diff --git a/README.md b/README.md index 3bc7cb42..e754387d 100644 --- a/README.md +++ b/README.md @@ -261,6 +261,46 @@ vulnerabilities before they are published or deployed: For detailed instructions on building PostgreSQL container images, refer to the [BUILD.md](BUILD.md) file. +## Automated updates with Renovate + +[Renovate](https://github.com/renovatebot/renovate) can be used to automatically update various dependencies. +As CloudNativePG's `Cluster` CRDs are not automatically picked up by Renovate, a custom regex manager must be configured. +The example below uses [JSON5](https://json5.org/); save it as `renovate.json5`, or convert keys/comments for use in `renovate.json`: + +```json5 +{ + customManagers: [ + { + // CloudNativePG Cluster imageName + customType: 'regex', + managerFilePatterns: [ + '/\\.yaml$/', + ], + matchStrings: [ + 'imageName: (?[^\\s:]+):(?[^\\s@]+)(?:@(?sha256:[a-f0-9]{64}))?', + ], + datasourceTemplate: 'docker', + // matches: 17.6-202509151215-minimal-trixie + versioningTemplate: 'regex:^(?\\d+)\\.(?\\d+)-(?\\d+)-(?\\S+)$', + autoReplaceStringTemplate: 'imageName: {{{depName}}}:{{{newValue}}}{{#if newDigest}}@{{{newDigest}}}{{/if}}', + } + ], + packageRules: [ + { + matchPackageNames: ['ghcr.io/cloudnative-pg/postgresql'], + matchUpdateTypes: ['major'], + dependencyDashboardApproval: true, + } + ] +} +``` + +Renovate will never change the `compatibility` part of the tag (image flavour and Debian base, e.g. `system-bookworm`), so upgrades stay on the same OS and glibc/ICU. +Switching to a different base (e.g. from `bookworm` to `trixie`) is a manual operation because of [PostgreSQL locale-data implications](https://wiki.postgresql.org/wiki/Locale_data_changes). +PostgreSQL major-version updates are routed through the [dependency dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) so they can be planned and applied by a human. +To keep references fully reproducible, you can also enable [`pinDigests`](https://docs.renovatebot.com/configuration-options/#pindigests) scoped to the CloudNativePG image. +If your repository contains other YAML manifests, narrow `managerFilePatterns` to the directory holding your `Cluster` resources, e.g. `'/clusters/.*\\.yaml$/'`. + ## License and copyright This software is available under [Apache License 2.0](LICENSE).