Support Chef Berkshelf and Supermarkets

[herb-ng]

What would you like Renovate to be able to do?

I would like renovate to update cookbook dependency versions found in the Chef Cookbooks Berksfile and metadata.rb files.

Berkshelf is a dependency manager for Chef cookbooks. https://docs.chef.io/workstation/berkshelf/

Chef Supermarket is the repository / site for cookbooks. https://docs.chef.io/supermarket/

Cookbook's repository and dependencies location are defined in the Berksfile file.

Cookbook’s dependencies are listed in the metadata.rb file.

If you have any ideas on how this should be implemented, please tell us here.

Still in progress

Is this a feature you are interested in implementing yourself?

Yes

[github-actions[bot]]

Hi there,

You're requesting support for a new package manager. We need to know some basic information about this package manager first. Please copy/paste the new package manager questionnaire, and fill it out in full.

Once the questionnaire is filled out we will evaluate if adding support for this manager is something we want to do.

Good luck,

The Renovate team

[rarkins]

Sounds like supermarket would be a datasource while Berkshelf would be the manager

[herb-ng]

New package manager questionnaire

Did you read our documentation on adding a package manager?

• [x] I've read the adding a package manager documentation.

Basics

Name of package manager

Berkshelf https://docs.chef.io/workstation/berkshelf/

What language does this support?

Ruby

How popular is this package manager?

Very popular. Berkshelf is the only dependency manager for Chef cookbooks.

Does this language have other (competing?) package managers?

• [ ] Yes (give names)
• [x] No

---

Package File Detection

What type of package files and names does it use?

There are two files Berksfile and metadata.rb.

What fileMatch pattern(s) should be used?

The names of the two files do not change. See above

Is it likely that many users would need to extend this pattern for custom file names?

• [ ] Yes
• [x] No

Is the fileMatch pattern likely to get many "false hits" for files that have nothing to do with package management?

No

---

Parsing and Extraction

Can package files have "local" links to each other that need to be resolved?

Yes, the Berksfile is linked to metadata.rb.

Is there a reason why package files need to be parsed together (in serial) instead of independently?

No

What format/syntax is the package file in?

• [ ] JSON
• [ ] TOML
• [ ] YAML
• [x] Custom (explain below) Appears to be using Ruby format / syntax

How do you suggest parsing the file?

• [X] Off the shelf parser
• [ ] Using regex
• [ ] Custom-parsed line by line
• [ ] Other

Does the package file structure distinguish between different "types" of dependencies? e.g. production dependencies, dev dependencies, etc?

• [ ] Yes, production and development dependencies
• [x] No, all dependencies are treated the same

List all the sources/syntaxes of dependencies that can be extracted

For example,

Berksfile

source 'https://supermarket.test.nimbus.expedia.com'
source 'https://supermarket.chef.io'

metadata

metadata.rb

name 'ewe-windows'
maintainer 'Example Maintainer'
maintainer_email 'tester@expedia.com'
description 'Installs ewe-windows specific recipes'
version '0.4.63'

gem 'deep_merge'
gem 'chef-sugar-ng'
depends 'windows', '= 4.3.5'
depends 'iis', '= 7.0.0'
depends 'powershell', '~> 6.1.3'
depends 'apt', '< 7.4.0'       
depends 'logrotate', '< 3.0.0' 
depends 'seven_zip', '< 3.0.0' 
depends 'apparmor', '< 4.0.0'  
depends 'mysql', '< 11.0.0'    
depends 'pacman', '< 1.2.0'    
depends 'ms_dotnet', '< 5.0.0' 

Describe which types of dependencies above are supported and which will be implemented in future

lines that begin with depends are the dependencies.

---

Versioning

What versioning scheme does the package file(s) use?

Semantic Versioning 2.0.0

Does this versioning scheme support range constraints, e.g. ^1.0.0 or 1.x?

Yes. See https://docs.chef.io/config_rb_metadata/ see Versioning Constraints e.g

depends 'powershell', '~> 6.1.3'
depends 'powershell', '< 6.1.3'
depends 'powershell', '> 6.1.3'
depends 'powershell', '= 6.1.3'
depends 'powershell', '>= 6.1.3'
depends 'powershell', '<= 6.1.3'
depends 'powershell', '<= 6.1.3'

• [x] Supports range constraints (e.g ^1.0.0 or 1.x)
• [ ] No

Is this package manager used for applications, libraries, or both? If both, is there a way to tell which is which?

• [x] Applications
• [ ] Libraries
• [ ] Both (explain how to tell which is which)

If ranges are supported, are there any cases when Renovate should pin ranges to exact versions if rangeStrategy=auto?

yes.

---

Lookup

Is a new datasource required? Provide details

• [x] Yes, provide details.
• [ ] No.

Will users need the capability to specify a custom host/registry to look up? Can it be found within the package files, or within other files inside the repository, or would it require Renovate configuration?

Yes, the datasource is specified in the Berksfile file. Multiple datasource are possible. e.g. Berksfile file

source 'https://supermarket.test.nimbus.expedia.com'
source 'https://supermarket.chef.io'

metadata

Do the package files contain any "constraints" on the parent language (e.g. supports only v3.x of Python) or platform (Linux, Windows, etc) that should be used in the lookup procedure?

No

Will users need the ability to configure language or other constraints using Renovate config?

No

---

Artifacts

Are lock files or checksum files used? Are they mandatory?

No.

If so, what tool and exact commands should be used if updating one or more package versions in a dependency file?

If applicable, describe how the tool maintains a cache and if it can be controlled via CLI or env? Do you recommend the cache be kept or disabled/ignored?

If applicable, what command should be used to generate a lock file from scratch if you already have a package file? This will be used for "lock file maintenance"

Other

Is there anything else to know about this package manager?