Skip to content

chore(deps): track all unmanaged dependencies via Renovate#850

Draft
raballew wants to merge 6 commits into
jumpstarter-dev:mainfrom
raballew:chore/renovate-track-all-deps
Draft

chore(deps): track all unmanaged dependencies via Renovate#850
raballew wants to merge 6 commits into
jumpstarter-dev:mainfrom
raballew:chore/renovate-track-all-deps

Conversation

@raballew

@raballew raballew commented Jun 30, 2026

Copy link
Copy Markdown
Member

Summary

  • Add Renovate custom regex managers and inline annotations to track ~25 previously untracked dependencies across Makefiles, shell scripts, Containerfiles, Go/Python source, GitHub Actions workflows, scorecard YAML, and buf.gen.yaml
  • Fix version drift between controller/Makefile and controller/deploy/operator/Makefile (kustomize, controller-gen, cert-manager, prometheus-operator aligned to newer versions)
  • Extract OPM inline version to OPM_VERSION variable, pin bufbuild/buf from latest to v1.71.0, update stale demoenv image from 0.5.0 to latest, migrate cert-manager URL from jetstack/ to cert-manager/ org

Newly tracked dependencies

Tier Dependencies Approach
1 - GitHub release binaries FLS, Renode, CFSSL, YQ, Operator SDK, OPM # renovate: annotations + custom regex managers
2 - Go build tools kustomize, controller-gen, golangci-lint, kind, grpcurl, envtest K8s # renovate: annotations + custom regex manager
3 - Infrastructure manifests cert-manager, prometheus-operator # renovate: annotations in Go/Python source + custom regex managers
4 - Container images outside Containerfiles scorecard-test, bufbuild/buf, Fedora Cloud qcow2 # renovate: image YAML annotations + custom regex manager
5 - Buf protobuf plugins protocolbuffers/python, nipunn1313-mypy, nipunn1313-mypy-grpc Custom regex managers for buf.gen.yaml

Test plan

  • Verify Renovate dry-run detects the newly annotated dependencies (renovate --dry-run)
  • Confirm CI passes with updated tool versions (kustomize v5.6.0, controller-gen v0.18.0, cert-manager v1.19.2, prometheus-operator v0.77.1)
  • Verify make manifests generate in controller/ produces no unexpected diff after controller-gen bump
  • Confirm bufbuild/buf:v1.71.0 works in protocol/Makefile

🤖 Generated with Claude Code

raballew and others added 6 commits June 30, 2026 11:36
@raballew @claude
chore(deps): track external tool binaries from GitHub releases (tier 1)
74a2525 
Add Renovate tracking annotations for external tools downloaded as
prebuilt binaries from GitHub releases:

- FLS (jumpstarter-dev/fls) in python/Containerfile
- Renode (renode/renode) in python-tests workflow, extracted to env var
- CFSSL (cloudflare/cfssl) in e2e/setup-e2e.sh
- YQ (mikefarah/yq) in e2e/setup-e2e.sh
- Operator SDK in controller/deploy/operator/Makefile
- OPM (operator-framework/operator-registry) extracted from inline URL
  to OPM_VERSION variable in controller/deploy/operator/Makefile

Add custom regex managers to renovate.jsonc for Makefiles, shell scripts,
and GitHub Actions YAML env blocks. Group operator tooling and e2e test
tools in packageRules.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@raballew @claude
chore(deps): track Go build tools via Renovate annotations (tier 2)
2376c69 
Add Renovate tracking annotations for Go tools installed via go install:

- kustomize (kubernetes-sigs/kustomize)
- controller-gen (kubernetes-sigs/controller-tools)
- golangci-lint (golangci/golangci-lint)
- kind (kubernetes-sigs/kind)
- grpcurl (fullstorydev/grpcurl)
- envtest K8s version (kubernetes/kubernetes)

Fix version drift between controller/Makefile and
controller/deploy/operator/Makefile by aligning to newer versions:
- kustomize: v5.4.1 -> v5.6.0
- controller-gen: v0.16.3 -> v0.18.0

Group Go build tools in a packageRule so Renovate updates them together
across both Makefiles.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@raballew @claude
chore(deps): track infrastructure manifest versions via Renovate (tie…
7caba8b 
…r 3)

Add Renovate tracking for infrastructure manifests downloaded at runtime:

- cert-manager (cert-manager/cert-manager) in Go test utils and Python
  operator.py
- prometheus-operator (prometheus-operator/prometheus-operator) in Go
  test utils

Fix version drift between controller/test/utils/utils.go and
controller/deploy/operator/test/utils/utils.go:
- cert-manager: v1.14.4 -> v1.19.2
- prometheus-operator: v0.72.0 -> v0.77.1

Also fix stale cert-manager download URL from jetstack/cert-manager
to cert-manager/cert-manager (project moved orgs).

Add custom regex managers for Go (.go) and Python (.py) source files
to pick up inline Renovate annotations. Group cert-manager and
prometheus-operator in an infrastructure-manifests packageRule.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@raballew @claude
chore(deps): track container images and artifacts outside Containerfi…
9672597 
…les (tier 4)

Add Renovate tracking for container images and artifacts that are
invisible to the dockerfile manager:

- scorecard-test (quay.io/operator-framework/scorecard-test) in
  scorecard patch YAMLs via '# renovate: image' annotations
- jumpstarter demoenv StatefulSets updated from stale 0.5.0 to latest
  with image tracking annotations
- Fedora Cloud qcow2 version extracted to FEDORA_CLOUD_VERSION env var
  in python-tests workflow
- bufbuild/buf pinned from unpinned 'latest' to v1.71.0 in both
  protocol/Makefile and controller/Makefile with Renovate annotations

Add custom regex manager for YAML image annotations. Group bufbuild/buf
in a buf-tooling packageRule.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@raballew @claude
chore(deps): track buf protobuf plugin versions via Renovate (tier 5)
20482c2 
Add custom regex managers for buf.gen.yaml plugin versions:

- protocolbuffers/python tracked via github-releases for
  protocolbuffers/protobuf (versions align directly)
- nipunn1313-mypy and nipunn1313-mypy-grpc tracked via pypi datasource
  for mypy-protobuf (versions strip the v prefix for PyPI matching)

Group buf protobuf plugins in a buf-protobuf-plugins packageRule so
updates to protobuf and mypy-protobuf are reviewed together.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@raballew @claude
fix(deps): address review findings in Renovate configuration
ebb8f8a 
- Add Containerfile/Dockerfile custom regex manager so FLS ARG annotation
  is actually tracked (C1: was silently ignored by all existing managers)
- Change [A-Z_]+ to [A-Z0-9_]+ in all custom regex patterns so variable
  names containing digits (e.g. ENVTEST_K8S_VERSION) are matched (H1)
- Add extractVersion support to GitHub Actions YAML manager for parity
- Remove dead # renovate: image annotations from demoenv StatefulSets
  since Renovate cannot track the 'latest' tag (M1)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 8ad6d12c-d988-43d6-b530-cc408e16f498

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@raballew