Originally posted by **froblesmartin** February 8, 2024
**New package manager questionnaire at the bottom in collapsible**
Hi! I have just started using Renovate, and Dependabot is covering most of our cases, but this is one of those that does not cover.
We have a couple of [CDKTF](https://developer.hashicorp.com/terraform/cdktf) projects, and there we have the Terraform providers and modules defined in the `cdktf.json` file.
For now, I have managed to update them with a custom manager, but it is not nice. I have to keep the providers as a one-line definition, and the modules as a block, so that they are matched by different regular expressions.
I am considering adding the new manager, but I would need to dive into the project's code. Actually, maybe this would not be a new manager, just an extension to the Terraform one to also support the `cdktf.json` file and format 🤔 .
I am posting this also so that others can use the custom manager as well for now. 😄
Example `cdktf.json`:
```json
{
"terraformProviders": [
"hashicorp/google@~>5.14.0",
"hashicorp/google-beta@~>5.14.0",
"hashicorp/kubernetes@~>2.25.2",
"hashicorp/helm@~>2.12.1"
],
"terraformModules": [
{
"name": "kubernetes-engine",
"source": "terraform-google-modules/kubernetes-engine/google",
"version": "~> 30.0"
},
{
"name": "network",
"source": "terraform-google-modules/network/google",
"version": "~> 9.0"
}
]
}
```
And the `customManagers`:
```json
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"enabledManagers": ["custom.regex"],
"customManagers": [{
"customType": "regex",
"fileMatch": ["(^|/)cdktf\\.json$"],
"matchStrings": [
"\\s*\\\"(?.*?\\/(?.*?))@~>(?[=>\\s\\w+\\.\\-]*)\\\"?"
],
"datasourceTemplate": "terraform-provider"
},{
"customType": "regex",
"fileMatch": ["(^|/)cdktf\\.json$"],
"matchStrings": [
"[\\s\\S]*?\\\"name\\\": \\\"(?.*?)\\\",[\\s\\S]*?\\\"source\\\": \\\"(?.*?)\\\",[\\s\\S]*?\\\"version\\\": \\\"(?[=><~\\s\\w+\\.\\-]*)\\\""
],
"datasourceTemplate": "terraform-module"
}]
}
```
New package manager questionnaire
# New package manager questionnaire
Did you read our documentation on adding a package manager?
- [X] I've read the [adding a package manager](adding-a-package-manager.md) documentation.
## Basics
### What's the name of the package manager?
CDKTF
### What language(s) does this package manager support?
Terraform
### How popular is this package manager?
Based on Terraform, becoming more and more popular.
### Does this language have other (competing?) package managers?
- [ ] Yes (give names).
- [X] No.
### What are the big selling points for this package manager?
Supporting a Terraform official Hashicorp project.
## Detecting package files
### What kind of package files, and names, does this package manager use?
`cdktf.json`
### Which [`fileMatch`](../usage/configuration-options.md#filematch) pattern(s) should Renovate use?
"fileMatch": ["(^|/)cdktf\\.json$"]
### Do many users need to extend the [`fileMatch`](../usage/configuration-options.md#filematch) pattern for custom file names?
- [ ] Yes, provide details.
- [X] No.
### Is the [`fileMatch`](../usage/configuration-options.md#filematch) pattern going to get many "false hits" for files that have nothing to do with package management?
No.
## Parsing and Extraction
### Can package files have "local" links to each other that need to be resolved?
Yes, you can define local modules for example (https://developer.hashicorp.com/terraform/cdktf/create-and-deploy/configuration-file#module-source).
### Package file parsing method
Parse the JSON file, and then it is the same as other Terraform files.
The package files should be:
- [X] Parsed together (in serial).
- [ ] Parsed independently.
### Which format/syntax does the package file use?
- [X] JSON
- [ ] TOML
- [ ] YAML
- [ ] Custom (explain below)
### How should we parse the package files?
- [ ] Off the shelf parser.
- [ ] Using regex.
- [X] Custom-parsed line by line.
- [ ] Other.
### Does the package file have different "types" of dependencies?
- [X] Yes, production and development dependencies. Providers and modules.
- [ ] No, all dependencies are treated the same.
### List all the sources/syntaxes of dependencies that can be extracted
Same as Terraform
### Describe which types of dependencies above are supported and which will be implemented in future
Same as Terraform
## Versioning
### What versioning scheme does the package file(s) use?
Same as Terraform
### Does this versioning scheme support range constraints, like `^1.0.0` or `1.x`?
- [X] Supports range constraints (for example: `^1.0.0` or `1.x`), provide details.
- [ ] No.
## Lookup
### Is a new datasource required?
- [ ] Yes, provide details.
- [X] No.
### Will users want (or need to) set a custom host or custom registry for Renovate's lookup?
- [X] Yes, provide details.
- [ ] No.
Where can Renovate find the custom host/registry?
- [ ] No custom host or registry is needed.
- [X] In the package file(s), provide details.
- [ ] In some other file inside the repository, provide details.
- [ ] User needs to configure Renovate where to find the information, provide details.
### Are there any constraints in the package files that Renovate should use in the lookup procedure?
- [ ] Yes, there are constraints on the parent language (for example: supports only Python `v3.x`), provide details.
- [ ] Yes, there are constraints on the parent platform (for example: only supports Linux, Windows, etc.), provide details.
- [X] Yes, some other kind of constraint, provide details.
- [ ] No constraints.
### Will users need the ability to configure language or other constraints using Renovate config?
- [ ] Yes, provide details.
- [X] No.
## Artifacts
### Does the package manager use a lock file or checksum file?
- [ ] Yes, uses lock file.
- [ ] Yes, uses checksum file.
- [ ] Yes, uses lock file _and_ checksum file.
- [X] No lock file or checksum.
### Is the locksum or checksum mandatory?
- [ ] Yes, locksum is mandatory.
- [ ] Yes, checksum is mandatory.
- [ ] Yes, lock file _and_ checksum are mandatory.
- [ ] No mandatory locksum or checksum.
- [X] Package manager does not use locksums or checksums.
### If lockfiles or checksums are used: what tool and exact commands should Renovate use to update one (or more) package versions in a dependency file?
### Package manager cache
#### Does the package manager use a cache?
- [X] Yes, provide details.
- [ ] No.
#### If the package manager uses a cache, how can Renovate control the cache?
- [ ] Package manager does not use a cache.
- [X] Controlled via command line interface, provide details.
- [ ] Controlled via environment variables, provide details.
#### Should Renovate keep a cache?
- [X] Yes, ignore/disable the cache.
- [ ] No.
### Generating a lockfile from scratch
Renovate can perform "lock file maintenance" by getting the package manager to generate a lockfile from scratch.
Can the package manager generate a lockfile from scratch?
- [ ] Yes, explain which command Renovate should use to generate the lockfile.
- [ ] No, the package manager does _not_ generate a lockfile from scratch.
- [X] No, the package manager does not use lockfiles.
## Other
### What else should we know about this package manager?
Discussed in https://github.com/renovatebot/renovate/discussions/27161
New package manager questionnaire
# New package manager questionnaire Did you read our documentation on adding a package manager? - [X] I've read the [adding a package manager](adding-a-package-manager.md) documentation. ## Basics ### What's the name of the package manager? CDKTF ### What language(s) does this package manager support? Terraform ### How popular is this package manager? Based on Terraform, becoming more and more popular. ### Does this language have other (competing?) package managers? - [ ] Yes (give names). - [X] No. ### What are the big selling points for this package manager? Supporting a Terraform official Hashicorp project. ## Detecting package files ### What kind of package files, and names, does this package manager use? `cdktf.json` ### Which [`fileMatch`](../usage/configuration-options.md#filematch) pattern(s) should Renovate use? "fileMatch": ["(^|/)cdktf\\.json$"] ### Do many users need to extend the [`fileMatch`](../usage/configuration-options.md#filematch) pattern for custom file names? - [ ] Yes, provide details. - [X] No. ### Is the [`fileMatch`](../usage/configuration-options.md#filematch) pattern going to get many "false hits" for files that have nothing to do with package management? No. ## Parsing and Extraction ### Can package files have "local" links to each other that need to be resolved? Yes, you can define local modules for example (https://developer.hashicorp.com/terraform/cdktf/create-and-deploy/configuration-file#module-source). ### Package file parsing method Parse the JSON file, and then it is the same as other Terraform files. The package files should be: - [X] Parsed together (in serial). - [ ] Parsed independently. ### Which format/syntax does the package file use? - [X] JSON - [ ] TOML - [ ] YAML - [ ] Custom (explain below) ### How should we parse the package files? - [ ] Off the shelf parser. - [ ] Using regex. - [X] Custom-parsed line by line. - [ ] Other. ### Does the package file have different "types" of dependencies? - [X] Yes, production and development dependencies. Providers and modules. - [ ] No, all dependencies are treated the same. ### List all the sources/syntaxes of dependencies that can be extracted Same as Terraform ### Describe which types of dependencies above are supported and which will be implemented in future Same as Terraform ## Versioning ### What versioning scheme does the package file(s) use? Same as Terraform ### Does this versioning scheme support range constraints, like `^1.0.0` or `1.x`? - [X] Supports range constraints (for example: `^1.0.0` or `1.x`), provide details. - [ ] No. ## Lookup ### Is a new datasource required? - [ ] Yes, provide details. - [X] No. ### Will users want (or need to) set a custom host or custom registry for Renovate's lookup? - [X] Yes, provide details. - [ ] No. Where can Renovate find the custom host/registry? - [ ] No custom host or registry is needed. - [X] In the package file(s), provide details. - [ ] In some other file inside the repository, provide details. - [ ] User needs to configure Renovate where to find the information, provide details. ### Are there any constraints in the package files that Renovate should use in the lookup procedure? - [ ] Yes, there are constraints on the parent language (for example: supports only Python `v3.x`), provide details. - [ ] Yes, there are constraints on the parent platform (for example: only supports Linux, Windows, etc.), provide details. - [X] Yes, some other kind of constraint, provide details. - [ ] No constraints. ### Will users need the ability to configure language or other constraints using Renovate config? - [ ] Yes, provide details. - [X] No. ## Artifacts ### Does the package manager use a lock file or checksum file? - [ ] Yes, uses lock file. - [ ] Yes, uses checksum file. - [ ] Yes, uses lock file _and_ checksum file. - [X] No lock file or checksum. ### Is the locksum or checksum mandatory? - [ ] Yes, locksum is mandatory. - [ ] Yes, checksum is mandatory. - [ ] Yes, lock file _and_ checksum are mandatory. - [ ] No mandatory locksum or checksum. - [X] Package manager does not use locksums or checksums. ### If lockfiles or checksums are used: what tool and exact commands should Renovate use to update one (or more) package versions in a dependency file? ### Package manager cache #### Does the package manager use a cache? - [X] Yes, provide details. - [ ] No. #### If the package manager uses a cache, how can Renovate control the cache? - [ ] Package manager does not use a cache. - [X] Controlled via command line interface, provide details. - [ ] Controlled via environment variables, provide details. #### Should Renovate keep a cache? - [X] Yes, ignore/disable the cache. - [ ] No. ### Generating a lockfile from scratch Renovate can perform "lock file maintenance" by getting the package manager to generate a lockfile from scratch. Can the package manager generate a lockfile from scratch? - [ ] Yes, explain which command Renovate should use to generate the lockfile. - [ ] No, the package manager does _not_ generate a lockfile from scratch. - [X] No, the package manager does not use lockfiles. ## Other ### What else should we know about this package manager?