Run ONLY our custom regex manager. We deliberately do NOT enable the
	// github-actions / pip managers — those are owned by Dependabot
	// (.github/dependabot.yml); no point duplicating it.
	enabledManagers: ["custom.regex"],

	dependencyDashboard: true,
	labels: ["dependencies"],
	timezone: "Europe/Zagreb",
	schedule: ["* 1 * * 6"], // Saturday, 01:00–01:59 Zagreb time

	customManagers: [
		{
			customType: "regex",
			managerFilePatterns: ["/^lib/.*\\.sh$/"],

			// ════════════════════════════════════════════════════════════════
			//  HOW TO MAKE A PINNED TOOL VERSION TRACKED BY RENOVATE
			//  (read THIS, not the regex — humans are bad at reading regexes)
			// ════════════════════════════════════════════════════════════════
			//
			//  Several build scripts pin a CLI tool to a version that is then
			//  downloaded from GitHub Releases. Renovate keeps that pin fresh
			//  by opening a PR when a newer release appears. For Renovate to
			//  see a line, the line must look EXACTLY like this (leading tabs
			//  / indentation are fine):
			//
			//      SHELLCHECK_VERSION=${SHELLCHECK_VERSION:-0.11.0} # https://github.com/koalaman/shellcheck/releases
			//      └──────┬─────────┘ └────────┬─────────┘└──┬──┘   └──────────────────────┬────────────────────────┘
			//        NAME_VERSION       ${ … :- VERSION }   bare      single "#"  +  https://github.com/OWNER/REPO/releases
			//        (allow-listed)      default-value form  brace
			//
			//  From that line Renovate takes:
			//      • the version  ("0.11.0")            → currentValue
			//      • OWNER/REPO from the URL            → depName
			//  datasource is forced to github-releases; a leading "v" on the
			//  upstream tag (v0.11.0) is stripped automatically.
			//
			//  Note: depName comes from the github.com URL that the upstream
			//  scripts already write — so NO extra "# renovate:" annotation is
			//  added to those files. That keeps them byte-identical to upstream
			//  and conflict-free when iav-main is synced.
			//
			//  ─── STRICT RULES ───────────────────────────────────────────────
			//  Break ANY of these and the line is SILENTLY dropped: Renovate
			//  just stops tracking it, the version quietly rots, and the only
			//  visible sign is that the tool disappears from the Dependency
			//  Dashboard issue. So:
			//
			//   1. NAME must be in the allow-list inside `matchStrings` below
			//      (currently SHELLFMT | SHELLCHECK | ORAS | BATCAT). A brand
			//      new tool is NOT tracked until you add its NAME there. This
			//      is intentional — it stops Renovate from grabbing pins that
			//      must stay fixed (e.g. a RUST_VERSION held back on purpose).
			//
			//   2. The version after ":-" must be BARE digits and dots — no
			//      quotes, no leading "v":
			//          OK    ${ORAS_VERSION:-1.3.2}
			//          BAD   ${ORAS_VERSION:-"1.3.2"}   ← quotes kill the match
			//          BAD   ${ORAS_VERSION:-v1.3.2}    ← leading v kills it
			//
			//   3. Use the default-value form  ${NAME:-VERSION}  — with the
			//      "${", the ":-", and the closing "}". A plain  NAME=1.3.2
			//      (no braces) is NOT matched.
			//
			//   4. The version and its github.com URL comment MUST be on the
			//      same physical line. No line-continuation "\", no wrapping.
			//
			//   5. Between the closing "}" and the comment there may only be
			//      spaces/tabs. Code BEFORE the assignment is fine (indent, an
			//      `if`, a leading `&&`), but nothing may come AFTER the "}"
			//      except the comment:
			//          OK    [[ -n $x ]] && ORAS_VERSION=${ORAS_VERSION:-1.3.2} # https://github.com/oras-project/oras/releases
			//          BAD   ORAS_VERSION=${ORAS_VERSION:-1.3.2} && do_thing    # …  ← trailing code kills the match
			//      Keep the "# https://…/releases" comment LAST on the line.
			//
			//   6. The comment must be a single "#" then the canonical URL
			//      https://github.com/OWNER/REPO/releases :
			//          OK    # https://github.com/sharkdp/bat/releases
			//          BAD   ## https://…                ← double hash kills it
			//          BAD   # http://github.com/…       ← must be https
			//          BAD   # see github.com/x/y         ← must start https://github.com/ and end /releases
			//
			//   7. To track a NEW tool: (a) write its line in the shape above,
			//      and (b) add its NAME to the alternation in `matchStrings`.
			// ════════════════════════════════════════════════════════════════
			matchStrings: [
				// separator is [[:blank:]] (space/tab only, NOT \s) so the version
				// and its release-URL comment must sit on ONE physical line —
				// \s would also cross newlines and could grab an unrelated URL.
				"\\b(?:SHELLFMT|SHELLCHECK|ORAS|BATCAT)_VERSION=\\$\\{[A-Z_]+:-(?<currentValue>[0-9][0-9.]*)\\}[[:blank:]]*#[[:blank:]]*https://github\\.com/(?<depName>[^/]+/[^/\\s]+)/releases",
			],
			datasourceTemplate: "github-releases",
			extractVersionTemplate: "^v?(?<version>.+)$",
			versioningTemplate: "semver",
		},
	],
}