leftyer/rancher
1
0
Fork 0
mirror of https://gitee.com/rancher/rancher.git synced 2025-12-06 07:49:17 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
rancher/updatecli
History
Guilherme Macedo e7286a1def updatecli: improve workflow choices (#52272) 
* updatecli: improve workflow choices

Signed-off-by: Guilherme Macedo <guilherme@gmacedo.com>
2025-10-10 16:04:31 -03:00
..
disabled
updatecli: improve workflow choices (#52272)
2025-10-10 16:04:31 -03:00
updatecli.d
updatecli: improve workflow choices (#52272)
2025-10-10 16:04:31 -03:00
values.d
updatecli: add workflow for bumping Harvester Docker machine (#52210)
2025-10-08 08:41:36 -03:00
README.md
[main] Add updatecli automation to bump K8s and K3s (#52175)
2025-10-06 13:51:53 -03:00

README.md

updatecli automation

The Rancher project uses updatecli to automate and orchestrate security related updates and versions bumps.

Tool

We use updatecli for this automation, instead of Dependabot or Renovate, because of its extensibility and multiple plugins resources that allow greater flexibility when automating sequences of conditional update steps.

For detailed information on how to use updatecli, please consult its documentation.

Scheduled workflow

The automation runs as a GitHub Actions scheduled workflow once per day. Manual execution of the pipelines can be triggered when needed.

Project organization

A manifest or pipeline consists of three stages: sources, conditions and targets, that define how to apply the update strategy.

When adding a new manifest, please follow the example structure defined below.

updatecli/
├── README.md
├── scripts                                # For auxiliary scripts if needed
├── updatecli.d                            # For the update related workflows
│   ├── update-k8s-k3s                     # Each workflow should have its own subdirectory
│   └── update-versions-config-yaml        # Another workflow in its own directory
└── values.d                               # For variable related configuration files
    ├── values.yaml                        # Configuration values
    └── versions.yaml                      # Configuration versions

The manifest files must be placed inside a directory path named accordingly to its main purpose.

Local testing

Local testing of manifests require:

  1. The updatecli binary that can be downloaded from updatecli/updatecli#releases. Test only with the latest stable version.
    1. Always run locally with the command diff, that will show the changes without actually applying them.
  2. A GitHub personal fine-grained token.
    1. For obvious security reasons and to avoid leaking your GH PAT, export it as a local environment variable.
export UPDATECLI_GITHUB_TOKEN="your GH token"
updatecli diff --clean --values updatecli/values.d/values.yaml --values <other values files> --config updatecli/updatecli.d/<your workflow>

Contributing

Before contributing, please follow the guidelines provided in this README and make sure to test locally your changes, and against your own fork, before opening a PR.

Reference in New Issue View Git Blame Copy Permalink