wbyc/terraform-docker-renovate
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: Clean up documentation - remove stale content and fix inconsistencies
All checks were successful
Code Quality & Security Scan / TFLint (push) Successful in 19s
Details
Code Quality & Security Scan / Terraform Destroy (push) Has been skipped
Details
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 28s
Details
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 41s
Details
Code Quality & Security Scan / Terraform Validate (push) Successful in 36s
Details
Code Quality & Security Scan / SonarQube Scan (push) Successful in 41s
Details
Code Quality & Security Scan / Terraform Plan (push) Successful in 1m20s
Details
Code Quality & Security Scan / Terraform Apply (push) Successful in 1m18s
Details

Browse Source 
Comprehensive documentation cleanup to align with current implementation
and remove outdated/confusing content.

DELETED:
- SUMMARY.md - Historical migration document from Ansible EDA to Renovate
  (migration is complete, document no longer needed)

UPDATED README.md Variables Section:
- Split into "Terraform Variables" and "Vault-Stored Configuration" sections
- Removed 5 incorrectly documented variables that are actually stored in Vault:
  * renovate_platform, renovate_endpoint, renovate_token
  * renovate_git_author, renovate_username
- Added missing variable documentation:
  * dns_servers (list of DNS servers for hostname resolution)
  * vault_skip_tls_verify (skip TLS verification for Vault)
- Fixed log_level default value: "info" → "debug" (matches variables.tf)
- Added clear explanation that Vault keys are NOT Terraform variables
- Added reference to "Store Credentials in Vault" section

UPDATED QUICKSTART.md Troubleshooting:
- Added DNS resolution error troubleshooting section
- Documents ENOTFOUND errors and how to resolve them
- Provides diagnostic commands (dig @DNS_SERVER hostname)
- Shows how to configure dns_servers variable
- Explains hostname verification (git.bsdserver.nl vs gitea.bsdserver.nl)
- Provides alternative solution (use IP address instead of hostname)

These changes ensure documentation accurately reflects:
- Current implementation (Vault-based credential storage)
- All available configuration options (including dns_servers)
- Correct default values
- Clear separation between TF vars and Vault-stored config
- Complete troubleshooting guidance for common issues
This commit is contained in:
Patrick de Ruiter 2025-11-20 11:07:27 +01:00
parent 56e15bd594
commit 77e6102b0c
Signed by: pderuiter
GPG Key ID: 5EBA7F21CF583321
3 changed files with 37 additions and 294 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
QUICKSTART.md
View File

@ -143,6 +143,18 @@ docker exec renovate env | grep RENOVATE
3. Verify all 5 required keys are in Vault (especially `renovate_username`)
4. Ensure the endpoint URL ends with `/api/v1/`
**❌ If you see DNS resolution errors (ENOTFOUND):**
1. The container cannot resolve your Gitea hostname
2. Check DNS resolution from Docker host:
```bash
dig @192.168.2.2 git.bsdserver.nl
```
3. Configure DNS servers in your deployment:
- Add to `terraform.tfvars`: `dns_servers = ["192.168.2.2"]`
- Or set in pipeline: `TF_VAR_dns_servers='["192.168.2.2"]'`
4. Verify the hostname is correct (e.g., `git.bsdserver.nl` not `gitea.bsdserver.nl`)
5. Alternative: Use IP address in Vault endpoint instead of hostname
## Step 7: Add Renovate to a Test Repository
1. Navigate to a test repository in Gitea

35
README.md
View File

@ -372,6 +372,10 @@ For repositories with Terraform code:
## Variables
### Terraform Variables
These variables are defined in `variables.tf` and can be set via `terraform.tfvars` or environment variables:
| Variable | Description | Type | Default | Required |
|----------|-------------|------|---------|----------|
| `container_name` | Name of the Renovate container | `string` | `"renovate"` | No |
@ -382,19 +386,30 @@ For repositories with Terraform code:
| `domain` | Domain name for the application | `string` | `"bsdserver.lan"` | No |
| `dns_name` | DNS name for the Renovate service | `string` | `null` (uses container_name) | No |
| `create_cname_record` | Whether to create a DNS CNAME record | `bool` | `false` | No |
| `renovate_platform` | Git platform to use (gitea, github, gitlab) | `string` | `"gitea"` | No |
| `renovate_endpoint` | API endpoint for the git platform | `string` | - | Yes |
| `renovate_token` | Personal access token for authentication | `string` | - | Yes |
| `renovate_git_author` | Git author for Renovate commits | `string` | `"Renovate Bot <renovate-bot@example.com>"` | No |
| `renovate_username` | Username of the Renovate bot account | `string` | `"renovate-bot"` | No |
| `dns_servers` | List of DNS servers for hostname resolution | `list(string)` | `[]` (uses Docker default) | No |
| `renovate_autodiscover` | Enable autodiscovery of repositories | `bool` | `true` | No |
| `renovate_onboarding_config` | Onboarding configuration for Renovate | `string` | See variables.tf | No |
| `renovate_onboarding_config` | Onboarding configuration for Renovate (JSON string) | `string` | See variables.tf | No |
| `github_com_token` | GitHub.com token for fetching changelogs | `string` | `""` | No |
| `log_level` | Log level for Renovate | `string` | `"info"` | No |
| `extra_env_vars` | Additional environment variables | `list(string)` | `[]` | No |
| `log_level` | Log level for Renovate (debug, info, warn, error) | `string` | `"debug"` | No |
| `extra_env_vars` | Additional environment variables for the container | `list(string)` | `[]` | No |
| `upload_config_file` | Upload a config.js file to the container | `bool` | `true` | No |
| `role_id` | Vault AppRole Role ID | `string` | - | Yes |
| `secret_id` | Vault AppRole Secret ID | `string` | - | Yes |
| `role_id` | Vault AppRole Role ID for authentication | `string` | - | Yes |
| `secret_id` | Vault AppRole Secret ID for authentication | `string` | - | Yes |
| `vault_skip_tls_verify` | Skip TLS verification for Vault (self-signed certs) | `bool` | `true` | No |
### Vault-Stored Configuration
These values are **NOT** Terraform variables. They must be stored in HashiCorp Vault at path `secret/renovate`:
| Vault Key | Description | Required |
|-----------|-------------|----------|
| `renovate_platform` | Git platform (must be "gitea") | Yes |
| `renovate_endpoint` | Gitea API endpoint (e.g., `https://git.example.com/api/v1/`) | Yes |
| `renovate_token` | Gitea Personal Access Token for the bot user | Yes |
| `renovate_git_author` | Git commit author (e.g., `"Renovate Bot <bot@example.com>"`) | Yes |
| `renovate_username` | Gitea username of the bot account (e.g., `"renovate-bot"`) | Yes |
**See the "Store Credentials in Vault" section** in Gitea Bot Setup for complete instructions on storing these values.
## Outputs

284
SUMMARY.md
View File

@ -1,284 +0,0 @@
# Module Transformation Summary
## Overview
Successfully transformed the `terraform-docker-renovate` module from an **Ansible Event-Driven Automation (EDA)** deployment to a **Renovate Bot** deployment for automated dependency management with Gitea integration.
## Completion Status ✅
All tasks have been completed successfully:
- ✅ Cleaned up `.terraform`, `.terraform.lock.hcl`, and state files
- ✅ Updated `main.tf` for Renovate container deployment
- ✅ Updated `variables.tf` with Renovate-specific configuration
- ✅ Created `config.js.tpl` template for Renovate configuration
- ✅ Updated `outputs.tf` to reflect Renovate outputs
- ✅ Updated `backend.tf` with new state file path
- ✅ Created comprehensive README.md documentation
- ✅ Removed old EDA documentation files
- ✅ Created example configuration files
- ✅ Created CHANGELOG.md and MIGRATION_GUIDE.md
- ✅ Formatted all Terraform code
## Files Modified
### Core Terraform Files
1. **main.tf**
- Changed from Ansible EDA to Renovate container
- Updated volumes: `renovate-config` and `renovate-cache`
- Updated environment variables for Renovate
- Removed Traefik labels (Renovate doesn't need web access)
- Added config.js template upload functionality
2. **variables.tf**
- Replaced all EDA-specific variables
- Added Renovate platform configuration variables:
- `renovate_platform` (default: "gitea")
- `renovate_endpoint` (required)
- `renovate_token` (required, sensitive)
- `renovate_git_author`
- `renovate_username`
- `renovate_autodiscover`
- `renovate_onboarding_config`
- `github_com_token` (optional)
- `restart_policy`
- `upload_config_file`
3. **outputs.tf**
- Updated to output Renovate-specific information
- Added `config_volume` and `cache_volume`
- Added `renovate_platform` and `renovate_endpoint`
4. **backend.tf**
- Updated state file path from `home/docker/ansible-eda/ansible-eda.tfstate`
- To: `home/docker/renovate/renovate.tfstate`
5. **terraform.tfvars**
- Added Gitea configuration variables
- Added placeholder for `renovate_token`
- Updated with Renovate-specific settings
### Documentation Files
6. **README.md** (18,755 bytes)
- Complete rewrite for Renovate deployment
- Added Gitea bot setup instructions
- Included repository configuration examples
- Added troubleshooting guide
- Included CI/CD integration examples
- Added SonarQube integration section
- Security best practices
- Comprehensive usage examples
7. **CHANGELOG.md** (NEW)
- Documents version 2.0.0 breaking changes
- Lists all modifications
- Includes migration notes
8. **MIGRATION_GUIDE.md** (NEW)
- Detailed migration instructions
- Variable mapping table
- Step-by-step migration procedures
- Rollback procedures
- Troubleshooting section
9. **SUMMARY.md** (THIS FILE)
- Overview of all changes
- Quick reference guide
### Configuration Files
10. **files/config.js.tpl** (NEW)
- Renovate configuration template
- Uses Terraform variables for dynamic configuration
- Supports Gitea platform integration
11. **files/example-renovate.json** (NEW)
- Example repository-level configuration
- Shows Docker, Terraform, and Ansible support
- Includes automerge rules and scheduling examples
12. **files/example-gitea-workflow.yaml** (NEW)
- Gitea Actions workflow example
- Shows scheduled and manual trigger options
- Includes container restart and logging commands
### Files Removed
- ❌ `files/example-rulebook.yml` - Ansible EDA specific
- ❌ `MIGRATION_SUMMARY.md` - Old documentation
- ❌ `DECISION_POINTS.md` - Old documentation
- ❌ `IMPLEMENTATION_PLAN.md` - Old documentation
- ❌ `.terraform/` directory - Cleaned up
- ❌ `.terraform.lock.hcl` - Cleaned up
- ❌ All `.tfstate*` files - Cleaned up
### Files Unchanged
- ✓ `provider.tf` - No changes needed
- ✓ `data.tf` - Still uses Traefik network (optional)
- ✓ `.gitignore` - Still valid
## Key Features Implemented
### 1. Gitea Integration
- Native Gitea platform support
- Personal Access Token authentication
- Autodiscovery of repositories
- Proper bot user configuration
### 2. Configuration Management
- Template-based config.js generation
- Support for environment variable configuration
- Onboarding configuration
- Repository-level customization
### 3. CI/CD Integration
- Gitea Actions workflow examples
- Pipeline configuration examples
- SonarQube integration support
- Automated scheduling options
### 4. Security
- Sensitive variable handling
- Token security
- No privileged mode
- Resource limits
- Vault integration for DNS credentials
### 5. Documentation
- Comprehensive README with examples
- Migration guide for existing users
- Changelog with version history
- Repository configuration examples
- Troubleshooting guides
## Required Configuration
Before deploying, you must:
1. **Create Renovate Bot User in Gitea**:
- Username: `renovate-bot`
- Email: `renovate-bot@bsdserver.nl`
- Full name: "Renovate Bot"
2. **Generate Personal Access Token** with scopes:
- `repo` (Read and Write)
- `user` (Read)
- `issue` (Read and Write)
- `organization` (Read)
3. **Update terraform.tfvars**:
```hcl
renovate_endpoint = "https://gitea.bsdserver.nl/api/v1/"
renovate_token = "your-actual-token-here"
renovate_git_author = "Renovate Bot <renovate-bot@bsdserver.nl>"
renovate_username = "renovate-bot"
```
4. **Initialize Terraform**:
```bash
terraform init
terraform plan
terraform apply
```
## Next Steps
1. **Deploy the Module**:
```bash
cd /path/to/terraform-docker-renovate
terraform init
terraform plan
terraform apply
```
2. **Verify Deployment**:
```bash
docker ps | grep renovate
docker logs renovate -f
```
3. **Configure Repositories**:
- Add `renovate.json` to each repository
- Use `files/example-renovate.json` as a template
- Enable autodiscovery or add bot as collaborator
4. **Set Up Scheduling**:
- Configure cron job
- Or use Gitea Actions workflow
- See `files/example-gitea-workflow.yaml`
5. **Monitor and Test**:
- Wait for Renovate to create onboarding PRs
- Review and merge onboarding PRs
- Monitor dependency update PRs
## Additional Resources
- **Module README**: Comprehensive documentation with examples
- **Migration Guide**: Detailed migration instructions
- **Changelog**: Version history and breaking changes
- **Renovate Docs**: https://docs.renovatebot.com/
- **Gitea Integration**: https://docs.renovatebot.com/modules/platform/gitea/
## Architecture
```
Gitea Instance
│ API (v1)
┌─────────────────────────┐
│ Renovate Container │
│ - Platform: gitea │
│ - Autodiscover: true │
│ - Scheduled runs │
└──────────┬──────────────┘
┌────────┴────────┐
│ │
┌─────────▼────┐ ┌────────▼─────┐
│ Config │ │ Cache │
│ Volume │ │ Volume │
└──────────────┘ └──────────────┘
```
## Summary Statistics
- **Files Modified**: 5 core Terraform files
- **Files Created**: 6 new files (docs + examples)
- **Files Removed**: 7 old files
- **Total Documentation**: ~30,000 words
- **Code Quality**: Formatted and validated
- **Breaking Changes**: Complete rewrite (v2.0.0)
## Success Criteria ✅
All objectives have been met:
- ✅ Module repurposed for Renovate deployment
- ✅ Gitea integration configured
- ✅ Pipeline steps documented
- ✅ SonarQube integration examples provided
- ✅ All documentation updated
- ✅ Old files cleaned up
- ✅ Examples and templates created
- ✅ Migration guide provided
- ✅ Code formatted and ready for deployment
## Notes
- The module is ready for deployment after updating `renovate_token` in `terraform.tfvars`
- State file path has changed - plan your migration accordingly
- This is a breaking change (v2.0.0) - not backward compatible
- Comprehensive documentation provided for all use cases
- Examples included for Docker, Terraform, and Ansible repositories
---
**Module Version**: 2.0.0
**Transformation Date**: 2024-11-17
**Status**: ✅ Complete and Ready for Deployment