chore: Implement Renovate (#502)

Author: alessfg

.github/renovate.json

@@ -0,0 +1,119 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended"
+  ],
+  "commitMessageLowerCase": "never",
+  "labels": [
+    "dependencies"
+  ],
+  "prConcurrentLimit": 0,
+  "prHourlyLimit": 0,
+  "schedule": [
+    "* 0-7 * * 1"
+  ],
+  "separateMultipleMajor": true,
+  "packageRules": [
+    {
+      "groupName": "Ansible collections",
+      "matchManagers": [
+        "ansible-galaxy",
+        "custom.regex"
+      ]
+    }
+  ],
+  "ansible-galaxy": {
+    "fileMatch": [
+      "(^|/)[\\w-]*requirements([_.]\\w+)?\\.ya?ml$"
+    ],
+    "packageRules": [
+      {
+        "automerge": true,
+        "matchCurrentVersion": "!/^0/",
+        "matchUpdateTypes": [
+          "minor",
+          "patch"
+        ]
+      }
+    ]
+  },
+  "customManagers": [
+    {
+      "customType": "regex",
+      "datasourceTemplate": "galaxy-collection",
+      "fileMatch": [
+        "README.md"
+      ],
+      "matchStrings": [
+        "- name: (?<depName>\\w+\\.\\w+)(?:\\s+#.*)?\\s+version: (?<currentValue>\\d+\\.\\d+\\.\\d+)"
+      ],
+      "versioningTemplate": "semver"
+    }
+  ],
+  "dockerfile": {
+    "ignorePaths": [
+      "molecule/**/Dockerfile.j2"
+    ]
+  },
+  "github-actions": {
+    "addLabels": [
+      "skip changelog"
+    ],
+    "packageRules": [
+      {
+        "groupName": "GitHub Actions",
+        "matchPackageNames": [
+          "actions/**",
+          "github/**"
+        ]
+      },
+      {
+        "groupName": "Docker Actions",
+        "matchPackageNames": [
+          "docker/**"
+        ]
+      },
+      {
+        "enabled": false,
+        "matchUpdateTypes": [
+          "digest"
+        ]
+      },
+      {
+        "automerge": true,
+        "matchUpdateTypes": [
+          "minor",
+          "patch"
+        ],
+        "matchCurrentVersion": "!/^0/"
+      }
+    ]
+  },
+  "pip_requirements": {
+    "fileMatch": [
+      "(^|/)[\\w-]*requirements([_.]\\w+)?\\.(txt|pip)$"
+    ],
+    "packageRules": [
+      {
+        "groupName": "Python dependencies",
+        "matchPackageNames": [
+          "*"
+        ]
+      },
+      {
+        "groupName": "Ansible core",
+        "matchPackageNames": [
+          "ansible-core"
+        ],
+        "separateMinorPatch": true
+      },
+      {
+        "automerge": true,
+        "matchUpdateTypes": [
+          "patch"
+        ],
+        "matchCurrentVersion": "!/^0/"
+      }
+    ]
+  }
+}

.github/workflows/milestone-pr.yml

@@ -0,0 +1,42 @@
+---
+name: Milestone & Project PR Automation
+on:
+  pull_request:
+    branches: [main]
+  workflow_dispatch:
+permissions: read-all
+jobs:
+  milestone:
+    name: Add milestone to GitHub PR
+    if: github.actor == 'renovate[bot]'
+    runs-on: ubuntu-24.04
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - name: Find current milestone and add it to GitHub PR
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          script: |
+            const { data: [milestone] } = await github.rest.issues.listMilestones({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+            });
+
+            await github.rest.issues.update({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              milestone: milestone.number,
+            });
+
+  project:
+    name: Add project to GitHub PR
+    if: github.actor == 'renovate[bot]'
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Add Project
+        uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v.1.0.2
+        with:
+          project-url: https://github.com/orgs/nginxinc/projects/17/views/1
+          github-token: ${{ secrets.ADD_TO_PROJECT_TOKEN }}

.github/workflows/requirements/requirements_collections.yml

@@ -4,7 +4,7 @@ collections:
     version: 1.5.4
   - name: community.general
     version: 9.2.0
-  - name: community.crypto # Only required if you plan to to test the NGINX Plus Molecule scenario
+  - name: community.crypto
     version: 2.21.1
-  - name: community.docker # Only required if you plan to use Molecule
+  - name: community.docker
     version: 3.11.0

CHANGELOG.md

@@ -34,6 +34,8 @@ CI/CD:
 - Switch GitHub Actions from using tags to release hashes.
 - Remove platform metadata from the Ansible Galaxy role metadata since platforms are no longer supported in Ansible Galaxy NG.
 - Implement OSSF Scorecard.
+- Implement Renovate.
+- Automatically add milestone and project data to Renovate Bot PRs.
 
 MAINTENANCE:
 

README.md

@@ -42,9 +42,11 @@ This will also ensure you are deploying/running this role with a fully tested ve
     - name: ansible.posix
       version: 1.5.4
     - name: community.general
-      version: 9.0.1
-    - name: community.docker # Only required if you plan to use Molecule (see below)
-      version: 3.10.3
+      version: 9.2.0
+    - name: community.crypto # Only required if you plan to to test the NGINX Plus Molecule scenario
+      version: 2.21.1
+    - name: community.docker # Only required if you plan to use Molecule
+      version: 3.11.0
   ```
 
 - Instructions on how to install Ansible core can be found in the [Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#upgrading-ansible-from-version-2-9-and-older-to-version-2-10-or-later) docs.