From 86ea5e15348b9518378d09d5cdae0cd8c2f01819 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Min=C3=A1=C5=99?= <michal.minar@id.ethz.ch>
Date: Thu, 16 May 2024 16:21:59 +0200
Subject: [PATCH 1/5] prepare for renovate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

pinned dependency versions

Signed-off-by: Michal Minář <michal.minar@id.ethz.ch>
---
 .gitlab-ci.yml    |  9 +++------
 .gitlab/lint.yaml |  2 +-
 image/Dockerfile  | 18 ++++++++++++------
 3 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8df4a11..9fca8f9 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -4,10 +4,12 @@ stages:
   - sast
   - test
   - build
+  - renovate
 
 include:
   - local: .gitlab/lint.yaml
   - remote: https://gitlab.com/ethz-hpc/pipelines/-/raw/main/scripts/container/build-push.yaml
+  - remote: https://gitlab.com/ethz-hpc/pipelines/-/raw/main/scripts/renovate.yaml
   - template: Security/Secret-Detection.gitlab-ci.yml
   - template: Security/SAST.gitlab-ci.yml
 
@@ -24,7 +26,7 @@ workflow:
       when: never
 
 variables:
-  CACHE: "yes"
+  CACHE: auto
 
 pixiecore:
   variables:
@@ -34,9 +36,4 @@ pixiecore:
       BUILD_EXTRA_ARGS="$BUILD_EXTRA_ARGS
       --build-arg=REVISION=${TAG:-$CI_COMMIT_SHORT_SHA}
       --build-arg=CREATED=$(date '+%Y-%m-%d %H:%M:%S%:z')"
-    # disable cache for tagged releases, default branch and schedules
-    - >
-      [ -z "$CI_COMMIT_TAG" ] && [ "$CI_COMMIT_REF_NAME" != "$CI_DEFAULT_BRANCH" ] \
-                              && [ "$CI_PIPELINE_SOURCE" != "schedule" ] || CACHE=no
-
   extends: .kaniko-build
diff --git a/.gitlab/lint.yaml b/.gitlab/lint.yaml
index f1f2b81..2db39c4 100644
--- a/.gitlab/lint.yaml
+++ b/.gitlab/lint.yaml
@@ -1,7 +1,7 @@
 ---
 hadolint:
   stage: lint
-  image: registry.gitlab.com/pipeline-components/hadolint:latest
+  image: registry.gitlab.com/pipeline-components/hadolint:0.25.9
   script:
     # DL3008 warning: Pin versions in apt get install. Instead of
     #   `apt-get install <package>` use `apt-get install <package>=<version>`
diff --git a/image/Dockerfile b/image/Dockerfile
index 723e634..bd5b1fb 100644
--- a/image/Dockerfile
+++ b/image/Dockerfile
@@ -1,12 +1,16 @@
-ARG ALPINE_RELEASE=3
+ARG ALPINE_RELEASE=3.19
+ARG GOLANG_VERSION=1.21
+ARG NETBOOT_REVISION=64f6de6
+ARG GCOMPAT_VERSION=1.1.0
 
-FROM golang:1.21 as builder
+FROM golang:${GOLANG_VERSION} as builder
 RUN rm -rf /app; mkdir /app
 WORKDIR /app
-RUN git clone --depth 1 https://github.com/danderson/netboot.git . && \
+RUN git clone https://github.com/danderson/netboot.git . && \
+    git checkout "${NETBOOT_REVISION}" && \
     go build -o out/pixiecore ./cmd/pixiecore
 
-FROM golang:1.21 as cmdline-builder
+FROM golang:${GOLANG_VERSION} as cmdline-builder
 RUN rm -rf /app; mkdir /app
 WORKDIR /app
 COPY . .
@@ -18,8 +22,10 @@ ARG REVISION
 ARG CREATED
 ARG ALPINE_RELEASE=3
 
-# hadolint ignore=DL3018
-RUN apk add --no-cache gcompat
+# hadolint ignore=DL3019
+RUN apk update \
+ && apk add gcompat~="${GCOMPAT_VERSION}" \
+ && rm -rf /var/cache/apk/*
 COPY --from=builder /app/out/pixiecore /usr/local/bin/
 COPY --from=cmdline-builder /app/cmdline-builder /usr/local/bin/
 RUN chmod +x /usr/local/bin/pixiecore /usr/local/bin/cmdline-builder
-- 
GitLab


From 1c2378781f60dc69c48dfbbfe496618d594f9d7f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Min=C3=A1=C5=99?= <michal.minar@id.ethz.ch>
Date: Thu, 16 May 2024 16:28:44 +0200
Subject: [PATCH 2/5] fixup
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Michal Minář <michal.minar@id.ethz.ch>
---
 image/Dockerfile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/image/Dockerfile b/image/Dockerfile
index bd5b1fb..9fef8d3 100644
--- a/image/Dockerfile
+++ b/image/Dockerfile
@@ -1,9 +1,8 @@
 ARG ALPINE_RELEASE=3.19
 ARG GOLANG_VERSION=1.21
-ARG NETBOOT_REVISION=64f6de6
-ARG GCOMPAT_VERSION=1.1.0
 
 FROM golang:${GOLANG_VERSION} as builder
+ARG NETBOOT_REVISION=64f6de6
 RUN rm -rf /app; mkdir /app
 WORKDIR /app
 RUN git clone https://github.com/danderson/netboot.git . && \
@@ -20,7 +19,8 @@ FROM alpine:${ALPINE_RELEASE}
 
 ARG REVISION
 ARG CREATED
-ARG ALPINE_RELEASE=3
+ARG ALPINE_RELEASE=3.19
+ARG GCOMPAT_VERSION=1.1.0
 
 # hadolint ignore=DL3019
 RUN apk update \
-- 
GitLab


From f491c49f3bf5111f9b94db32dcc7e4fe9216abba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Min=C3=A1=C5=99?= <michal.minar@id.ethz.ch>
Date: Thu, 16 May 2024 16:35:34 +0200
Subject: [PATCH 3/5] fixup
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Michal Minář <michal.minar@id.ethz.ch>
---
 .gitlab-ci.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 9fca8f9..692d585 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -9,7 +9,8 @@ stages:
 include:
   - local: .gitlab/lint.yaml
   - remote: https://gitlab.com/ethz-hpc/pipelines/-/raw/main/scripts/container/build-push.yaml
-  - remote: https://gitlab.com/ethz-hpc/pipelines/-/raw/main/scripts/renovate.yaml
+  - remote: https://gitlab.com/ethz-hpc/pipelines/-/raw/main/scripts/renovate/config-lint.yaml
+  - remote: https://gitlab.com/ethz-hpc/pipelines/-/raw/main/scripts/renovate/run.yaml
   - template: Security/Secret-Detection.gitlab-ci.yml
   - template: Security/SAST.gitlab-ci.yml
 
-- 
GitLab


From f2a51e514411bd37d51616795699717c0ac4fdcc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Min=C3=A1=C5=99?= <michal.minar@id.ethz.ch>
Date: Thu, 16 May 2024 16:38:35 +0200
Subject: [PATCH 4/5] fixup
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Michal Minář <michal.minar@id.ethz.ch>
---
 .gitlab/lint.yaml | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/.gitlab/lint.yaml b/.gitlab/lint.yaml
index 2db39c4..62d5fb2 100644
--- a/.gitlab/lint.yaml
+++ b/.gitlab/lint.yaml
@@ -3,13 +3,11 @@ hadolint:
   stage: lint
   image: registry.gitlab.com/pipeline-components/hadolint:0.25.9
   script:
-    # DL3008 warning: Pin versions in apt get install. Instead of
-    #   `apt-get install <package>` use `apt-get install <package>=<version>`
-    - hadolint --ignore DL3008 image/Dockerfile
+    - hadolint image/Dockerfile
 
 yamllint:
   stage: lint
-  image: registry.gitlab.com/pipeline-components/yamllint:latest
+  image: registry.gitlab.com/pipeline-components/yamllint:0.31.1
   script:
     - yamllint .
   rules:
@@ -24,11 +22,9 @@ yamllint:
 
 markdownlint:
   stage: lint
-  image: registry.gitlab.com/pipeline-components/markdownlint:latest
+  image: registry.gitlab.com/pipeline-components/0.13.2
   script:
-    # MD057 is broken as of now
-    # https://github.com/markdownlint/markdownlint/commit/f97a364ed880a690f509d144641b89ba16dd92e5
-    - mdl --style all --rules ~MD057 --warnings .
+    - mdl --style all --warnings .
 
 golangci-lint:
   stage: lint
-- 
GitLab


From 27c53dc8ef15b9383d070b54922874a79ce26bfb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Min=C3=A1=C5=99?= <michal.minar@id.ethz.ch>
Date: Thu, 16 May 2024 16:40:24 +0200
Subject: [PATCH 5/5] fixup
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Michal Minář <michal.minar@id.ethz.ch>
---
 .gitlab/lint.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab/lint.yaml b/.gitlab/lint.yaml
index 62d5fb2..0d7cccd 100644
--- a/.gitlab/lint.yaml
+++ b/.gitlab/lint.yaml
@@ -22,7 +22,7 @@ yamllint:
 
 markdownlint:
   stage: lint
-  image: registry.gitlab.com/pipeline-components/0.13.2
+  image: registry.gitlab.com/pipeline-components/markdownlint:0.13.2
   script:
     - mdl --style all --warnings .
 
-- 
GitLab