renovate: termix customManager — use regex versioning instead of loose+extractVersion

Third attempt. Debug run confirmed `loose` + `extractVersion` STILL produces: DEBUG: Dependency Termix-SSH/Termix has unsupported/unversioned value release-1.11.0 (versioning=loose) DEBUG: Skipping Termix-SSH/Termix because no currentDigest or pinDigests `extractVersion` is only applied to CANDIDATE versions (from the datasource), not to currentValue. Renovate's pre-validation runs the raw `release-1.11.0` through `loose`, which can't parse it (the `release-` prefix breaks semver detection), so Renovate falls back to digest-only and gives up. `regex` versioning is the only mode that parses the prefixed value directly (no extractVersion needed) — Renovate's regex.matches() accepts `release-1.11.0` because the rule's pattern captures the whole tag. github-releases datasource returns the upstream `release-X.Y.Z` tag_names which the same regex parses. No conversion needed; the new tag written back to the manifest is the same `release-X.Y.Z` form, valid in the ghcr.io/lukegus/termix registry. Removes extractVersionTemplate (no longer needed). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
renovate: termix via customManagers (kubernetes manager doesn't honor inline comments)
2026-06-06 10:03:54 +02:00 · 2026-06-06 09:42:12 +02:00
17 changed files with 45 additions and 23 deletions
@@ -46,10 +46,23 @@ data:
      "dependencyDashboardTitle": "Renovate Dependency Dashboard",
      "prHourlyLimit": 16,
      "prConcurrentLimit": 16,
-      "enabledManagers": ["kubernetes", "helm-values"],
+      "enabledManagers": ["kubernetes", "helm-values", "custom.regex"],
      "kubernetes": {
        "managerFilePatterns": ["/.+\\.ya?ml$/"]
      },
      "customManagers": [
        {
          "description": "termix uses a release-X.Y.Z prefixed tag. extractVersion + loose doesn't work because Renovate validates the raw currentValue BEFORE applying extractVersion. Using regex versioning (which parses the prefixed value directly) sidesteps the pre-check. Datasource redirected to GitHub Releases at Termix-SSH/Termix so the 3-day stability gate has real timestamps to work with.",
          "customType": "regex",
          "managerFilePatterns": ["/termix-system/.+\\.ya?ml$/"],
          "matchStrings": [
            "image:\\s+(?<depName>ghcr\\.io/lukegus/termix):(?<currentValue>release-\\d+\\.\\d+\\.\\d+)"
          ],
          "datasourceTemplate": "github-releases",
          "packageNameTemplate": "Termix-SSH/Termix",
          "versioningTemplate": "regex:^release-(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)$"
        }
      ],
      "packageRules": [
        {
          "description": "All apps: 3-day stability gate before any PR opens",
@@ -94,6 +107,12 @@ data:
          "description": "wanderer: db + web update together in one PR",
          "matchPackageNames": ["flomp/wanderer-db", "flomp/wanderer-web"],
          "groupName": "wanderer"
        },
        {
          "description": "termix: kubernetes manager would extract the image with versioning=docker and silently skip it (release-1.11.0 fails the docker pre-check). Disable that extraction; customManagers above does the real work via github-releases.",
          "matchManagers": ["kubernetes"],
          "matchPackageNames": ["ghcr.io/lukegus/termix"],
          "enabled": false
        }
      ],
      "labels": ["renovate"]
@@ -50,7 +50,7 @@ spec:
        fsGroup: 1000
      containers:
        - name: code-server
-          image: codercom/code-server:4.122.1
+          image: codercom/code-server:4.121.0
          args:
            - --bind-addr=0.0.0.0:8080
            - --auth=none
@@ -48,7 +48,7 @@ spec:
        fsGroup: 999
      containers:
        - name: healthchecks
-          image: healthchecks/healthchecks:v4.2
+          image: healthchecks/healthchecks:v4.0
          ports:
            - containerPort: 8000
          env:
@@ -2746,7 +2746,7 @@ spec:
        fsGroup: 1000
      initContainers:
        - name: build-bookmarks-index
-          image: mikefarah/yq:4.53.2
+          image: mikefarah/yq:4.50.1
          securityContext:
            runAsUser: 1000
            runAsGroup: 1000
@@ -1372,7 +1372,7 @@ spec:
        fsGroup: 1000
      initContainers:
        - name: build-bookmarks-index
-          image: mikefarah/yq:4.53.2
+          image: mikefarah/yq:4.50.1
          securityContext:
            runAsUser: 1000
            runAsGroup: 1000
@@ -123,7 +123,7 @@ initContainer:
    registry: index.docker.io
    repository: alpine
    # -- If unset use latest
-    tag: "3.23"
+    tag: "3.22"
    sha: ""
    pullPolicy: IfNotPresent
@@ -181,7 +181,7 @@ rclone:
    registry: index.docker.io
    repository: rclone/rclone
    # -- If unset use latest
-    tag: 1.74.2
+    tag: 1.70.3
    sha: ""
    pullPolicy: IfNotPresent
@@ -416,7 +416,7 @@ spec:
              value: http://immich-machine-learning:3003
            - name: REDIS_HOSTNAME
              value: immich-valkey
-          image: docker.io/valkey/valkey:9.1-alpine@sha256:a35428eba9043cc0b79dbe54100f0c92784f2de00ad09b01182bfb1c5c83d1bd
+          image: docker.io/valkey/valkey:9.0-alpine@sha256:d1cc70645bbcef743615463a2fa4616e841407545e18f560aed0c49671a90147
          imagePullPolicy: IfNotPresent
          livenessProbe:
            exec:
@@ -348,7 +348,7 @@ spec:
    spec:
      containers:
        - name: prometheus
-          image: prom/prometheus:v3.12.0
+          image: prom/prometheus:v3.9.1
          args:
            - --config.file=/etc/prometheus/prometheus.yml
            - --storage.tsdb.path=/prometheus
@@ -529,7 +529,7 @@ spec:
        runAsGroup: 472
      containers:
        - name: grafana
-          image: grafana/grafana:12.4.4
+          image: grafana/grafana:12.3.2
          ports:
            - containerPort: 3000
              name: http
@@ -552,7 +552,7 @@ spec:
            failureThreshold: 3
      initContainers:
        - name: postgresql-isready
-          image: docker.io/bitnamilegacy/postgresql:17.6.0-debian-12-r3
+          image: docker.io/bitnamilegacy/postgresql:17.5.0-debian-12-r3
          resources: {}
          securityContext: {}
          env:
@@ -637,7 +637,7 @@ spec:
      hostIPC: false
      containers:
        - name: postgresql
-          image: docker.io/bitnamilegacy/postgresql:17.6.0-debian-12-r3
+          image: docker.io/bitnamilegacy/postgresql:17.5.0-debian-12-r3
          imagePullPolicy: "IfNotPresent"
          securityContext:
            allowPrivilegeEscalation: false
@@ -27,7 +27,7 @@ spec:
    spec:
      containers:
        - name: onlyoffice
-          image: onlyoffice/documentserver:9.4.0
+          image: onlyoffice/documentserver:9.0.2
          imagePullPolicy: IfNotPresent
          env:
            - name: TZ
@@ -89,7 +89,7 @@ spec:
      initContainers:
        # Configure proxy auth in database before starting
        - name: configure-auth
-          image: filebrowser/filebrowser:v2.63.5
+          image: filebrowser/filebrowser:v2.54.0
          command:
            - sh
            - -c
@@ -109,7 +109,7 @@ spec:
            runAsGroup: 1001
      containers:
        - name: filebrowser
-          image: filebrowser/filebrowser:v2.63.5
+          image: filebrowser/filebrowser:v2.54.0
          command:
            - filebrowser
            - --database=/config/filebrowser.db
@@ -31,7 +31,7 @@ spec:
    spec:
      containers:
        - name: outline
-          image: outlinewiki/outline:1.8.0
+          image: outlinewiki/outline:1.4.0
          imagePullPolicy: IfNotPresent
          env:
            - name: NODE_ENV
@@ -244,7 +244,7 @@ spec:
    spec:
      containers:
        - name: qbittorrent
-          image: linuxserver/qbittorrent:5.2.1
+          image: linuxserver/qbittorrent:5.1.4
          imagePullPolicy: IfNotPresent
          env:
            - name: PUID
@@ -41,7 +41,10 @@ spec:
    spec:
      containers:
        - name: termix
-          # renovate: datasource=github-releases depName=Termix-SSH/Termix versioning=loose extractVersion=^release-(?<version>.+)$
+          # NOTE: termix uses a non-semver tag pattern (release-X.Y.Z).
          # Renovate handles it via a customManagers regex defined in
          # admin-system/renovate.yaml (the kubernetes manager doesn't
          # process inline `# renovate:` comments).
          image: ghcr.io/lukegus/termix:release-1.11.0
          imagePullPolicy: IfNotPresent
          ports:
@@ -30,7 +30,7 @@ spec:
    spec:
      containers:
        - name: uptimekuma
-          image: louislam/uptime-kuma:2.4.0
+          image: louislam/uptime-kuma:2.3.2
          imagePullPolicy: IfNotPresent
          env:
            - name: TZ
@@ -57,7 +57,7 @@ spec:
    spec:
      containers:
        - name: meilisearch
-          image: getmeili/meilisearch:v1.45.2
+          image: getmeili/meilisearch:v1.11.3
          env:
            - name: MEILI_MASTER_KEY
              valueFrom:
@@ -130,7 +130,7 @@ spec:
      initContainers:
        # Configure proxy auth in database before starting
        - name: configure-auth
-          image: filebrowser/filebrowser:v2.63.5
+          image: filebrowser/filebrowser:v2.54.0
          command:
            - sh
            - -c
@@ -151,7 +151,7 @@ spec:
            runAsGroup: 1000
      containers:
        - name: filebrowser
-          image: filebrowser/filebrowser:v2.63.5
+          image: filebrowser/filebrowser:v2.54.0
          command:
            - filebrowser
            - --database=/config/filebrowser.db
@@ -324,7 +324,7 @@ spec:
            runAsUser: 0
      containers:
        - name: nginx
-          image: nginx:1.31-alpine
+          image: nginx:1.27-alpine
          ports:
            - containerPort: 8080
              name: http