updates to workflows

.github/labeler.yaml

@@ -1,11 +1,16 @@
 ---
 area/github:
-  - ".github/**/*"
-area/taskfiles:
-  - ".taskfiles/**/*"
+  - changed-files:
+      - any-glob-to-any-file: .github/**/*
 area/kubernetes:
-  - "kubernetes/**/*"
+  - changed-files:
+      - any-glob-to-any-file: kubernetes/**/*
 area/talos:
-  - "talos/**/*"
+  - changed-files:
+      - any-glob-to-any-file: talos/**/*
+area/taskfiles:
+  - changed-files:
+      - any-glob-to-any-file: .taskfiles/**/*
 area/terraform:
-  - "terraform/**/*"
+  - changed-files:
+      - any-glob-to-any-file: terraform/**/*

.github/labels.yaml

@@ -1,66 +1,37 @@
 ---
-# Area
+# Areas
 - name: area/github
-  color: "72ccf3"
-  description: >-
-    Changes made in the github directory
-- name: area/taskfiles
-  color: "72ccf3"
-  description: >-
-    Changes made in the taskfiles directory
+  color: "0e8a16"
 - name: area/kubernetes
-  color: "72ccf3"
-  description: >-
-    Changes made in the kubernetes directory
+  color: "0e8a16"
 - name: area/talos
-  color: "72ccf3"
-  description: >-
-    Changes made in the talos directory
+  color: "0e8a16"
+- name: area/taskfiles
+  color: "0e8a16"
 - name: area/terraform
-  color: "72ccf3"
-  description: >-
-    Changes made in the terraform directory
-# Renovate
-- name: renovate/ansible
-  color: "ffc300"
+  color: "0e8a16"
+# Renovate Types
 - name: renovate/container
-  color: "ffc300"
+  color: "027fa0"
 - name: renovate/github-action
-  color: "ffc300"
-- name: renovate/github-release
-  color: "ffc300"
+  color: "027fa0"
 - name: renovate/grafana-dashboard
-  color: "ffc300"
+  color: "027fa0"
+- name: renovate/github-release
+  color: "027fa0"
 - name: renovate/helm
-  color: "ffc300"
+  color: "027fa0"
 - name: renovate/terraform
-  color: "ffc300"
-# Semantic Type
+  color: "027fa0"
+# Semantic Types
 - name: type/digest
-  color: "FFEC19"
+  color: "ffeC19"
 - name: type/patch
-  color: "FFEC19"
+  color: "ffeC19"
 - name: type/minor
-  color: "FF9800"
+  color: "ff9800"
 - name: type/major
-  color: "F6412D"
-- name: type/break
-  color: "F6412D"
-# Release Issue
-- name: image-not-found
-  color: "ee0701"
+  color: "f6412d"
 # Uncategorized
-- name: bug
-  color: "ee0701"
-- name: do-not-merge
+- name: hold
   color: "ee0701"
-- name: docs
-  color: "F4D1B7"
-- name: enhancement
-  color: "84b6eb"
-- name: broken-links
-  color: "7B55D7"
-- name: question
-  color: "cc317c"
-- name: community
-  color: "0e8a16"

.github/renovate.json5

@@ -3,12 +3,15 @@
   "extends": [
     "config:recommended",
     "docker:enableMajor",
+    "helpers:pinGitHubActionDigests",
+    "replacements:k8s-registry-move",
+    ":automergeBranch",
+    ":automergeDigest",
     ":disableRateLimiting",
     ":dependencyDashboard",
     ":semanticCommits",
-    ":automergeDigest",
-    ":automergeBranch",
-    ":automergePatch",
+    ":skipStatusChecks",
+    ":timezone(Australia/Melbourne)",
     "github>spiceratops/k8s-gitops//.github/renovate/allowedVersions.json5",
     "github>spiceratops/k8s-gitops//.github/renovate/autoMerge.json5",
     "github>spiceratops/k8s-gitops//.github/renovate/commitMessage.json5",
@@ -17,24 +20,31 @@
     "github>spiceratops/k8s-gitops//.github/renovate/groups.json5",
     "github>spiceratops/k8s-gitops//.github/renovate/labels.json5",
     "github>spiceratops/k8s-gitops//.github/renovate/packageRules.json5",
-    "github>spiceratops/k8s-gitops//.github/renovate/semanticCommits.json5",
-    "helpers:pinGitHubActionDigests"
+    "github>spiceratops/k8s-gitops//.github/renovate/semanticCommits.json5"
   ],
-  "platform": "github",
   "onboarding": false,
   "requireConfig": "optional",
   "dependencyDashboardTitle": "Renovate Dashboard 🤖",
   "suppressNotifications": [
+    "prEditedNotification",
     "prIgnoreNotification"
   ],
+  "rebaseWhen": "conflicted",
+  "assigneesFromCodeOwners": true,
+  "reviewersFromCodeOwners": true,
+  "ignorePaths": [
+    "**/configs/**"
+  ],
   "flux": {
     "fileMatch": [
+      "(^|/)\\.taskfiles/.+\\.ya?ml(\\.j2)?$",
       "(^|/)talos/.+\\.ya?ml(\\.j2)?$",
       "(^|/)kubernetes/.+\\.ya?ml(\\.j2)?$"
     ]
   },
   "helm-values": {
     "fileMatch": [
+      "(^|/)\\.taskfiles/.+\\.ya?ml(\\.j2)?$",
       "(^|/)talos/.+\\.ya?ml(\\.j2)?$",
       "(^|/)kubernetes/.+\\.ya?ml(\\.j2)?$"
     ]

.github/renovate/allowedVersions.json5

@@ -6,9 +6,9 @@
         "docker"
       ],
       "matchPackagePatterns": [
-        "kopia"
+        "postgresql"
       ],
-      "allowedVersions": "<10"
+      "allowedVersions": "<=16"
     }
   ]
 }

.github/renovate/customManagers.json5

@@ -5,7 +5,6 @@
       "customType": "regex",
       "description": "Process generic dependencies",
       "fileMatch": [
-        "(^|/)\\.taskfiles/.+\\.ya?ml(\\.j2)?$",
         "(^|/)talos/.+\\.ya?ml(\\.j2)?$",
         "(^|/)kubernetes/.+\\.ya?ml(\\.j2)?$"
       ],
@@ -18,7 +17,6 @@
       "customType": "regex",
       "description": "Process custom dependencies",
       "fileMatch": [
-        "(^|/)\\.taskfiles/.+\\.ya?ml(\\.j2)?$",
         "(^|/)talos/.+\\.ya?ml(\\.j2)?$",
         "(^|/)kubernetes/.+\\.ya?ml(\\.j2)?$"
       ],

.github/renovate/groups.json5

@@ -17,6 +17,21 @@
       },
       "separateMinorPatch": true
     },
+    {
+      "description": "Actions-Runner Group",
+      "groupName": "Actions-Runner",
+      "matchPackagePatterns": [
+        "actions.runner"
+      ],
+      "matchDatasources": [
+        "docker",
+        "helm"
+      ],
+      "group": {
+        "commitMessageTopic": "{{{groupName}}} group"
+      },
+      "separateMinorPatch": true
+    },
     {
       "description": "Rook-Ceph Group",
       "groupName": "Rook-Ceph",
@@ -32,14 +47,14 @@
       "separateMinorPatch": true
     },
     {
-      "description": "External Snapshotter Group",
-      "groupName": "External Snapshotter",
-      "matchPackageNames": [
-        "snapshot-controller",
-        "snapshot-validation-webhook"
+      "description": "System-Upgrade-Controller Group",
+      "groupName": "System-Upgrade-Controller",
+      "matchPackagePatterns": [
+        "rancher/system-upgrade-controller"
       ],
       "matchDatasources": [
-        "helm"
+        "docker",
+        "github-releases"
       ],
       "group": {
         "commitMessageTopic": "{{{groupName}}} group"
@@ -50,9 +65,9 @@
       "description": "Talos Group",
       "groupName": "Talos",
       "matchPackagePatterns": [
+        "buroa/installer",
         "siderolabs/talos",
-        "siderolabs/talosctl",
-        "buroa/installer"
+        "siderolabs/talosctl"
       ],
       "matchDatasources": [
         "docker",

.github/renovate/packageRules.json5

@@ -8,20 +8,8 @@
       ],
       "versioning": "loose",
       "matchPackagePatterns": [
-        "plex",
         "qbittorrent"
       ]
-    },
-    {
-      "description": "Custom versioning for i915-ucode and intel-ucode",
-      "matchDatasources": [
-        "docker"
-      ],
-      "versioning": "regex:^(?<major>\\d{4})(?<minor>\\d{2})(?<patch>\\d{2})\\.?(?<build>\\d+)?$",
-      "matchPackageNames": [
-        "ghcr.io/siderolabs/i915-ucode",
-        "ghcr.io/siderolabs/intel-ucode"
-      ]
     }
   ]
 }

.github/workflows/flux-diff.yaml

@@ -1,11 +1,16 @@
 ---
-  name: "Flux Diff"
+  name: Flux Diff
 
   on:
     pull_request:
       branches: ["main"]
       paths: ["kubernetes/**.yaml"]
 
+  env:
+    DEBCONF_NONINTERACTIVE_SEEN: "true"
+    DEBIAN_FRONTEND: noninteractive
+    APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE: DontWarn
+
   jobs:
     flux-diff:
       name: Flux Diff
@@ -18,21 +23,25 @@
           resource: ["helmrelease", "kustomization"]
       steps:
         - name: Generate Token
-          uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
-          id: generate-token
+          uses: actions/create-github-app-token@2986852ad836768dfea7781f31828eb3e17990fa # v1.6.2
+          id: app-token
           with:
-            app_id: "${{ secrets.BOT_APP_ID }}"
-            private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+            app-id: "${{ secrets.BOT_APP_ID }}"
+            private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
 
         - name: Login to GitHub Container Registry
           uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
           with:
             registry: ghcr.io
             username: "${{ secrets.BOT_APP_ID }}"
-            password: "${{ steps.generate-token.outputs.token }}"
+            password: "${{ steps.app-token.outputs.token }}"
+
+        - name: Setup Flux
+          uses: fluxcd/flux2/action@5c5c15ea212b8f029a110f9975851d25c8272695 # v2.2.2
 
         - name: Diff Resources
-          uses: allenporter/flux-local/action/diff@19bfc6920e8964a479363bc230e6c329120ead02 # 3.2.0
+          # uses: allenporter/flux-local/action/diff@19bfc6920e8964a479363bc230e6c329120ead02 # 3.2.0
+          uses: allenporter/flux-local/action/diff@flux-build
           id: diff
           with:
             live-branch: main
@@ -44,7 +53,7 @@
           name: Add comment
           uses: mshick/add-pr-comment@7c0890544fb33b0bdd2e59467fbacb62e028a096 # v2.8.1
           with:
-            repo-token: "${{ steps.generate-token.outputs.token }}"
+            repo-token: "${{ steps.app-token.outputs.token }}"
             message-id: "${{ github.event.pull_request.number }}/${{ matrix.path }}/${{ matrix.resource }}"
             message-failure: Diff was not successful
             message: |