apiVersion: v1
kind: ConfigMap
metadata:
  name: renovate-config
  namespace: infra
data:
  config.js: |
    module.exports = {
      platform: "gitea",
      endpoint: "https://git.dvirlabs.com/api/v1/",
      gitAuthor: "Renovate Bot <renovate@dvirlabs.com>",

      repositories: [
        "dvirlabs/infra",
        "dvirlabs/dev-tools",
        "dvirlabs/my-apps",
        "dvirlabs/observability-stack",
        "dvirlabs/ai-stack"
      ],

      onboarding: false,
      requireConfig: "required",

      dependencyDashboard: true,

      prHourlyLimit: 2,
      prConcurrentLimit: 5,

      automerge: false,

      labels: ["renovate"],

      hostRules: [
        {
          hostType: "docker",
          matchHost: "index.docker.io",
          username: process.env.DOCKERHUB_USERNAME,
          password: process.env.DOCKERHUB_TOKEN
        },
        {
          hostType: "docker",
          matchHost: "registry-1.docker.io",
          username: process.env.DOCKERHUB_USERNAME,
          password: process.env.DOCKERHUB_TOKEN
        },
        {
          hostType: "docker",
          matchHost: "docker.io",
          username: process.env.DOCKERHUB_USERNAME,
          password: process.env.DOCKERHUB_TOKEN
        }
      ],

      enabledManagers: [
        "dockerfile",
        "docker-compose",
        "helmv3",
        "helm-values",
        "kubernetes",
        "npm",
        "pip_requirements"
      ],

      kubernetes: {
        managerFilePatterns: [
          "/(^|/)manifests/.+\\.ya?ml$/",
          "/(^|/)k8s/.+\\.ya?ml$/",
          "/(^|/)apps/.+\\.ya?ml$/",
          "/(^|/)charts/.+\\.ya?ml$/",
          "/(^|/)raw-resources-.+/.+\\.ya?ml$/"
        ]
      },

      packageRules: [
        {
          matchDatasources: ["docker"],
          addLabels: ["docker-image"]
        },
        {
          matchManagers: ["helmv3", "helm-values"],
          addLabels: ["helm"]
        },
        {
          matchManagers: ["kubernetes"],
          addLabels: ["kubernetes"]
        },
        {
          matchUpdateTypes: ["major"],
          addLabels: ["major-update"]
        },
        {
          matchUpdateTypes: ["minor"],
          addLabels: ["minor-update"]
        },
        {
          matchUpdateTypes: ["patch"],
          addLabels: ["patch-update"]
        }
      ]
    };

---
apiVersion: batch/v1
kind: CronJob
metadata:
  name: renovate
  namespace: infra
spec:
  schedule: "0 3 * * *"
  concurrencyPolicy: Forbid
  successfulJobsHistoryLimit: 1
  failedJobsHistoryLimit: 1
  jobTemplate:
    spec:
      ttlSecondsAfterFinished: 300
      backoffLimit: 1
      template:
        spec:
          restartPolicy: Never
          containers:
            - name: renovate
              image: renovate/renovate:latest
              imagePullPolicy: IfNotPresent
              env:
                - name: RENOVATE_CONFIG_FILE
                  value: /usr/src/app/config.js

                - name: RENOVATE_TOKEN
                  valueFrom:
                    secretKeyRef:
                      name: renovate-secret
                      key: RENOVATE_TOKEN

                - name: DOCKERHUB_USERNAME
                  valueFrom:
                    secretKeyRef:
                      name: renovate-secret
                      key: DOCKERHUB_USERNAME

                - name: DOCKERHUB_TOKEN
                  valueFrom:
                    secretKeyRef:
                      name: renovate-secret
                      key: DOCKERHUB_TOKEN

                - name: LOG_LEVEL
                  value: info

              volumeMounts:
                - name: config
                  mountPath: /usr/src/app/config.js
                  subPath: config.js

          volumes:
            - name: config
              configMap:
                name: renovate-config