Setup renovate for dist-workspace.toml

2025-08-04 18:58:04 +00:00 · 2025-06-23 08:32:58 +02:00 · 2025-06-23 08:32:58 +02:00 · daa385c1a9
commit daa385c1a9
parent 01d9312529
3 changed files with 42 additions and 17 deletions
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@ -16,7 +16,7 @@
  pep621: {
    // The default for this package manager is to only search for `pyproject.toml` files
    // found at the repository root: https://docs.renovatebot.com/modules/manager/pep621/#file-matching
-    fileMatch: ["^(python|scripts)/.*pyproject\\.toml$"],
+    managerFilePatterns: ["/^(python|scripts)/.*pyproject\\.toml$/"],
  },
  pip_requirements: {
    // The default for this package manager is to run on all requirements.txt files:
@ -34,12 +34,32 @@
  npm: {
    // The default for this package manager is to only search for `package.json` files
    // found at the repository root: https://docs.renovatebot.com/modules/manager/npm/#file-matching
-    fileMatch: ["^playground/.*package\\.json$"],
+    managerFilePatterns: ["/^playground/.*package\\.json$/"],
  },
+  customManagers: [
+    {
+      customType: "regex",
+      managerFilePatterns: ["/^dist-workspace\\.toml$/"],
+      matchStrings: [
+        '"(?<depName>actions/[^"]+)" = "(?<currentDigest>[a-f0-9]{40})"\\s*#\\s*(?<currentValue>v[\\d\\.]+).*'
+      ],
+      datasourceTemplate: "github-tags",
+      autoReplaceStringTemplate: '"{{depName}}" = "{{newDigest}}" # {{newValue}}"',
+      extractVersionTemplate: "^(?<version>v[\\d\\.]+)$",
+      versioningTemplate: "semver"
+    }
+  ],
  "pre-commit": {
    enabled: true,
  },
  packageRules: [
+    // Ignore GitHub Actions in generated release.yml (managed by cargo-dist)
+    {
+      matchManagers: ["github-actions"],
+      matchFileNames: [".github/workflows/release.yml"],
+      enabled: false,
+      description: "Ignore GitHub Actions in release.yml as it's generated by cargo-dist",
+    },
    // Pin GitHub Actions to immutable SHAs.
    {
      matchDepTypes: ["action"],
@ -106,6 +126,11 @@
      matchManagers: ["cargo"],
      matchPackageNames: ["strum"],
      description: "Weekly update of strum dependencies",
+    },
+    {
+      groupName: "cargo-dist GitHub Actions",
+      matchManagers: ["custom.regex"],
+      description: "Weekly update of GitHub Actions dependencies managed by cargo-dist",
    }
  ],
  vulnerabilityAlerts: {
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -61,7 +61,7 @@ jobs:
    env:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
        with:
          persist-credentials: false
          submodules: recursive
@ -69,9 +69,9 @@ jobs:
        # we specify bash to get pipefail; it guards against the `curl` command
        # failing. otherwise `sh` won't catch that `curl` returned non-0
        shell: bash
-        run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/cargo-dist/releases/download/v0.28.5-prerelease.1/cargo-dist-installer.sh | sh"
+        run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/cargo-dist/releases/download/v0.28.5-prerelease.3/cargo-dist-installer.sh | sh"
      - name: Cache dist
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
        with:
          name: cargo-dist-cache
          path: ~/.cargo/bin/dist
@ -87,7 +87,7 @@ jobs:
          cat plan-dist-manifest.json
          echo "manifest=$(jq -c "." plan-dist-manifest.json)" >> "$GITHUB_OUTPUT"
      - name: "Upload dist-manifest.json"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
        with:
          name: artifacts-plan-dist-manifest
          path: plan-dist-manifest.json
@ -124,19 +124,19 @@ jobs:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      BUILD_MANIFEST_NAME: target/distrib/global-dist-manifest.json
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
        with:
          persist-credentials: false
          submodules: recursive
      - name: Install cached dist
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
        with:
          name: cargo-dist-cache
          path: ~/.cargo/bin/
      - run: chmod +x ~/.cargo/bin/dist
      # Get all the local artifacts for the global tasks to use (for e.g. checksums)
      - name: Fetch local artifacts
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
        with:
          pattern: artifacts-*
          path: target/distrib/
@ -154,7 +154,7 @@ jobs:

          cp dist-manifest.json "$BUILD_MANIFEST_NAME"
      - name: "Upload artifacts"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
        with:
          name: artifacts-build-global
          path: |
@ -175,19 +175,19 @@ jobs:
    outputs:
      val: ${{ steps.host.outputs.manifest }}
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
        with:
          persist-credentials: false
          submodules: recursive
      - name: Install cached dist
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
        with:
          name: cargo-dist-cache
          path: ~/.cargo/bin/
      - run: chmod +x ~/.cargo/bin/dist
      # Fetch artifacts from scratch-storage
      - name: Fetch artifacts
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
        with:
          pattern: artifacts-*
          path: target/distrib/
@ -201,7 +201,7 @@ jobs:
          cat dist-manifest.json
          echo "manifest=$(jq -c "." dist-manifest.json)" >> "$GITHUB_OUTPUT"
      - name: "Upload dist-manifest.json"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
        with:
          # Overwrite the previous copy
          name: artifacts-dist-manifest
@ -251,13 +251,13 @@ jobs:
    env:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
        with:
          persist-credentials: false
          submodules: recursive
      # Create a GitHub Release while uploading all files to it
      - name: "Download GitHub Artifacts"
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
        with:
          pattern: artifacts-*
          path: artifacts
--- a/dist-workspace.toml
+++ b/dist-workspace.toml
@ -5,7 +5,7 @@ packages = ["ruff"]
 # Config for 'dist'
 [dist]
 # The preferred dist version to use in CI (Cargo.toml SemVer syntax)
-cargo-dist-version = "0.28.5-prerelease.1"
+cargo-dist-version = "0.28.5-prerelease.3"
 # Whether to consider the binaries in a package for distribution (defaults true)
 dist = false
 # CI backends to support