From 166ebd177ec5a403e60b12094939d1a4758fecc3 Mon Sep 17 00:00:00 2001 From: Michael Valdron Date: Wed, 11 Mar 2026 13:57:24 -0400 Subject: [PATCH 1/3] init renovate config Signed-off-by: Michael Valdron --- renovate.json | 85 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 renovate.json diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..f822771 --- /dev/null +++ b/renovate.json @@ -0,0 +1,85 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:base", + "helpers:pinGitHubActionDigests", + ":gitSignOff" + ], + "timezone": "America/Toronto", + "schedule": [ + "* 19-23 * * 0", + "* 0-2 * * 1" + ], + "enabledManagers": [ + "dockerfile", + "github-actions", + "custom.regex", + "pep621", + "npm" + ], + "regexManagers": [ + { + "fileMatch": [ + "(M|m)akefile$" + ], + "matchStrings": [ + "RAG_CONTENT_IMAGE\\s+\\?\\=\\s+\"?(?.*?)\\:release-(?.*)-lcs\"?\\n" + ], + "datasourceTemplate": "docker", + "depNameTemplate": "quay.io/redhat-ai-dev/rag-content" + } + ], + "packageRules": [ + { + "matchUpdateTypes": ["major"], + "enabled": false + }, + { + "matchManagers": ["dockerfile"], + "matchPackageNames": ["registry.access.redhat.com/ubi9/ubi-minimal"], + "matchUpdateTypes": ["major", "patch"], + "enabled": false + }, + { + "matchManagers": ["pep621"], + "matchPackageNames": ["python"], + "matchUpdateTypes": ["major", "minor"], + "enabled": false + }, + { + "matchDepNames": ["quay.io/redhat-ai-dev/rag-content"], + "extractVersion": "^release-(?\\d+\\.\\d+)-l(c|l)s", + "versioning": "loose" + }, + { + "matchManagers": ["github-actions"], + "groupName": "github actions", + "groupSlug": "github-actions", + "commitMessageTopic": "{{depName}}" + }, + { + "matchManagers": ["dockerfile"], + "groupName": "dockerfile deps", + "groupSlug": "dockerfile-deps", + "commitMessageTopic": "{{depName}}" + }, + { + "matchManagers": ["pep621"], + "groupName": "python deps", + "groupSlug": "python-deps", + "commitMessageTopic": "{{depName}}" + }, + { + "matchManagers": ["npm"], + "groupName": "npm deps", + "groupSlug": "npm-deps", + "commitMessageTopic": "{{depName}}" + } + ], + "vulnerabilityAlerts": { + "enabled": true + }, + "prHourlyLimit": 20, + "prConcurrentLimit": 10, + "labels": ["renovatebot"] +} From a385462ba78aa86873e7de86bd05a666eb6d5558 Mon Sep 17 00:00:00 2001 From: Michael Valdron Date: Wed, 11 Mar 2026 14:04:50 -0400 Subject: [PATCH 2/3] pin github actions Signed-off-by: Michael Valdron --- .github/workflows/ci.yml | 8 ++++---- .github/workflows/validation.yml | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6374da7..d08db6a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -36,7 +36,7 @@ jobs: steps: - name: Free Disk Space - uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: tool-cache: false android: true @@ -52,7 +52,7 @@ jobs: sudo apt install -y buildah qemu-user-static - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Determine tags id: tags @@ -70,7 +70,7 @@ jobs: - name: Build image with Buildah id: build_image - uses: redhat-actions/buildah-build@v2 + uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2.13 with: image: ${{ env.IMAGE_NAME }} tags: ${{ steps.tags.outputs.tags }} @@ -95,7 +95,7 @@ jobs: fi - name: Push image to Quay.io - uses: redhat-actions/push-to-registry@v2 + uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2.8 with: image: ${{ steps.build_image.outputs.image }} tags: ${{ steps.build_image.outputs.tags }} diff --git a/.github/workflows/validation.yml b/.github/workflows/validation.yml index 0544b8e..0fe7986 100644 --- a/.github/workflows/validation.yml +++ b/.github/workflows/validation.yml @@ -29,7 +29,7 @@ jobs: working-directory: ./scripts/python-scripts steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Setup Environment run: pip3 install -r requirements.txt - name: Validate prompt @@ -40,9 +40,9 @@ jobs: contents: read steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Use Node.js and cache dependencies - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: '22.21' cache: 'yarn' From 7af1b5cc5de5de1e768332a7a648b913ede7491c Mon Sep 17 00:00:00 2001 From: Michael Valdron Date: Wed, 11 Mar 2026 14:38:17 -0400 Subject: [PATCH 3/3] disable lightspeed stack base image patching (for library mode) Signed-off-by: Michael Valdron --- renovate.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/renovate.json b/renovate.json index f822771..dd79c64 100644 --- a/renovate.json +++ b/renovate.json @@ -40,6 +40,11 @@ "matchUpdateTypes": ["major", "patch"], "enabled": false }, + { + "matchManagers": ["dockerfile"], + "matchPackageNames": ["quay.io/lightspeed-core/lightspeed-stack"], + "enabled": false + }, { "matchManagers": ["pep621"], "matchPackageNames": ["python"],