fix(renovate): skip terraform updates (#154)

ruzickap · Feb 11, 2024 · 88eadfa · 88eadfa
1 parent 31af91c
commit 88eadfa
Show file tree

Hide file tree

Showing 11 changed files with 47 additions and 34 deletions.
diff --git a/.github/renovate.json5 b/.github/renovate.json5
@@ -13,6 +13,10 @@
   "git-submodules": {
     enabled: true,
   },
+  ignorePaths: [
+    // Ignore Terraform files
+    "terraform/**",
+  ],
   labels: [
     "renovate",
     "renovate/{{replace '.*/' '' depName}}",

diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml
@@ -1,4 +1,5 @@
-name: Links
+---
+name: links
 
 on:
   workflow_dispatch:
@@ -12,7 +13,7 @@ on:
 permissions: read-all
 
 jobs:
-  linkChecker:
+  links:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout

diff --git a/.github/workflows/markdown-check.yml b/.github/workflows/markdown-check.yml
@@ -1,3 +1,4 @@
+---
 name: markdown-check
 
 on:
@@ -43,7 +44,7 @@ jobs:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Install Node.js LTS version
-        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
 
       - name: Install markdown-spellcheck
         run: npm install -g markdown-spellcheck

diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml
@@ -1,5 +1,5 @@
 ---
-name: MegaLinter
+name: mega-linter
 
 on:
   workflow_dispatch:
@@ -10,8 +10,7 @@ on:
 permissions: read-all
 
 jobs:
-  build:
-    name: MegaLinter
+  mega-linter:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
@@ -28,12 +27,13 @@ jobs:
         run: |
           set -euxo pipefail
           echo '#!/usr/bin/env bash' > README.sh
-          find . -name '*.md' -print0 | while IFS= read -r -d '' FILE ; do
+          find . -name '*.md' -print0 | while IFS= read -r -d '' FILE; do
             # Extract: ```bash ... ```
             sed -n "/^\`\`\`\(bash\|shell\)$/,/^\`\`\`$/p" "${FILE}" | sed '/^```*/d' >> README.sh
             # Extract:   ```bash ... ```
             sed -n "/^  \`\`\`\(bash\|shell\)$/,/^  \`\`\`$/p" "${FILE}" | sed '/^  ```*/d; s/^  //' >> README.sh
           done
+          ls -la README.sh
           chmod a+x README.sh
 
       - name: 💡 MegaLinter

diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
@@ -12,7 +12,7 @@ permissions:
   pull-requests: write
 
 jobs:
-  release-please-pr:
+  release-please:
     runs-on: ubuntu-latest
     steps:
       - uses: google-github-actions/release-please-action@cc61a07e2da466bebbc19b3a7dd01d6aecb20d1e # v4.0.2

diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml
@@ -1,5 +1,5 @@
 ---
-name: Renovate
+name: renovate
 
 on:
   workflow_dispatch:
@@ -20,7 +20,7 @@ on:
       - main
       - "!renovate/*"
   schedule:
-    - cron: "0 0,2,4 * * *"
+    - cron: "0 0,2,4 * * 0"
 
 env:
   # https://docs.renovatebot.com/troubleshooting/#log-debug-levels
@@ -44,12 +44,12 @@ jobs:
   renovate:
     runs-on: ubuntu-latest
     concurrency:
-      group: renovate
+      group: ${{ github.workflow }}-${{ github.ref }}
     steps:
       - name: Checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
-      - uses: actions/create-github-app-token@86576b355dd19da0519e0bdb63d8edb5bcf76a25 # v1.7.0
+      - uses: actions/create-github-app-token@f4c6bf6752984b3a29fcc135a5e70eb792c40c6b # v1.8.0
         id: app-token
         with:
           app-id: ${{ secrets.MY_RENOVATE_GITHUB_APP_ID }}

diff --git a/.github/workflows/semantic-pull-request.yml b/.github/workflows/semantic-pull-request.yml
@@ -1,4 +1,5 @@
-name: Semantic Pull Request
+---
+name: semantic-pull-request
 
 on:
   pull_request_target:
@@ -11,8 +12,7 @@ permissions:
   pull-requests: read
 
 jobs:
-  main:
-    name: Semantic Pull Request
+  semantic-pull-request:
     runs-on: ubuntu-latest
     steps:
       - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0

diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -1,4 +1,5 @@
-name: Close stale issues and PRs
+---
+name: stale
 
 on:
   schedule:
@@ -9,7 +10,7 @@ permissions:
   pull-requests: write
 
 jobs:
-  mark-stale-issues-and-prs:
+  stale:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0

diff --git a/.github/workflows/vuepress-build.yml b/.github/workflows/vuepress-build.yml
@@ -1,3 +1,4 @@
+---
 name: vuepress-build
 
 on:
@@ -21,7 +22,7 @@ jobs:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Install Node.js
-        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
         with:
           node-version: 16.x
 
@@ -42,7 +43,7 @@ jobs:
         with:
           url: ${{ steps.pages.outputs.base_url }}
           pages_path: .
-          cmd_params: '--exclude=(mylabs.dev|myexample.dev|github.com/ruzickap/k8s-flux-repository|azure.microsoft.com) --buffer-size=8192 --max-connections-per-host=5 --color=always --rate-limit=5 --header="User-Agent:Mozilla" --skip-tls-verification'
+          cmd_params: '--exclude=(mylabs.dev|localhost|myexample.dev|github.com/ruzickap/k8s-flux-repository|azure.microsoft.com) --buffer-size=8192 --max-connections-per-host=5 --color=always --rate-limit=5 --header="User-Agent:Mozilla" --skip-tls-verification'
 
       - name: Deploy
         uses: peaceiris/actions-gh-pages@373f7f263a76c20808c831209c920827a82a2847 # v3.9.3

diff --git a/.gitignore b/.gitignore
@@ -1,27 +1,28 @@
 # pre-commit configuration file
 .pre-commit-config.yaml
 
-# Kubernetes kubeconfig file
-kubeconfig*.conf*
+# demo-magic.sh script
+demo-magic.sh
 
 # Vuepress Pages
 docs/.vuepress/dist
-docs/.vuepress/.temp/
-docs/.vuepress/.cache/
 
-# tmp directory
-tmp/
+# Kubernetes kubeconfig file
+kubeconfig*.conf*
 
 # Node modules
 node_modules/
 
+# nohup output
+nohup.out
+
 # README.sh script
 README.sh
 
-# demo-magic.sh script
-demo-magic.sh
+# tmp directory
+tmp/
 
 # Terraform files
-.terraform
+.terraform*
 *.tfstate*
 crash.log
diff --git a/.trivyignore.yaml b/.trivyignore.yaml
@@ -1,16 +1,20 @@
 vulnerabilities:
-  # │ glob-parent  │ CVE-2020-28469 │ HIGH     │ fixed  │ 3.1.0             │ 5.1.2         │ Regular expression denial of service                        │
+  # │ glob-parent   │ CVE-2020-28469 │ HIGH     │ fixed    │ 3.1.0             │ 5.1.2               │ Regular expression denial of service                        │
   - id: CVE-2020-28469
-  # │ json5        │ CVE-2022-46175 │ HIGH     │ fixed  │ 0.5.1             │ 2.2.2, 1.0.2  │ json5: Prototype Pollution in JSON5 via Parse Method        │
+  # │ json5         │ CVE-2022-46175 │ HIGH     │ fixed    │ 0.5.1             │ 2.2.2, 1.0.2        │ json5: Prototype Pollution in JSON5 via Parse Method        │
   - id: CVE-2022-46175
-  # │ loader-utils │ CVE-2022-37601 │ CRITICAL │ fixed  │ 0.2.17            │ 2.0.3, 1.4.1  │ loader-utils: prototype pollution in function parseQuery in │
+  # │ loader-utils  │ CVE-2022-37601 │ CRITICAL │ fixed    │ 0.2.17            │ 2.0.3, 1.4.1        │ loader-utils: prototype pollution in function parseQuery in │
   - id: CVE-2022-37601
-  # │ node-forge   │ CVE-2022-24771 │ HIGH     │ fixed  │ 0.10.0            │ 1.3.0         │ node-forge: Signature verification leniency in checking     │
+  # │ node-forge    │ CVE-2022-24771 │ HIGH     │ fixed    │ 0.10.0            │ 1.3.0               │ node-forge: Signature verification leniency in checking     │
   - id: CVE-2022-24771
-  # │ node-forge   │ CVE-2022-24772 │ HIGH     │ fixed  │ 0.10.0            │ 1.3.0         │ node-forge: Signature verification failing to check tailing │
+  # │ node-forge    │ CVE-2022-24772 │ HIGH     │ fixed    │ 0.10.0            │ 1.3.0               │ node-forge: Signature verification failing to check tailing │
   - id: CVE-2022-24772
-  # │ nth-check    │ CVE-2021-3803  │ HIGH     │ fixed  │ 1.0.2             │ 2.0.1         │ inefficient regular expression complexity                   │
+  # │ nth-check     │ CVE-2021-3803  │ HIGH     │ fixed    │ 1.0.2             │ 2.0.1               │ inefficient regular expression complexity                   │
   - id: CVE-2021-3803
+  # | ip            │ CVE-2023-42282 │ HIGH     │ affected │ 1.1.8             │                     │ An issue in NPM IP Package v.1.1.8 and before allows an     │
+  - id: CVE-2023-42282
+  # │ normalize-url │ CVE-2021-33502 │ HIGH     │ fixed    │ 4.5.0             │ 4.5.1, 5.3.1, 6.0.1 │ ReDoS for data URLs                                         │
+  - id: CVE-2021-33502
 
 misconfigurations:
   # Launch configuration with unencrypted block device.