chore(ci): fixes

Author: o-orand

Dockerfile

@@ -1,6 +1,5 @@
 FROM ruby:3.4.4 AS ci_image
 
-# 92c56cb432c5d86d8687d765bd6d0847dc80edfbab28a878a9c11eec9289b02d  fly-7.8.2-linux-amd64.tgz
 # 6cf7acfcde78a980339cba1534c01be28d360306e5c76c60c5546e3847434eb7  fly-7.9.1-linux-amd64.tgz
 # 1701337abe34796eb59c01a9c5505d956ecc08a094fcd1232efbc781e9ababf8  fly-7.10.0-linux-amd64.tgz
 # dd1e5f94214632a09ce07426c2392ab8803ae8b307c0ba5436239e9b67d01c52  fly-7.12.1-linux-amd64.tgz
@@ -14,48 +13,47 @@ ARG CONCOURSE_SHA256=dd1e5f94214632a09ce07426c2392ab8803ae8b307c0ba5436239e9b67d
 ARG BOSH_CLI_VERSION=7.9.8
 ARG BOSH_CLI_SHA256=2e7384092d185a1c351f305cc12f35c8117023541d2a3c8a208eca7fbd12678f
 
-RUN apt-get update && \
- apt-get -y install tree vim netcat-traditional dnsutils jq
+RUN apt-get update \
+    && apt-get -y install tree vim netcat-traditional dnsutils jq
 
 # install cf-ops-automation Gemfile
 RUN gem update --system
 RUN gem install bundler
 RUN echo "Curl version: $(curl --version)"
 COPY Gemfile /usr/local/Gemfile
 COPY Gemfile.lock /usr/local/Gemfile.lock
-RUN cd /usr/local && bundle install --retry 5
+WORKDIR "/usr/local"
+RUN bundle install --retry 5
 
+WORKDIR "/tmp"
 # install fly-cli
 ARG FLY_DOWNLOAD_URL="https://github.com/concourse/concourse/releases/download/v${CONCOURSE_VERSION}/fly-${CONCOURSE_VERSION}-linux-amd64.tgz"
 RUN echo "Prepare FLY downloading at $FLY_DOWNLOAD_URL"
 RUN curl --retry 30 -sSL "$FLY_DOWNLOAD_URL" -o /tmp/fly.tgz \
-  && echo "Computed sha256sum: $(sha256sum /tmp/fly.tgz)" \
-  && [ ${CONCOURSE_SHA256} = $(sha256sum /tmp/fly.tgz | cut -d' ' -f1) ] \
-  && cd /tmp \
-  && tar xzvf /tmp/fly.tgz \
-  && mv /tmp/fly /usr/local/bin/fly \
-  && chmod +x /usr/local/bin/fly \
-  && rm -rf /tmp/fly*
-
+    && echo "Computed sha256sum: $(sha256sum /tmp/fly.tgz)" \
+    && [ ${CONCOURSE_SHA256} = $(sha256sum /tmp/fly.tgz | cut -d' ' -f1) ] \
+    && tar xzvf /tmp/fly.tgz \
+    && mv /tmp/fly /usr/local/bin/fly \
+    && chmod +x /usr/local/bin/fly \
+    && rm -rf /tmp/fly*
 
 ARG QLTY_INSTALL_URL="https://qlty-releases.s3.amazonaws.com/qlty"
 ARG QLTY_TARGET="x86_64-unknown-linux-gnu"
 RUN curl --retry 30 -sSL "$QLTY_INSTALL_URL/latest/qlty-$QLTY_TARGET.tar.xz" -o /tmp/qlty.tar.xz \
-  && cd /tmp \
-  && tar xJvf qlty.tar.xz \
-  && du -a /tmp \
-  && mv /tmp/qlty-$QLTY_TARGET/qlty /usr/local/bin/qlty \
-  && chmod a+x /usr/local/bin/qlty \
-  && rm -rf /tmp/qlty*
+    && tar xJvf qlty.tar.xz \
+    && du -a /tmp \
+    && mv /tmp/qlty-$QLTY_TARGET/qlty /usr/local/bin/qlty \
+    && chmod a+x /usr/local/bin/qlty \
+    && rm -rf /tmp/qlty*
 
 RUN curl --retry 30 -sSL "https://raw.githubusercontent.com/ekalinin/github-markdown-toc/master/gh-md-toc" -o /usr/local/bin/gh-md-toc \
-  && chmod a+x /usr/local/bin/gh-md-toc
+    && chmod a+x /usr/local/bin/gh-md-toc
 
 # Download BOSH v2 CLI
 RUN curl --retry 30 -sSLo /usr/local/bin/bosh https://github.com/cloudfoundry/bosh-cli/releases/download/v${BOSH_CLI_VERSION}/bosh-cli-${BOSH_CLI_VERSION}-linux-amd64 \
-  && echo "Computed sha256sum: $(sha256sum /usr/local/bin/bosh)" \
-  && echo "${BOSH_CLI_SHA256} */usr/local/bin/bosh" | shasum -a 256 -c - \
-  && chmod +x /usr/local/bin/bosh
+    && echo "Computed sha256sum: $(sha256sum /usr/local/bin/bosh)" \
+    && echo "${BOSH_CLI_SHA256} */usr/local/bin/bosh" | shasum -a 256 -c - \
+    && chmod +x /usr/local/bin/bosh
 
 # remove old version of bundler to avoid confusion between bundler and bundle cmd
 #   bundler => old binary
@@ -67,4 +65,4 @@ FROM ci_image AS test_ci_image
 RUN ruby --version && bosh --version && fly --version && qlty --version && gh-md-toc --version
 
 
-FROM ci_image
+FROM ci_image

ci/pipeline.yml

@@ -231,7 +231,7 @@ jobs:
             bundle exec rspec --version
             qlty --version
             echo "---------------------------"
-            echo "Setup Code Climate pre-requisites"
+            echo "Setup Qlty pre-requisites"
             cd ../concourse-meta
             BUILD_TEAM=$(if [ -f build_team_name ];then cat build_team_name;fi)
             BUILD_PIPELINE=$(if [ -f build_pipeline_name ];then cat build_pipeline_name;fi)
@@ -256,10 +256,10 @@ jobs:
             echo "Setup Qlty coverage"
             bundle exec rspec --format documentation --format html --out ../test-reports/rspec-results.html
             echo "Sending coverage to Qlty"
-            if ! qlty coverage publish --tag unit; then
+            if ! qlty coverage publish --tag unit --override-branch "$GIT_BRANCH" --override-commit-sha "$GIT_COMMIT_SHA" --override-build-id "$BUILD_ID" coverage/.resultset.json; then
               echo "Failed to run qlty. Re-launch in debug mode";
               echo "---------------------------"
-              qlty coverage publish --tag unit --debug;
+              qlty coverage publish --tag unit --override-branch "$GIT_BRANCH" --override-commit-sha "$GIT_COMMIT_SHA" --override-build-id "$BUILD_ID" --debug coverage/.resultset.json;
             fi
         params:
           QLTY_COVERAGE_TOKEN: ((qlty-coverage_token))

ci/scripts/setup-oci-registry.sh

@@ -6,36 +6,35 @@ set -e
 coa_ci_registry_name="dockerhub-for-coa-ci"
 coa_ci_project_name="coa-ci.docker.io"
 
-
 registry_id=$(curl -sSLk -u "$OCI_REGISTRY_USERNAME:$OCI_REGISTRY_PASSWORD" -H 'Content-Type: application/json' \
-  "$OCI_REGISTRY_URL/api/v2.0/registries?name=$coa_ci_registry_name"|jq -r 'first(.[]? | .id) // ""' )
-if [ "$registry_id" = "" ];then
-  echo "Creating registry $coa_ci_registry_name"
-  curl -sSLk -u "$OCI_REGISTRY_USERNAME:$OCI_REGISTRY_PASSWORD" -H 'Content-Type: application/json' \
-    -X POST $OCI_REGISTRY_URL/api/v2.0/registries \
-    -d '{ "name": "'$coa_ci_registry_name'", "url": "https://hub.docker.com", "type": "docker-hub", "insecure": false}'
-  echo "registry $coa_ci_registry_name created. Getting id"
-  registry_id=$(curl -sSLk -u "$OCI_REGISTRY_USERNAME:$OCI_REGISTRY_PASSWORD" -H 'Content-Type: application/json' \
-    "$OCI_REGISTRY_URL/api/v2.0/registries?name=$coa_ci_registry_name"|jq -r 'first(.[]? | .id) // ""' )
+	"$OCI_REGISTRY_URL/api/v2.0/registries?name=$coa_ci_registry_name" | jq -r 'first(.[]? | .id) // ""')
+if [ "$registry_id" = "" ]; then
+	echo "Creating registry $coa_ci_registry_name"
+	curl -sSLk -u "$OCI_REGISTRY_USERNAME:$OCI_REGISTRY_PASSWORD" -H 'Content-Type: application/json' \
+		-X POST "$OCI_REGISTRY_URL/api/v2.0/registries" \
+		-d '{ "name": "'$coa_ci_registry_name'", "url": "https://hub.docker.com", "type": "docker-hub", "insecure": false}'
+	echo "registry $coa_ci_registry_name created. Getting id"
+	registry_id=$(curl -sSLk -u "$OCI_REGISTRY_USERNAME:$OCI_REGISTRY_PASSWORD" -H 'Content-Type: application/json' \
+		"$OCI_REGISTRY_URL/api/v2.0/registries?name=$coa_ci_registry_name" | jq -r 'first(.[]? | .id) // ""')
 fi
-if [ "$registry_id" = "" ];then
-  echo "ERROR: failed to create registry"
-  exit 1
+if [ "$registry_id" = "" ]; then
+	echo "ERROR: failed to create registry"
+	exit 1
 fi
 
 echo "Registry $coa_ci_registry_name id: $registry_id"
 
 DATA=$(jq -n --arg name "$coa_ci_project_name" --argjson reg "$registry_id" '{project_name: $name, metadata: {public: "true"}, registry_id: $reg}')
-if ! curl --head -sSLfk -H 'accept: application/json' -u "$OCI_REGISTRY_USERNAME:$OCI_REGISTRY_PASSWORD" "$OCI_REGISTRY_URL/api/v2.0/projects?project_name=$coa_ci_project_name" 2>&1 >/dev/null;then
-  echo "Project $coa_ci_project_name NOT FOUND"
-  curl -k -u "$OCI_REGISTRY_USERNAME:$OCI_REGISTRY_PASSWORD" -H 'Content-Type: application/json' \
-    -X POST $OCI_REGISTRY_URL/api/v2.0/projects \
-    -d "$DATA"
+if ! curl --head -sSLfk -H 'accept: application/json' -u "$OCI_REGISTRY_USERNAME:$OCI_REGISTRY_PASSWORD" "$OCI_REGISTRY_URL/api/v2.0/projects?project_name=$coa_ci_project_name" >/dev/null 2>&1; then
+	echo "Project $coa_ci_project_name NOT FOUND"
+	curl -k -u "$OCI_REGISTRY_USERNAME:$OCI_REGISTRY_PASSWORD" -H 'Content-Type: application/json' \
+		-X POST "$OCI_REGISTRY_URL/api/v2.0/projects" \
+		-d "$DATA"
 else
-  echo "Project $coa_ci_project_name already exists"
+	echo "Project $coa_ci_project_name already exists"
 fi
 
-if ! curl --head -sSLfk -H 'accept: application/json' -u "$OCI_REGISTRY_USERNAME:$OCI_REGISTRY_PASSWORD" "$OCI_REGISTRY_URL/api/v2.0/projects?project_name=$coa_ci_project_name";then
-  echo "FAILED to create project $coa_ci_project_name"
-  exit 1
+if ! curl --head -sSLfk -H 'accept: application/json' -u "$OCI_REGISTRY_USERNAME:$OCI_REGISTRY_PASSWORD" "$OCI_REGISTRY_URL/api/v2.0/projects?project_name=$coa_ci_project_name"; then
+	echo "FAILED to create project $coa_ci_project_name"
+	exit 1
 fi

run-renovate-locally.bash

@@ -1,33 +1,64 @@
 #!/bin/bash
-readonly base_dir_dir="$(realpath $0|xargs dirname)"
-GIT_REPO="$base_dir_dir"
+readonly base_dir="$(realpath $0 | xargs dirname)"
+
+GIT_REPO="$base_dir"
 LOG_LEVEL="${LOG_LEVEL:-debug}"
 RENOVATE_ENABLED_MANAGERS="${RENOVATE_ENABLED_MANAGERS:-""}"
 RENOVATE_INCLUDE_PATHS="${RENOVATE_INCLUDE_PATHS:-""}"
-if [ -z "$GITHUB_COM_TOKEN" ];then
-  echo -e "WARNING: missing GitHub token to allow github release version detection. Please set it before running this script, using \n export GITHUB_COM_TOKEN=\"GH-GH-GH-GH-GH-GH\""
-  sleep 1
-fi
-if [ -z "$RENOVATE_BOT" ];then
-  echo -e "WARNING: missing Renovate Bot. Please set it before running this script, using \n export RENOVATE_BOT=\"RRRRRRR\""
-  sleep 1
+RENOVATE_PLATFORM="${RENOVATE_PLATFORM:-local}"
+# See https://docs.renovatebot.com/presets-default/#githubcomtokenarg0
+if [ -z "$GITHUB_TOKEN" ]; then
+	echo -e "ERROR: missing GitHub token to allow github release version detection. Please set it before running this script, using \n export GITHUB_TOKEN=\"xxx\""
+	exit 1
 fi
+
+#RENOVATE_TOKEN, see https://docs.renovatebot.com/self-hosted-configuration/#token
+
 echo "Set LOG_LEVEL to manage log level. Default 'debug'.Current Log level: <$LOG_LEVEL>"
 echo "Set RENOVATE_ENABLED_MANAGERS to restrict active managers. Current RENOVATE_ENABLED_MANAGERS: <$RENOVATE_ENABLED_MANAGERS> #Empty means all managers are enabled"
 echo "Set RENOVATE_INCLUDE_PATHS to restrict renovate scan. Current RENOVATE_INCLUDE_PATHS: <$RENOVATE_INCLUDE_PATHS> #Empty means scan all paths"
 echo "Git repo volume path: $GIT_REPO"
-docker run \
-    --rm \
-    -e LOG_LEVEL="$LOG_LEVEL" \
-    -e GITHUB_COM_TOKEN="$GITHUB_COM_TOKEN" \
-    -e RENOVATE_ENABLED_MANAGERS="$RENOVATE_ENABLED_MANAGERS" \
-    -e RENOVATE_INCLUDE_PATHS="$RENOVATE_INCLUDE_PATHS" \
-    -e RENOVATE_BOT="$RENOVATE_BOT" \
-    -v "$GIT_REPO:/tmp/local-git-repo" \
-    --workdir /tmp/local-git-repo \
-    ghcr.io/renovatebot/renovate \
-    --platform=local \
-    --semantic-commits=disabled \
-| tee renovate.log
 
+# We need distinct cache whether running in local or github platform
+# Otherwise local tries to git update from cache and fails.
+CACHED_TMP_RENOVATE="${CACHED_TMP_RENOVATE:-/tmp/renovate/${RENOVATE_PLATFORM}}"
+echo "Renovate cache is mounted from ${CACHED_TMP_RENOVATE}"
+mkdir -p "${CACHED_TMP_RENOVATE}"
+du -sh "${CACHED_TMP_RENOVATE}"
+
+echo "RENOVATE_PLATFORM=${RENOVATE_PLATFORM}. Set to github to test pull requests."
+# https://docs.renovatebot.com/modules/platform/local/
+# > Limitations: Branch creation is not supported
+# See related issue https://github.com/renovatebot/renovate/issues/3609 for further context
+if [[ ${RENOVATE_PLATFORM} == "github" ]]; then
+	RENOVATE_REPOSITORIES="orange-cloudfoundry/$GIT_REPO"
+	# See https://docs.renovatebot.com/self-hosted-configuration/#dryrun
+	RENOVATE_DRY_RUN="${RENOVATE_DRY_RUN:-true}"
+	echo "RENOVATE_DRY_RUN=${RENOVATE_DRY_RUN}. Set to false to actually create PRs."
+	#Note: breaks with local platform, so only defined for gihtub
+	RENOVATE_DRY_RUN_OPTS="--dry-run=${RENOVATE_DRY_RUN}"
+fi
+
+#set -x
+# Usage: renovate [options] [repositories...]
+docker run \
+	--rm \
+	-u $(id -u):$(id -g) \
+	-e LOG_LEVEL="$LOG_LEVEL" \
+	-e RENOVATE_TOKEN="$GITHUB_TOKEN" \
+	-e RENOVATE_GITHUB_COM_TOKEN="$GITHUB_TOKEN" \
+	-e RENOVATE_ENABLED_MANAGERS="$RENOVATE_ENABLED_MANAGERS" \
+	-e RENOVATE_INCLUDE_PATHS="$RENOVATE_INCLUDE_PATHS" \
+	-e RENOVATE_BOT="$RENOVATE_BOT" \
+	-v "$GIT_REPO:/tmp/local-git-repo" \
+	--workdir /tmp/local-git-repo \
+	ghcr.io/renovatebot/renovate \
+	--platform=local \
+	--semantic-commits=disabled \
+	${RENOVATE_DRY_RUN_OPTS} \
+	${RENOVATE_REPOSITORIES} |
+	tee renovate.log
 #    --dry-run="true" \
+
+# hint that renovate.log is created by this script.
+ls -al renovate.log