The previous attempt (inline `# renovate:` comment in termix.yaml) silently
did nothing -- after merge + manual run, the dashboard's
`termix-system/termix.yaml (2)` was the resource count (Deployment +
Ingress), not detected updates. No PRs opened, no termix branches, no
queue entries anywhere.
Root cause: Renovate's `kubernetes` manager does NOT process inline
`# renovate:` comments. Those work for dockerfile/flux/helmfile/github-
actions/helm-values/etc., but kubernetes is missing from that list.
Correct fix: a `customManagers.regex` entry that extracts termix's image
directly with the right datasource/versioning/extractVersion set at
EXTRACTION time -- before any docker-version pre-check can reject the
prefixed tag. Plus a packageRule disabling the kubernetes manager for
termix so it doesn't silently skip the dep and clutter the dashboard.
Changes:
- admin-system/renovate.yaml:
* enabledManagers += "custom.regex"
* customManagers: termix.yaml regex extraction -> github-releases
datasource on Termix-SSH/Termix with `extractVersion=^release-(?<version>.+)$`
* packageRules: disable kubernetes manager for ghcr.io/lukegus/termix
- termix-system/termix.yaml: drop the useless inline comment, leave a
NOTE explaining where the actual config lives.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Debug-level dry-run revealed why the previous packageRule approach
(`datasource: github-releases` + `packageName: Termix-SSH/Termix` +
`versioning: regex:^release-...`) silently did nothing:
DEBUG: Dependency ghcr.io/lukegus/termix has unsupported/unversioned
value release-1.11.0 (versioning=docker)
DEBUG: Skipping ghcr.io/lukegus/termix because no currentDigest or
pinDigests
The kubernetes manager extracts the image with the default versioning
(=docker), runs an EARLY currentValue pre-check, fails on `release-1.11.0`,
falls back to digest-based updates, and gives up -- all BEFORE the
packageRule's `versioning` override has a chance to apply. Same failure
class as the earlier `extractVersion` attempt.
Renovate's documented fix for this exact case is an inline manifest
comment that applies overrides at extraction time:
# renovate: datasource=github-releases depName=Termix-SSH/Termix \
# versioning=loose extractVersion=^release-(?<version>.+)$
image: ghcr.io/lukegus/termix:release-1.11.0
With extractVersion stripping the `release-` prefix at extraction, the
loose semver parser handles the resulting `1.11.0` / `2.3.2` fine.
github-releases datasource gives Renovate real upstream timestamps so
the 3-day stability gate works normally. Removing the now-superseded
packageRule keeps the config clean (6 rules instead of 7).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
"description": "termix uses a release-X.Y.Z prefixed tag that the kubernetes manager's docker-versioning pre-check rejects (so no PRs are ever created). This customManager extracts the image directly, redirects the version lookup to GitHub Releases at Termix-SSH/Termix (which exposes timestamps the 3-day stability gate needs), and uses extractVersion to strip the `release-` prefix so loose semver can parse it.",
"description": "All apps: 3-day stability gate before any PR opens",
@@ -90,17 +104,16 @@ data:
],
"automerge": false
},
{
"description": "termix: use github-releases as datasource (ghcr.io OCI manifest for this image lacks the release timestamp Renovate needs for the stability gate; GitHub Releases at Termix-SSH/Termix expose proper timestamps so the 3-day gate works as intended). regex versioning parses the release-X.Y.Z prefix. Renovate still writes the new tag to the same ghcr.io/lukegus/termix image (the registry hosts every release).",
"description": "termix: kubernetes manager would extract the image with versioning=docker and silently skip it (release-1.11.0 fails the docker pre-check). Disable that extraction; customManagers above does the real work via github-releases.",
# Configure proxy auth in database before starting
- name:configure-auth
image:filebrowser/filebrowser:v2.54.0
image:filebrowser/filebrowser:v2.63.5
command:
- sh
- -c
@@ -151,7 +151,7 @@ spec:
runAsGroup:1000
containers:
- name:filebrowser
image:filebrowser/filebrowser:v2.54.0
image:filebrowser/filebrowser:v2.63.5
command:
- filebrowser
- --database=/config/filebrowser.db
@@ -324,7 +324,7 @@ spec:
runAsUser:0
containers:
- name:nginx
image:nginx:1.27-alpine
image:nginx:1.31-alpine
ports:
- containerPort:8080
name:http
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Renovate Bot
admin