Lumpiasty/mikrotik-tailscale
1
0
Fork 0
Code Issues 1 Pull Requests 2 Packages Projects Releases Wiki Activity

automerge tailscale + component patch updates behind a PR build
ci/woodpecker/push/release-tag Pipeline was successful
Details
ci/woodpecker/push/pr-build Pipeline was successful
Details

Browse Source 
Add .woodpecker/pr-build.yaml: builds all three arches (dry-run, no push)
on PRs and pushes to main, reporting status to Gitea. This is the gate
for automerge.

renovate.json automerge rules (platformAutomerge, merged only after the
PR build passes):
- tailscale stable patch AND minor
- Go/Alpine/busybox PATCH only
- base-image digest refreshes
Minor/major of build deps and tooling stay manual.

Move pinDigests into a dockerfile packageRule (top-level dockerfile.* is
deprecated). Document the automerge policy and its caveat (PR build proves
build-only, not runtime) in DESIGN.md.
This commit is contained in:
Lumpiasty
2026-05-29 15:49:47 +02:00
parent 7d1b9f99a5
commit ea0d90d8f0
3 changed files with 78 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
renovate.json
+28 -4
View File
@@ -7,10 +7,12 @@
],
"labels": ["dependencies"],
"rebaseWhen": "behind-base-branch",
"dockerfile": {
"pinDigests": true
},
"packageRules": [
{
"matchManagers": ["dockerfile"],
"description": "Keep base-image tags pinned to a digest.",
"pinDigests": true
},
{
"matchDatasources": ["github-releases"],
"matchPackageNames": ["tailscale/tailscale"],
@@ -18,6 +20,28 @@
"extractVersion": "^v(?<version>\\d+\\.\\d+\\.\\d+)$",
"allowedVersions": "/^\\d+\\.\\d*[02468]\\.\\d+$/",
"ignoreUnstable": true
},
{
"matchDatasources": ["github-releases"],
"matchPackageNames": ["tailscale/tailscale"],
"description": "Automerge all stable Tailscale releases (patch AND minor) once the PR build passes.",
"matchUpdateTypes": ["minor", "patch"],
"automerge": true
},
{
"matchManagers": ["dockerfile"],
"matchPackageNames": ["golang", "alpine", "busybox"],
"description": "Automerge PATCH-only bumps of build components (Go/Alpine/busybox) once the PR build passes; review minor/major manually.",
"matchUpdateTypes": ["patch"],
"automerge": true
},
{
"matchManagers": ["dockerfile"],
"matchUpdateTypes": ["digest", "pinDigest"],
"description": "Automerge base-image digest refreshes (same tag, new sha256) once the PR build passes.",
"automerge": true
}
]
],
"automergeType": "pr",
"platformAutomerge": true
}