From 2bf9bd3bd1855459393cf823a44eb7c9ec2d1a55 Mon Sep 17 00:00:00 2001
From: Luca Comellini <luca.com@gmail.com>
Date: Mon, 19 Aug 2024 09:44:19 -0700
Subject: [PATCH] Update linters and workflows

---
 .github/dependabot.yml                      | 30 ---------------------
 .github/labeler.yml                         | 22 ---------------
 .github/workflows/ci.yml                    |  5 +++-
 .github/workflows/dependabot-auto-merge.yml | 15 -----------
 .github/workflows/labeler.yml               | 10 ++++++-
 .golangci.yml                               |  2 +-
 .pre-commit-config.yaml                     |  3 +++
 grpc/Dockerfile                             |  9 ++++---
 renovate.json                               |  7 +++++
 9 files changed, 30 insertions(+), 73 deletions(-)
 delete mode 100644 .github/dependabot.yml
 delete mode 100644 .github/labeler.yml
 delete mode 100644 .github/workflows/dependabot-auto-merge.yml
 create mode 100644 renovate.json

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
deleted file mode 100644
index c8bcff2..0000000
--- a/.github/dependabot.yml
+++ /dev/null
@@ -1,30 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: weekly
-    reviewers:
-      - "nginxinc/kic"
-
-  - package-ecosystem: "gomod"
-    directory: "/"
-    schedule:
-      interval: weekly
-    reviewers:
-      - "nginxinc/kic"
-
-  - package-ecosystem: "docker"
-    directories:
-      - "**/*"
-    schedule:
-      interval: weekly
-    reviewers:
-      - "nginxinc/kic"
-
-  - package-ecosystem: "pip"
-    directory: "/nap-dos"
-    schedule:
-      interval: weekly
-    reviewers:
-      - "nginxinc/kic"
diff --git a/.github/labeler.yml b/.github/labeler.yml
deleted file mode 100644
index 408aaa6..0000000
--- a/.github/labeler.yml
+++ /dev/null
@@ -1,22 +0,0 @@
-change:
-  - head-branch: ["^change/"]
-
-enhancement:
-  - head-branch: ["^feature/", "^feat/", "^enhancement/", "^enh/"]
-
-bug:
-  - head-branch: ["^fix/", "^bug/"]
-
-chore:
-  - head-branch: ["^chore/"]
-
-documentation:
-  - head-branch: ["^docs/", "^doc/"]
-  - changed-files:
-      - any-glob-to-any-file: "**/*.md"
-
-dependencies:
-  - head-branch:
-      ["^deps/", "^dep/", "^dependabot/", "pre-commit-ci-update-config"]
-  - changed-files:
-      - any-glob-to-any-file: ["go.mod", "go.sum"]
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 8a69e9c..ce39c16 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -39,7 +39,7 @@ jobs:
       - name: Build binary
         uses: goreleaser/goreleaser-action@v6
         with:
-          version: latest
+          version: v2.2.0 # renovate: datasource=github-tags depName=goreleaser/goreleaser
           args: build --clean ${{ !startsWith(github.ref, 'refs/tags/') && '--snapshot' || '' }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -123,6 +123,7 @@ jobs:
           image: ghcr.io/nginxinc/kic-test-${{ matrix.type }}-server:${{ steps.meta.outputs.version }}
           only-fixed: true
           add-cpes-if-none: true
+
       - name: upload Anchore scan SARIF report
         uses: github/codeql-action/upload-sarif@v3
         with:
@@ -189,6 +190,7 @@ jobs:
           image: ghcr.io/nginxinc/kic-test-grpc-server:${{ steps.meta.outputs.version }}
           only-fixed: true
           add-cpes-if-none: true
+
       - name: upload Anchore scan SARIF report
         uses: github/codeql-action/upload-sarif@v3
         with:
@@ -255,6 +257,7 @@ jobs:
           image: ghcr.io/nginxinc/kic-test-dos-server:${{ steps.meta.outputs.version }}
           only-fixed: true
           add-cpes-if-none: true
+
       - name: upload Anchore scan SARIF report
         uses: github/codeql-action/upload-sarif@v3
         with:
diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
deleted file mode 100644
index bb7cc6f..0000000
--- a/.github/workflows/dependabot-auto-merge.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-name: Dependabot auto-merge
-on: pull_request_target
-permissions:
-  pull-requests: write
-  contents: write
-jobs:
-  dependabot:
-    runs-on: ubuntu-24.04
-    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
-    steps:
-      - name: Enable auto-merge for Dependabot PRs
-        run: gh pr merge --auto --squash "$PR_URL"
-        env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          GITHUB_TOKEN: ${{ secrets.NGINX_PAT }}
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
index a77851e..9671139 100644
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -12,7 +12,15 @@ jobs:
       pull-requests: write # for actions/labeler to add labels
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/labeler@v5.0.0
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          sparse-checkout: |
+            labeler.yml
+          sparse-checkout-cone-mode: false
+          repository: nginxinc/k8s-common
+
+      - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
         with:
           repo-token: "${{ secrets.GITHUB_TOKEN }}"
           sync-labels: true
+          configuration-path: labeler.yml
diff --git a/.golangci.yml b/.golangci.yml
index 88a7206..d22b833 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -35,6 +35,7 @@ linters:
     - asciicheck
     - bidichk
     - contextcheck
+    - copyloopvar
     - dupword
     - durationcheck
     - err113
@@ -42,7 +43,6 @@ linters:
     - errchkjson
     - errname
     - errorlint
-    - exportloopref
     - fatcontext
     - forcetypeassert
     - gocheckcompilerdirectives
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index e314b03..a18d1ca 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -16,6 +16,9 @@ repos:
       - id: check-symlinks
       - id: check-case-conflict
       - id: check-vcs-permalinks
+      - id: check-json
+      - id: pretty-format-json
+        args: [--autofix, --no-ensure-ascii]
       - id: mixed-line-ending
         args: [--fix=lf]
       - id: name-tests-test
diff --git a/grpc/Dockerfile b/grpc/Dockerfile
index 0338e94..458e29f 100644
--- a/grpc/Dockerfile
+++ b/grpc/Dockerfile
@@ -1,9 +1,12 @@
 # syntax=docker/dockerfile:1.9
 FROM golang:1.23 AS builder
 
-RUN git clone -b v1.65.0 --depth 1 https://github.com/grpc/grpc-go
-WORKDIR /go/grpc-go/examples
-RUN CGO_ENABLED=0 go build -C helloworld/greeter_server -o /greeter_server
+# renovate: datasource=github-releases depName=grpc/grpc-go
+ARG GRPC_GO_VERSION=v1.65.0
+
+ADD https://github.com/grpc/grpc-go.git#${GRPC_GO_VERSION} /grpc-go
+
+RUN CGO_ENABLED=0 go build -C /grpc-go/examples/helloworld/greeter_server -o /greeter_server
 
 FROM scratch
 COPY --from=builder /greeter_server /
diff --git a/renovate.json b/renovate.json
new file mode 100644
index 0000000..7b7bdff
--- /dev/null
+++ b/renovate.json
@@ -0,0 +1,7 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "github>nginxinc/k8s-common",
+    "schedule:monthly"
+  ]
+}