Add renovate + codeowners

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+# https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
+* @ahinko

.github/renovate.json5

@@ -0,0 +1,79 @@
+{
+    "extends": [
+        ":enableRenovate",
+        "config:base",
+        ":disableRateLimiting",
+        ":dependencyDashboard",
+        ":semanticCommits",
+        ":separatePatchReleases",
+        "docker:enableMajor",
+        ":enablePreCommit",
+        "github>ahinko/homelab//.github/renovate/groups.json5",
+        "github>ahinko/homelab//.github/renovate/labels.json5",
+        "github>ahinko/homelab//.github/renovate/regexManagers.json5",
+        "github>ahinko/homelab//.github/renovate/semanticCommits.json5",
+    ],
+    "platform": "github",
+    "username": "homeops-bot[bot]",
+    "repositories": ["ahinko/homelab"],
+    "timezone": "Europe/Stockholm",
+    "onboarding": false,
+    "requireConfig": false,
+    "gitAuthor": "homeops-bot <104016614+homeops-bot[bot]@users.noreply.github.com>",
+    "dependencyDashboardTitle": "🤖 Renovate Dashboard",
+    "suppressNotifications": [
+        "prIgnoreNotification"
+    ],
+    "rebaseWhen": "conflicted",
+    "commitBodyTable": true,
+    // set up ignored deps
+    "ignoreDeps": [
+        "ghcr.io/fluxcd/helm-controller",
+        "ghcr.io/fluxcd/image-automation-controller",
+        "ghcr.io/fluxcd/image-reflector-controller",
+        "ghcr.io/fluxcd/kustomize-controller",
+        "ghcr.io/fluxcd/notification-controller",
+        "ghcr.io/fluxcd/source-controller"
+    ],
+    "ignorePaths": [
+        "kubernetes/management/integrations/"
+    ],
+    // --
+    // Set up Renovate managers
+    // --
+    "docker-compose": {
+        "fileMatch": [
+            "(^|\/)docker-compose.*\\.yaml$",
+            ".task/.\\.yaml$"
+        ]
+    },
+    "flux": {
+        "fileMatch": [
+            "kubernetes/.+\\.yaml$"
+        ]
+    },
+    "helm-values": {
+        "fileMatch": [
+            "kubernetes/.+\\.yaml$",
+            ".task/.+\\.yaml$"
+        ]
+    },
+    "helmv3": {
+        "fileMatch": [
+            "charts/.+/Chart\\.yaml$"
+        ]
+    },
+    "kubernetes": {
+        "fileMatch": [
+            "kubernetes/.+\\.yaml$"
+        ]
+    },
+    "packageRules": [
+        {
+            "matchDatasources": [
+                "docker"
+            ],
+            "commitMessageExtra": "to {{newVersion}}"
+        },
+    ],
+}

.github/renovate/groups.json5

@@ -0,0 +1,28 @@
+{
+    "packageRules": [
+        {
+            "description": "Talos releases",
+            "matchDatasources": ["docker", "github-releases"],
+            "matchPackageNames": [
+                "ghcr.io/siderolabs/installer",
+                "siderolabs/talos"
+            ],
+            "groupName": "siderolabs/talos",
+            "additionalBranchPrefix": "",
+            "separateMinorPatch": true,
+        },
+        {
+            "description": "Kubernetes images",
+            "matchDatasources": ["docker"],
+            "matchPackageNames": [
+                "k8s.gcr.io/kube-apiserver",
+                "k8s.gcr.io/kube-controller-manager",
+                "k8s.gcr.io/kube-scheduler",
+                "ghcr.io/siderolabs/kubelet"
+            ],
+            "groupName": "kubernetes",
+            "additionalBranchPrefix": "",
+            "separateMinorPatch": true,
+        },
+    ]
+}

.github/renovate/labels.json5

@@ -0,0 +1,28 @@
+{
+    "packageRules": [
+      {
+        "matchUpdateTypes": ["major"],
+        "labels": ["type/major"]
+      },
+      {
+        "matchUpdateTypes": ["minor"],
+        "labels": ["type/minor"]
+      },
+      {
+        "matchUpdateTypes": ["patch"],
+        "labels": ["type/patch"]
+      },
+      {
+        "matchDatasources": ["docker"],
+        "addLabels": ["renovate/container"]
+      },
+      {
+        "matchDatasources": ["helm"],
+        "addLabels": ["renovate/helm"]
+      },
+      {
+        "matchDatasources": ["galaxy", "galaxy-collection"],
+        "addLabels": ["renovate/ansible"]
+      }
+    ]
+  }

.github/renovate/regexManagers.json5

@@ -0,0 +1,48 @@
+{
+    "regexManagers": [
+        {
+            "description": "Process Sidero configurations for Talos updates",
+            "fileMatch": [
+                "kubernetes/management/sidero-system/.+/.+\\.yaml$"
+            ],
+            "matchStrings": [
+                "https:\/\/github.com\/(?<depName>.*?)\/releases\/download\/(?<currentValue>.*)\/",
+                "depName=(?<depName>.*?)\n *talosVersion: (?<currentValue>.*)\n"
+            ],
+            "datasourceTemplate": "github-releases"
+        },
+        {
+            "description": "Process Sidero configurations for Talos updates",
+            "fileMatch": [
+                "kubernetes/management/sidero-system/.+/.+\\.yaml$",
+                ".taskfiles/sidero.yaml"
+            ],
+            "matchStrings": [
+                "\/image\n *value: (?<depName>.*?):(?<currentValue>.*)",
+                "depName=(?<depName>.*?)\n *version: (?<currentValue>.*)\n",
+                "--image (?<depName>.*?):(?<currentValue>.*)"
+            ],
+            "datasourceTemplate": "docker"
+        },
+        {
+            "description": "Process Cilium Quick Install for new versions",
+            "fileMatch": [
+                ".task/.+\\.yaml$"
+            ],
+            "matchStrings": [
+                "add (?<depName>.*?) (?<registryUrl>.*)\n .* --version (?<currentValue>.*) [a-z\/]* -f"
+            ],
+            "datasourceTemplate": "helm"
+        },
+        {
+            "description": "Process Kubelet Serving Cert Appriver",
+            "fileMatch": [
+                "kubernetes/management/sidero-system/serverclasses/.+\\.yaml$"
+            ],
+            "matchStrings": [
+                "depName=(?<depName>.*?)\n ([a-z0-9 .\\-\":\/\/]*)\/(?<currentValue>.*)\/deploy"
+            ],
+            "datasourceTemplate": "docker"
+        },
+    ],
+}

.github/renovate/semanticCommits.json5

@@ -0,0 +1,78 @@
+{
+    "packageRules": [
+      {
+        "matchDatasources": ["docker"],
+        "matchUpdateTypes": ["major"],
+        "commitMessagePrefix": "feat(container): "
+      },
+      {
+        "matchDatasources": ["docker"],
+        "matchUpdateTypes": ["minor"],
+        "semanticCommitType": "feat",
+        "semanticCommitScope": "container"
+      },
+      {
+        "matchDatasources": ["docker"],
+        "matchUpdateTypes": ["patch"],
+        "semanticCommitType": "fix",
+        "semanticCommitScope": "container"
+      },
+      {
+        "matchDatasources": ["helm"],
+        "matchUpdateTypes": ["major"],
+        "commitMessagePrefix": "feat(helm): "
+      },
+      {
+        "matchDatasources": ["helm"],
+        "matchUpdateTypes": ["minor"],
+        "semanticCommitType": "feat",
+        "semanticCommitScope": "helm"
+      },
+
+      {
+        "matchDatasources": ["helm"],
+        "matchUpdateTypes": ["patch"],
+        "semanticCommitType": "fix",
+        "semanticCommitScope": "helm"
+      },
+      {
+        "matchDatasources": ["galaxy"],
+        "matchUpdateTypes": ["major"],
+        "commitMessagePrefix": "feat(ansible): "
+      },
+      {
+        "matchDatasources": ["galaxy"],
+        "matchUpdateTypes": ["minor"],
+        "semanticCommitType": "feat",
+        "semanticCommitScope": "ansible"
+      },
+
+      {
+        "matchDatasources": ["galaxy"],
+        "matchUpdateTypes": ["patch"],
+        "semanticCommitType": "fix",
+        "semanticCommitScope": "ansible"
+      },
+      {
+        "matchDatasources": ["terraform-provider"],
+        "matchUpdateTypes": ["major"],
+        "commitMessagePrefix": "feat(terraform)!: "
+      },
+      {
+        "matchDatasources": ["terraform-provider"],
+        "matchUpdateTypes": ["minor"],
+        "semanticCommitType": "feat",
+        "semanticCommitScope": "terraform"
+      },
+      {
+        "matchDatasources": ["terraform-provider"],
+        "matchUpdateTypes": ["patch"],
+        "semanticCommitType": "fix",
+        "semanticCommitScope": "terraform"
+      },
+      {
+        "matchManagers": ["github-actions"],
+        "semanticCommitType": "ci"
+      }
+    ]
+  }

.github/workflows/schedule-renovate.yaml

@@ -0,0 +1,54 @@
+---
+
+name: Schedule - Renovate
+
+on: # yamllint disable-line rule:truthy
+  workflow_dispatch:
+    inputs:
+      dryRun:
+        description: "Dry-Run"
+        default: "false"
+        required: false
+      logLevel:
+        description: "Log-Level"
+        default: "debug"
+        required: false
+  schedule:
+    - cron: "0 * * * *"
+  push:
+    branches:
+      - main
+    paths:
+      - ".github/renovate.json5"
+      - ".github/renovate/**.json5"
+
+env:
+  LOG_LEVEL: warn
+  DRY_RUN: false
+
+jobs:
+  renovate:
+    name: Renovate
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Verify Renovate Configuration
+        uses: tj-actions/renovate-config-validator@v1.3
+        with:
+          config-file: .github/renovate.json5
+      - name: Generate Token
+        uses: tibdex/github-app-token@v1
+        id: generate-token
+        with:
+          app_id: "${{ secrets.HOMEOPS_BOT_APP_ID }}"
+          private_key: "${{ secrets.HOMEOPS_BOT_PRIVATE_KEY }}"
+      - name: Override default config from dispatch variables
+        run: |
+          echo "DRY_RUN=${{ github.event.inputs.dryRun || env.DRY_RUN }}" >> "${GITHUB_ENV}"
+          echo "LOG_LEVEL=${{ github.event.inputs.logLevel || env.LOG_LEVEL }}" >> "${GITHUB_ENV}"
+      - name: Renovate
+        uses: renovatebot/github-action@v32.48.0
+        with:
+          configurationFile: .github/renovate.json5
+          token: "x-access-token:${{ steps.generate-token.outputs.token }}"