diff --git a/QUICKSTART.md b/QUICKSTART.md index 03d2f07..7ae0322 100644 --- a/QUICKSTART.md +++ b/QUICKSTART.md @@ -143,6 +143,18 @@ docker exec renovate env | grep RENOVATE 3. Verify all 5 required keys are in Vault (especially `renovate_username`) 4. Ensure the endpoint URL ends with `/api/v1/` +**❌ If you see DNS resolution errors (ENOTFOUND):** +1. The container cannot resolve your Gitea hostname +2. Check DNS resolution from Docker host: + ```bash + dig @192.168.2.2 git.bsdserver.nl + ``` +3. Configure DNS servers in your deployment: + - Add to `terraform.tfvars`: `dns_servers = ["192.168.2.2"]` + - Or set in pipeline: `TF_VAR_dns_servers='["192.168.2.2"]'` +4. Verify the hostname is correct (e.g., `git.bsdserver.nl` not `gitea.bsdserver.nl`) +5. Alternative: Use IP address in Vault endpoint instead of hostname + ## Step 7: Add Renovate to a Test Repository 1. Navigate to a test repository in Gitea diff --git a/README.md b/README.md index c42fec8..26c2408 100644 --- a/README.md +++ b/README.md @@ -372,6 +372,10 @@ For repositories with Terraform code: ## Variables +### Terraform Variables + +These variables are defined in `variables.tf` and can be set via `terraform.tfvars` or environment variables: + | Variable | Description | Type | Default | Required | |----------|-------------|------|---------|----------| | `container_name` | Name of the Renovate container | `string` | `"renovate"` | No | @@ -382,19 +386,30 @@ For repositories with Terraform code: | `domain` | Domain name for the application | `string` | `"bsdserver.lan"` | No | | `dns_name` | DNS name for the Renovate service | `string` | `null` (uses container_name) | No | | `create_cname_record` | Whether to create a DNS CNAME record | `bool` | `false` | No | -| `renovate_platform` | Git platform to use (gitea, github, gitlab) | `string` | `"gitea"` | No | -| `renovate_endpoint` | API endpoint for the git platform | `string` | - | Yes | -| `renovate_token` | Personal access token for authentication | `string` | - | Yes | -| `renovate_git_author` | Git author for Renovate commits | `string` | `"Renovate Bot "` | No | -| `renovate_username` | Username of the Renovate bot account | `string` | `"renovate-bot"` | No | +| `dns_servers` | List of DNS servers for hostname resolution | `list(string)` | `[]` (uses Docker default) | No | | `renovate_autodiscover` | Enable autodiscovery of repositories | `bool` | `true` | No | -| `renovate_onboarding_config` | Onboarding configuration for Renovate | `string` | See variables.tf | No | +| `renovate_onboarding_config` | Onboarding configuration for Renovate (JSON string) | `string` | See variables.tf | No | | `github_com_token` | GitHub.com token for fetching changelogs | `string` | `""` | No | -| `log_level` | Log level for Renovate | `string` | `"info"` | No | -| `extra_env_vars` | Additional environment variables | `list(string)` | `[]` | No | +| `log_level` | Log level for Renovate (debug, info, warn, error) | `string` | `"debug"` | No | +| `extra_env_vars` | Additional environment variables for the container | `list(string)` | `[]` | No | | `upload_config_file` | Upload a config.js file to the container | `bool` | `true` | No | -| `role_id` | Vault AppRole Role ID | `string` | - | Yes | -| `secret_id` | Vault AppRole Secret ID | `string` | - | Yes | +| `role_id` | Vault AppRole Role ID for authentication | `string` | - | Yes | +| `secret_id` | Vault AppRole Secret ID for authentication | `string` | - | Yes | +| `vault_skip_tls_verify` | Skip TLS verification for Vault (self-signed certs) | `bool` | `true` | No | + +### Vault-Stored Configuration + +These values are **NOT** Terraform variables. They must be stored in HashiCorp Vault at path `secret/renovate`: + +| Vault Key | Description | Required | +|-----------|-------------|----------| +| `renovate_platform` | Git platform (must be "gitea") | Yes | +| `renovate_endpoint` | Gitea API endpoint (e.g., `https://git.example.com/api/v1/`) | Yes | +| `renovate_token` | Gitea Personal Access Token for the bot user | Yes | +| `renovate_git_author` | Git commit author (e.g., `"Renovate Bot "`) | Yes | +| `renovate_username` | Gitea username of the bot account (e.g., `"renovate-bot"`) | Yes | + +**See the "Store Credentials in Vault" section** in Gitea Bot Setup for complete instructions on storing these values. ## Outputs diff --git a/SUMMARY.md b/SUMMARY.md deleted file mode 100644 index 3c8d6e1..0000000 --- a/SUMMARY.md +++ /dev/null @@ -1,284 +0,0 @@ -# Module Transformation Summary - -## Overview - -Successfully transformed the `terraform-docker-renovate` module from an **Ansible Event-Driven Automation (EDA)** deployment to a **Renovate Bot** deployment for automated dependency management with Gitea integration. - -## Completion Status ✅ - -All tasks have been completed successfully: - -- ✅ Cleaned up `.terraform`, `.terraform.lock.hcl`, and state files -- ✅ Updated `main.tf` for Renovate container deployment -- ✅ Updated `variables.tf` with Renovate-specific configuration -- ✅ Created `config.js.tpl` template for Renovate configuration -- ✅ Updated `outputs.tf` to reflect Renovate outputs -- ✅ Updated `backend.tf` with new state file path -- ✅ Created comprehensive README.md documentation -- ✅ Removed old EDA documentation files -- ✅ Created example configuration files -- ✅ Created CHANGELOG.md and MIGRATION_GUIDE.md -- ✅ Formatted all Terraform code - -## Files Modified - -### Core Terraform Files - -1. **main.tf** - - Changed from Ansible EDA to Renovate container - - Updated volumes: `renovate-config` and `renovate-cache` - - Updated environment variables for Renovate - - Removed Traefik labels (Renovate doesn't need web access) - - Added config.js template upload functionality - -2. **variables.tf** - - Replaced all EDA-specific variables - - Added Renovate platform configuration variables: - - `renovate_platform` (default: "gitea") - - `renovate_endpoint` (required) - - `renovate_token` (required, sensitive) - - `renovate_git_author` - - `renovate_username` - - `renovate_autodiscover` - - `renovate_onboarding_config` - - `github_com_token` (optional) - - `restart_policy` - - `upload_config_file` - -3. **outputs.tf** - - Updated to output Renovate-specific information - - Added `config_volume` and `cache_volume` - - Added `renovate_platform` and `renovate_endpoint` - -4. **backend.tf** - - Updated state file path from `home/docker/ansible-eda/ansible-eda.tfstate` - - To: `home/docker/renovate/renovate.tfstate` - -5. **terraform.tfvars** - - Added Gitea configuration variables - - Added placeholder for `renovate_token` - - Updated with Renovate-specific settings - -### Documentation Files - -6. **README.md** (18,755 bytes) - - Complete rewrite for Renovate deployment - - Added Gitea bot setup instructions - - Included repository configuration examples - - Added troubleshooting guide - - Included CI/CD integration examples - - Added SonarQube integration section - - Security best practices - - Comprehensive usage examples - -7. **CHANGELOG.md** (NEW) - - Documents version 2.0.0 breaking changes - - Lists all modifications - - Includes migration notes - -8. **MIGRATION_GUIDE.md** (NEW) - - Detailed migration instructions - - Variable mapping table - - Step-by-step migration procedures - - Rollback procedures - - Troubleshooting section - -9. **SUMMARY.md** (THIS FILE) - - Overview of all changes - - Quick reference guide - -### Configuration Files - -10. **files/config.js.tpl** (NEW) - - Renovate configuration template - - Uses Terraform variables for dynamic configuration - - Supports Gitea platform integration - -11. **files/example-renovate.json** (NEW) - - Example repository-level configuration - - Shows Docker, Terraform, and Ansible support - - Includes automerge rules and scheduling examples - -12. **files/example-gitea-workflow.yaml** (NEW) - - Gitea Actions workflow example - - Shows scheduled and manual trigger options - - Includes container restart and logging commands - -### Files Removed - -- ❌ `files/example-rulebook.yml` - Ansible EDA specific -- ❌ `MIGRATION_SUMMARY.md` - Old documentation -- ❌ `DECISION_POINTS.md` - Old documentation -- ❌ `IMPLEMENTATION_PLAN.md` - Old documentation -- ❌ `.terraform/` directory - Cleaned up -- ❌ `.terraform.lock.hcl` - Cleaned up -- ❌ All `.tfstate*` files - Cleaned up - -### Files Unchanged - -- ✓ `provider.tf` - No changes needed -- ✓ `data.tf` - Still uses Traefik network (optional) -- ✓ `.gitignore` - Still valid - -## Key Features Implemented - -### 1. Gitea Integration -- Native Gitea platform support -- Personal Access Token authentication -- Autodiscovery of repositories -- Proper bot user configuration - -### 2. Configuration Management -- Template-based config.js generation -- Support for environment variable configuration -- Onboarding configuration -- Repository-level customization - -### 3. CI/CD Integration -- Gitea Actions workflow examples -- Pipeline configuration examples -- SonarQube integration support -- Automated scheduling options - -### 4. Security -- Sensitive variable handling -- Token security -- No privileged mode -- Resource limits -- Vault integration for DNS credentials - -### 5. Documentation -- Comprehensive README with examples -- Migration guide for existing users -- Changelog with version history -- Repository configuration examples -- Troubleshooting guides - -## Required Configuration - -Before deploying, you must: - -1. **Create Renovate Bot User in Gitea**: - - Username: `renovate-bot` - - Email: `renovate-bot@bsdserver.nl` - - Full name: "Renovate Bot" - -2. **Generate Personal Access Token** with scopes: - - `repo` (Read and Write) - - `user` (Read) - - `issue` (Read and Write) - - `organization` (Read) - -3. **Update terraform.tfvars**: - ```hcl - renovate_endpoint = "https://gitea.bsdserver.nl/api/v1/" - renovate_token = "your-actual-token-here" - renovate_git_author = "Renovate Bot " - renovate_username = "renovate-bot" - ``` - -4. **Initialize Terraform**: - ```bash - terraform init - terraform plan - terraform apply - ``` - -## Next Steps - -1. **Deploy the Module**: - ```bash - cd /path/to/terraform-docker-renovate - terraform init - terraform plan - terraform apply - ``` - -2. **Verify Deployment**: - ```bash - docker ps | grep renovate - docker logs renovate -f - ``` - -3. **Configure Repositories**: - - Add `renovate.json` to each repository - - Use `files/example-renovate.json` as a template - - Enable autodiscovery or add bot as collaborator - -4. **Set Up Scheduling**: - - Configure cron job - - Or use Gitea Actions workflow - - See `files/example-gitea-workflow.yaml` - -5. **Monitor and Test**: - - Wait for Renovate to create onboarding PRs - - Review and merge onboarding PRs - - Monitor dependency update PRs - -## Additional Resources - -- **Module README**: Comprehensive documentation with examples -- **Migration Guide**: Detailed migration instructions -- **Changelog**: Version history and breaking changes -- **Renovate Docs**: https://docs.renovatebot.com/ -- **Gitea Integration**: https://docs.renovatebot.com/modules/platform/gitea/ - -## Architecture - -``` - Gitea Instance - │ - │ API (v1) - ▼ - ┌─────────────────────────┐ - │ Renovate Container │ - │ - Platform: gitea │ - │ - Autodiscover: true │ - │ - Scheduled runs │ - └──────────┬──────────────┘ - │ - ▼ - ┌────────┴────────┐ - │ │ - ┌─────────▼────┐ ┌────────▼─────┐ - │ Config │ │ Cache │ - │ Volume │ │ Volume │ - └──────────────┘ └──────────────┘ -``` - -## Summary Statistics - -- **Files Modified**: 5 core Terraform files -- **Files Created**: 6 new files (docs + examples) -- **Files Removed**: 7 old files -- **Total Documentation**: ~30,000 words -- **Code Quality**: Formatted and validated -- **Breaking Changes**: Complete rewrite (v2.0.0) - -## Success Criteria ✅ - -All objectives have been met: - -- ✅ Module repurposed for Renovate deployment -- ✅ Gitea integration configured -- ✅ Pipeline steps documented -- ✅ SonarQube integration examples provided -- ✅ All documentation updated -- ✅ Old files cleaned up -- ✅ Examples and templates created -- ✅ Migration guide provided -- ✅ Code formatted and ready for deployment - -## Notes - -- The module is ready for deployment after updating `renovate_token` in `terraform.tfvars` -- State file path has changed - plan your migration accordingly -- This is a breaking change (v2.0.0) - not backward compatible -- Comprehensive documentation provided for all use cases -- Examples included for Docker, Terraform, and Ansible repositories - ---- - -**Module Version**: 2.0.0 -**Transformation Date**: 2024-11-17 -**Status**: ✅ Complete and Ready for Deployment