admin/homelab-manifests
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
739 Commits 31 Branches 0 Tags
d53d29aed2d56f8f9f77609baebbe1dc0c88389b
Commit Graph

5 Commits

Author SHA1 Message Date
admin 454cce9691 renovate: expand to Tier 1 allowlist + 3-day stability delay 
Grows the Renovate pilot from 4 apps to a 16-app Tier 1 allowlist of
low-risk leaf apps (no DBs / schema migrations). packageRules keeps the
same 4-rule shape (default-deny, enable, automerge-minor/patch,
major-dashboard-approval) with the expanded package list in all three
Tier 1 rules.

Behavior changes:
- minimumReleaseAge "3 days" on the automerge rule: Renovate won't open
  a minor/patch PR until the tag has been published upstream for 3 days
  (stability gate; chosen over branch protection, which would disable
  automerge entirely).

Image-string corrections vs. the planned list (Renovate matches the
exact image as written in the manifest; verified against the YAML):
- homepage  -> ghcr.io/gethomepage/homepage   (had no registry)
- reloader  -> ghcr.io/stakater/reloader      (had no registry)
- termix    -> ghcr.io/lukegus/termix         (had no registry)

Notes:
- registry.k8s.io/kube-state-metrics/kube-state-metrics is kept in the
  list but currently matches nothing: ksm has no image in this repo
  (only a Prometheus scrape target), so it's a harmless no-op until ksm
  is ever deployed via a manifest here.
- ghcr.io/lukegus/termix uses a non-semver tag (release-1.11.0); watch
  whether Renovate categorizes its updates as minor/patch.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 22:00:49 +02:00
admin 05de03d1d3 admin-system: add Renovate Bot pilot (CronJob + config) 
Self-hosted Renovate as a weekly CronJob (Sun 04:00 Europe/Budapest)
opening dependency-update PRs against admin/homelab-manifests on Gitea.

Pilot is deliberately narrow:
- Only the kubernetes + helm-values managers are enabled.
- Default-deny packageRule; only four images may update:
  opengist, uptime-kuma, gokapi, cal.com.
- minor/patch -> PR with Gitea native auto-merge (platformAutomerge).
- major -> held for manual approval via Dependency Dashboard checkbox.

Image pinned to renovate/renovate:43.197.0 (the plain tag is the
minimal image; the -slim suffix was retired upstream after v37.440.x).
Stateless: no Service/Ingress/PVC. Read-only root FS with a 2Gi /tmp
emptyDir for git clones + cache. Secrets from existing renovate-secrets.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 21:27:35 +02:00
admin e8b25a9a99 added upsnap and guacamole 2026-02-18 12:32:57 +01:00
admin 8928dd923c added tailscale 2026-02-11 14:30:29 +01:00
admin 9008698e36 added admin-tools 2026-01-15 20:41:24 +01:00