admin/homelab-manifests
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

renovate: default-allow + codify ArgoCD auto-sync #16

Merged
admin merged 5 commits from feat/renovate-default-allow into main 2026-06-05 07:58:04 +02:00
Conversation 0 Commits 5 Files Changed 2
+121 -73
2 changed files with 121 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit c308c0a85e - Show all commits
admin-system/renovate.yaml
+43 -73
View File
@@ -44,92 +44,62 @@ data:
"requireConfig": "optional",
"dependencyDashboard": true,
"dependencyDashboardTitle": "Renovate Dependency Dashboard",
"prHourlyLimit": 0,
"prConcurrentLimit": 0,
"prHourlyLimit": 8,
"prConcurrentLimit": 8,
"enabledManagers": ["kubernetes", "helm-values"],
"kubernetes": {
"managerFilePatterns": ["/.+\\.ya?ml$/"]
},
"packageRules": [
{
"description": "Default-deny everything",
"description": "All apps: 3-day stability gate before any PR opens",
"matchPackageNames": ["*"],
"enabled": false
},
{
"description": "Tier 1: enable updates for low-risk leaf apps",
"matchPackageNames": [
"ghcr.io/thomiceli/opengist",
"louislam/uptime-kuma",
"f0rc3/gokapi",
"docker.io/calcom/cal.com",
"advplyr/audiobookshelf",
"arcadiatechnology/crafty-4",
"codercom/code-server",
"ghcr.io/gethomepage/homepage",
"ghcr.io/headlamp-k8s/headlamp",
"prom/node-exporter",
"rommapp/romm",
"ghcr.io/stakater/reloader",
"privatebin/nginx-fpm-alpine",
"flomp/wanderer-db",
"flomp/wanderer-web",
"registry.k8s.io/kube-state-metrics/kube-state-metrics",
"ghcr.io/lukegus/termix"
],
"enabled": true
},
{
"description": "Tier 1: automerge minor/patch after 3-day stability window",
"matchPackageNames": [
"ghcr.io/thomiceli/opengist",
"louislam/uptime-kuma",
"f0rc3/gokapi",
"docker.io/calcom/cal.com",
"advplyr/audiobookshelf",
"arcadiatechnology/crafty-4",
"codercom/code-server",
"ghcr.io/gethomepage/homepage",
"ghcr.io/headlamp-k8s/headlamp",
"prom/node-exporter",
"rommapp/romm",
"ghcr.io/stakater/reloader",
"privatebin/nginx-fpm-alpine",
"flomp/wanderer-db",
"flomp/wanderer-web",
"registry.k8s.io/kube-state-metrics/kube-state-metrics",
"ghcr.io/lukegus/termix"
],
"matchUpdateTypes": ["minor", "patch"],
"automerge": true,
"automergeType": "pr",
"platformAutomerge": true,
"minimumReleaseAge": "3 days"
},
{
"description": "Tier 1: major bumps require dashboard approval (no automerge)",
"matchPackageNames": [
"ghcr.io/thomiceli/opengist",
"louislam/uptime-kuma",
"f0rc3/gokapi",
"docker.io/calcom/cal.com",
"advplyr/audiobookshelf",
"arcadiatechnology/crafty-4",
"codercom/code-server",
"ghcr.io/gethomepage/homepage",
"ghcr.io/headlamp-k8s/headlamp",
"prom/node-exporter",
"rommapp/romm",
"ghcr.io/stakater/reloader",
"privatebin/nginx-fpm-alpine",
"flomp/wanderer-db",
"flomp/wanderer-web",
"registry.k8s.io/kube-state-metrics/kube-state-metrics",
"ghcr.io/lukegus/termix"
],
"description": "Auto-merge minor/patch after the stability window",
"matchUpdateTypes": ["minor", "patch"],
"automerge": true,
"automergeType": "pr",
"platformAutomerge": true
},
{
"description": "Major bumps wait for dashboard approval (catches breaking/schema migrations)",
"matchUpdateTypes": ["major"],
"automerge": false,
"dependencyDashboardApproval": true
},
{
"description": "k3s-bundled components: never touch, they ride k3s upgrades",
"matchPackageNames": [
"rancher/local-path-provisioner",
"rancher/mirrored-coredns/coredns",
"rancher/mirrored-metrics-server"
],
"enabled": false
},
{
"description": "Critical core: PR opens with changelog but Viktor merges manually (deploy pipeline + SSO + DB operator). Some entries are no-ops if the image isn't pinned in this repo (ArgoCD bootstrap, authentik outpost images inherit chart defaults).",
"matchPackageNames": [
"gitea/gitea",
"quay.io/argoproj/argocd",
"ghcr.io/goauthentik/server",
"ghcr.io/goauthentik/ldap",
"ghcr.io/goauthentik/proxy",
"ghcr.io/cloudnative-pg/cloudnative-pg"
],
"automerge": false
},
{
"description": "termix: non-semver release- tag",
"matchPackageNames": ["ghcr.io/lukegus/termix"],
"versioning": "loose",
"extractVersion": "^release-(?<version>.+)$"
},
{
"description": "wanderer: db + web update together in one PR",
"matchPackageNames": ["flomp/wanderer-db", "flomp/wanderer-web"],
"groupName": "wanderer"
}
],
"labels": ["renovate"]
argocd-apps/homelab.yaml
+78
View File
@@ -47,6 +47,8 @@ spec:
server: https://kubernetes.default.svc
namespace: servarr-system
syncPolicy:
automated:
enabled: true
# Start with manual sync until you're comfortable
# automated:
# prune: true
@@ -82,6 +84,8 @@ spec:
server: https://kubernetes.default.svc
namespace: paperless-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -104,6 +108,8 @@ spec:
server: https://kubernetes.default.svc
namespace: actualbudget-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -126,6 +132,8 @@ spec:
server: https://kubernetes.default.svc
namespace: audiobookshelf-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -148,6 +156,8 @@ spec:
server: https://kubernetes.default.svc
namespace: bookstack-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -170,6 +180,8 @@ spec:
server: https://kubernetes.default.svc
namespace: immich-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -214,6 +226,8 @@ spec:
server: https://kubernetes.default.svc
namespace: nextcloud-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -236,6 +250,8 @@ spec:
server: https://kubernetes.default.svc
namespace: outline-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -258,6 +274,8 @@ spec:
server: https://kubernetes.default.svc
namespace: tandoor-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -280,6 +298,8 @@ spec:
server: https://kubernetes.default.svc
namespace: uptimekuma-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -302,6 +322,8 @@ spec:
server: https://kubernetes.default.svc
namespace: vaultwarden-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -369,6 +391,8 @@ spec:
server: https://kubernetes.default.svc
namespace: pihole-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
@@ -397,6 +421,8 @@ spec:
server: https://kubernetes.default.svc
namespace: mediaserver-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
---
@@ -418,6 +444,8 @@ spec:
server: https://kubernetes.default.svc
namespace: calibre-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -440,6 +468,8 @@ spec:
server: https://kubernetes.default.svc
namespace: adventurelog-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -592,6 +622,8 @@ spec:
server: https://kubernetes.default.svc
namespace: termix-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -614,6 +646,8 @@ spec:
server: https://kubernetes.default.svc
namespace: privatebin-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -636,6 +670,8 @@ spec:
server: https://kubernetes.default.svc
namespace: headlamp-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -658,6 +694,8 @@ spec:
server: https://kubernetes.default.svc
namespace: homepage-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -680,6 +718,8 @@ spec:
server: https://kubernetes.default.svc
namespace: code-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -702,6 +742,8 @@ spec:
server: https://kubernetes.default.svc
namespace: plantit-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -724,6 +766,8 @@ spec:
server: https://kubernetes.default.svc
namespace: fileshare-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -746,6 +790,8 @@ spec:
server: https://kubernetes.default.svc
namespace: arcade-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -768,6 +814,8 @@ spec:
server: https://kubernetes.default.svc
namespace: workout-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -790,6 +838,8 @@ spec:
server: https://kubernetes.default.svc
namespace: wanderer-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -812,6 +862,8 @@ spec:
server: https://kubernetes.default.svc
namespace: opengist-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -834,6 +886,8 @@ spec:
server: https://kubernetes.default.svc
namespace: zipline-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -856,6 +910,8 @@ spec:
server: https://kubernetes.default.svc
namespace: crafty-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -878,6 +934,8 @@ spec:
server: https://kubernetes.default.svc
namespace: booking-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -900,6 +958,8 @@ spec:
server: https://kubernetes.default.svc
namespace: web-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -922,6 +982,8 @@ spec:
server: https://kubernetes.default.svc
namespace: control-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -944,6 +1006,8 @@ spec:
server: https://kubernetes.default.svc
namespace: glance-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -967,6 +1031,10 @@ spec:
server: https://kubernetes.default.svc
namespace: version-checker-system
syncPolicy:
automated:
enabled: true
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
@@ -1033,6 +1101,8 @@ spec:
server: https://kubernetes.default.svc
namespace: orsi-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
@@ -1075,6 +1145,8 @@ spec:
server: https://kubernetes.default.svc
namespace: kisfenyo-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
@@ -1096,6 +1168,8 @@ spec:
server: https://kubernetes.default.svc
namespace: office-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
@@ -1118,6 +1192,10 @@ spec:
server: https://kubernetes.default.svc
namespace: jarrs-system
syncPolicy:
automated:
enabled: true
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
- PruneLast=true