ci(renovate): add renovate for cyclonedx (#5400)

Co-authored-by: Googlom <36107508+Googlom@users.noreply.github.com>
2025-09-16 09:26:22 +02:00 · 2025-07-16 14:16:25 +03:00
parent 0cdbf782e2
commit f8b14a01da
4 changed files with 93 additions and 11 deletions
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -3,10 +3,6 @@
    "extends": [
        "config:base"
    ],
-    "ignorePaths": [
-        "integration/testdata/**",
-        "test/resources/**"
-    ],
    "labels": [
        "dependencies"
    ],
@@ -14,7 +10,11 @@
        {
            "description": "Create PRs to roll back Go module if the current version is not found in the registry.",
            "matchManagers": ["gomod"],
-            "rollbackPrs": true
+            "rollbackPrs": true,
+            "matchPaths": [
+                "!integration/testdata/**",
+                "!test/resources/**"
+            ]
        },
        {
            "description": "Automerge patch version updates for Go modules (except versions 0.x as they could have breaking changes)",
@@ -22,7 +22,88 @@
            "matchUpdateTypes": ["patch"],
            "matchCurrentVersion": "!/^(v?0)/",
            "automerge": true,
-            "addLabels": ["renovate-automerge"]
+            "addLabels": ["renovate-automerge"],
+            "matchPaths": [
+                "!integration/testdata/**",
+                "!test/resources/**"
+            ]
+        }
+    ],
+    "customManagers": [
+        {
+            "customType": "regex",
+            "matchStringsStrategy": "any",
+            "managerFilePatterns": [
+                "cmd\/golangBuild.go"
+            ],
+            "matchStrings": [
+                "\"github.com\/CycloneDX\/(?<depName>cyclonedx-gomod)\/cmd\/cyclonedx-gomod@v(?<currentValue>[^\"]+)\""
+            ],
+            "depTypeTemplate": "dependencies",
+            "datasourceTemplate": "github-releases",
+            "depNameTemplate": "CycloneDX/{{{depName}}}",
+            "extractVersionTemplate": "v(?<version>.*)",
+            "autoReplaceStringTemplate": "\"github.com/{{{depName}}}/cmd/cyclonedx-gomod@v{{{newValue}}}\""
+        },
+        {
+            "customType": "regex",
+            "matchStringsStrategy": "any",
+            "managerFilePatterns": [
+                "cmd\/gradleExecuteBuild.go"
+            ],
+            "matchStrings": [
+                "\"org.cyclonedx:(?<depName>cyclonedx-gradle-plugin):(?<currentValue>[^\"\n]+)\""
+            ],
+            "depTypeTemplate": "dependencies",
+            "datasourceTemplate": "gradle-version",
+            "depNameTemplate": "org.cyclonedx:{{{depName}}}",
+            "extractVersionTemplate": "^(?<version>.*)",
+            "autoReplaceStringTemplate": "\"{{{depName}}}:{{{newValue}}}\""
+        },
+        {
+            "customType": "regex",
+            "matchStringsStrategy": "any",
+            "managerFilePatterns": [
+                "cmd\/mavenBuild.go"
+            ],
+            "matchStrings": [
+                "\"org.cyclonedx:(?<depName>cyclonedx-maven-plugin):(?<currentValue>[^\"]+)\""
+            ],
+            "depTypeTemplate": "dependencies",
+            "datasourceTemplate": "maven",
+            "depNameTemplate": "org.cyclonedx:{{{depName}}}",
+            "extractVersionTemplate": "^(?<version>.*)",
+            "autoReplaceStringTemplate": "\"{{{depName}}}:{{{newValue}}}\""
+        },
+        {
+            "customType": "regex",
+            "matchStringsStrategy": "any",
+            "managerFilePatterns": [
+                "integration\/testdata\/TestGradleIntegration\/java-project-with-bom-plugin\/build.gradle"
+            ],
+            "matchStrings": [
+                "id \"(?<depName>org.cyclonedx.bom)\" version \"(?<currentValue>.*)\""
+            ],
+            "depTypeTemplate": "dependencies",
+            "datasourceTemplate": "gradle-version",
+            "depNameTemplate": "{{depName}}",
+            "extractVersionTemplate": "(?<version>.*)",
+            "autoReplaceStringTemplate": "id \"{{depName}}\" version \"{{newValue}}\""
+        },
+        {
+            "customType": "regex",
+            "matchStringsStrategy": "any",
+            "managerFilePatterns": [
+                "integration\/integration_golang_test.go"
+            ],
+            "matchStrings": [
+                "\"github.com\/CycloneDX\/(?<depName>cyclonedx-gomod)\/cmd\/cyclonedx-gomod@v(?<currentValue>[^\"]+)\""
+            ],
+            "depTypeTemplate": "dependencies",
+            "datasourceTemplate": "github-releases",
+            "depNameTemplate": "CycloneDX/{{{depName}}}",
+            "extractVersionTemplate": "v(?<version>.*)",
+            "autoReplaceStringTemplate": "\"github.com/{{{depName}}}/cmd/cyclonedx-gomod@v{{{newValue}}}\""
        }
    ],
    "postUpdateOptions": [
--- a/cmd/golangBuild_test.go
+++ b/cmd/golangBuild_test.go
@@ -284,7 +284,7 @@ go 1.17`
 		assert.NoError(t, err)
 		assert.Equal(t, 3, len(utils.ExecMockRunner.Calls))
 		assert.Equal(t, "go", utils.ExecMockRunner.Calls[0].Exec)
-		assert.Equal(t, []string{"install", "github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@v1.9.0"}, utils.ExecMockRunner.Calls[0].Params)
+		assert.Equal(t, []string{"install", golangCycloneDXPackage}, utils.ExecMockRunner.Calls[0].Params)
 		assert.Equal(t, "cyclonedx-gomod", utils.ExecMockRunner.Calls[1].Exec)
 		assert.Equal(t, []string{"mod", "-licenses", "-verbose=false", "-test", "-output", "bom-golang.xml", "-output-version", "1.4"}, utils.ExecMockRunner.Calls[1].Params)
 		assert.Equal(t, "go", utils.ExecMockRunner.Calls[2].Exec)
@@ -330,7 +330,7 @@ go 1.17`
 			CreateBOM: true,
 		}
 		utils := newGolangBuildTestsUtils()
-		utils.ShouldFailOnCommand = map[string]error{"go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@v1.9.0": fmt.Errorf("install failure")}
+		utils.ShouldFailOnCommand = map[string]error{"go install " + golangCycloneDXPackage: fmt.Errorf("install failure")}
 		telemetryData := telemetry.CustomData{}

 		err := runGolangBuild(&config, &telemetryData, utils, &cpe)
--- a/cmd/mavenBuild.go
+++ b/cmd/mavenBuild.go
@@ -24,6 +24,7 @@ import (
 const (
 	mvnBomFilename       = "bom-maven"
 	mvnSimpleBomFilename = "simple-bom-maven"
+	mvnCycloneDXPackage  = "org.cyclonedx:cyclonedx-maven-plugin:2.9.1"
 )

 func mavenBuild(config mavenBuildOptions, telemetryData *telemetry.CustomData, commonPipelineEnvironment *mavenBuildCommonPipelineEnvironment) {
@@ -66,7 +67,7 @@ func runMakeBOMGoal(config *mavenBuildOptions, utils maven.Utils) error {
 	}
 	defines = append(defines, createBOMConfig...)

-	goals := []string{"org.cyclonedx:cyclonedx-maven-plugin:2.9.1:makeBom"}
+	goals := []string{mvnCycloneDXPackage + ":makeBom"}

 	if config.Flatten {
 		goals = append(goals, "flatten:flatten")
@@ -110,7 +111,7 @@ func runMavenBuild(config *mavenBuildOptions, _ *telemetry.CustomData, utils mav

 	if config.CreateBOM {
 		// Append the makeAggregateBOM goal to the rest of the goals
-		goals = append(goals, "org.cyclonedx:cyclonedx-maven-plugin:2.9.1:makeAggregateBom")
+		goals = append(goals, mvnCycloneDXPackage+":makeAggregateBom")
 		createBOMConfig := []string{
 			"-DschemaVersion=1.4",
 			"-DincludeBomSerialNumber=true",
--- a/cmd/mavenBuild_test.go
+++ b/cmd/mavenBuild_test.go
@@ -57,7 +57,7 @@ func TestMavenBuild(t *testing.T) {
 		assert.Nil(t, err)
 		if assert.Equal(t, 2, len(mockedUtils.Calls), "Expected two Maven invocations (default + makeAggregateBom)") {
 			assert.Equal(t, "mvn", mockedUtils.Calls[1].Exec)
-			assert.Contains(t, mockedUtils.Calls[0].Params, "org.cyclonedx:cyclonedx-maven-plugin:2.9.1:makeAggregateBom")
+			assert.Contains(t, mockedUtils.Calls[0].Params, mvnCycloneDXPackage+":makeAggregateBom")
 			assert.Contains(t, mockedUtils.Calls[0].Params, "-DoutputName=bom-maven")
 		}
 	})