piclemx commented 4 years ago

What would you like Renovate to be able to do? Pulumi is a tool like Terraform, Helm, Ansible and others that do the infrastructure as code. It will be great add to the project.

Describe the solution you'd like I will be great to detect the container image and updated it if possible. Otherwise since it used real language. Javascript,Golang,Python are already handle.

Describe alternatives you've considered None

Additional context Add any other context or screenshots about the feature request here.

import * as kx from "@pulumi/kubernetesx";

const pb = new kx.PodBuilder({
    containers: [{
        image: "nginx",
        ports: { http: 80 }
    }]
});

const deployment = new kx.Deployment("nginx", {
    spec: pb.asDeploymentSpec({ replicas: 3 })
});

const service = deployment.createService({
    type: kx.types.ServiceType.LoadBalancer
});

export const serviceIP = service.ip;

rarkins commented 4 years ago

Does Pulumi have any concept of linking to its own datasources, e.g. like Helm charts link to Helm charts? Or is it specifying containers, golang packages, etc?

viceice commented 4 years ago

if you only need to update image: "nginx:2.3.45", you can use the regex manager

piclemx commented 4 years ago

@rarkins It's using containers image for k8s.

viceice commented 4 years ago

https://www.pulumi.com/docs/get-started/azure/install-language-runtime/

Looks like we can't create a simple manager for this, cause you write your pulumi files in any language (typescript /javascript /python /go /c# ...). So it would need language agnostic parsers to find the right things to update.

Maybe for now the easiest solution would be to write the deps to a key-value file (eg ini) add renovate comments and a regex manager to update this file. and that read the deps from pupuli code instead of inlining the deps

elsbrock commented 2 years ago

Provider dependencies should already be managed I assume, since they are usually specified as
package dependency of your project.

piclemx commented 2 years ago

@elsbrock Yes, for the provider coming from multiple languages. You can't do that with the version of a container.

simenandre commented 1 year ago

Hello 👋

I suggest using Pulumi stack files. These are YAML files, which are used to configure things. Using these YAML files to define container tags is considered a good practice. We might even introduce a standardized way of defining tags.

A real-world example: https://github.com/getbranches/conf/blob/main/Pulumi.main.yaml

Notice Pulumi.main.yaml. In the example, this stack is called main. Typically, there's more than one of these files, one for each stack/environment (i.e. Pulumi.dev.yaml and Pulumi.prod.yaml). In my example, I only have one.

These files are not specific to each language. There are ways not to use them, but then the configuration is defined in Pulumi.yaml under the config key. See an example here: https://github.com/getbranches/conf/blob/main/Pulumi.yaml

github-actions[bot] commented 1 year ago

Hi there,

You're asking us to support a new package manager. We need to know some basic information about this package manager first. Please copy/paste the new package manager questionnaire, and fill it out in full.

Once the questionnaire is filled out we'll decide if we want to support this new manager.

Good luck,

The Renovate team

simenandre commented 1 year ago

New package manager questionnaire

Did you read our documentation on adding a package manager?

[ ] I've read the adding a package manager documentation.

Basics

Name of package manager

Pulumi
Pulumi Tags

What language does this support?

Not sure it's relevant, but TypeScript, JavaScript, Python, Go, . NET, Java, and markup languages like YAML

How popular is this package manager?

Pulumi is quite popular, 16k stars on GitHub.

Does this language have other (competing?) package managers?

[ ] Yes (give names)
[x] No

Package File Detection

What type of package files and names does it use?

It does not have an opinionated/structured way to define packages, but we can probably introduce that and suggest that to be some way introduced to Pulumi as well.

What fileMatch pattern(s) should be used?

^Pulumi\\.yaml$

Note: Probably want to support more fileMatch patterns

Is it likely that many users would need to extend this pattern for custom file names?

[ ] Yes
[x] No

Is the fileMatch pattern likely to get many "false hits" for files that have nothing to do with package management?

Parsing and Extraction

Can package files have "local" links to each other that need to be resolved?

No, AFAIK not.

Is there a reason why package files need to be parsed together (in serial) instead of independently?

Not sure.

What format/syntax is the package file in?

[ ] JSON
[ ] TOML
[x] YAML
[ ] Custom (explain below)

How do you suggest parsing the file?

[x] Off the shelf parser
[x] Using regex
[ ] Custom-parsed line by line
[ ] Other

Does the package file structure distinguish between different "types" of dependencies? e.g. production dependencies, development dependencies, etc?

[x] Yes, production and development dependencies
[ ] No, all dependencies are treated the same

NB: In different files, so not sure if they should be distinguish as different in the package file.

List all the sources/syntaxes of dependencies that can be extracted

Describe which types of dependencies above are supported and which will be implemented in future

Versioning

What versioning scheme does the package file(s) use?

Does this versioning scheme support range constraints, e.g. `^1.0.0` or `1.x`?

[ ] Supports range constraints (e.g ^1.0.0 or 1.x)
[x] No

Lookup

Is a new datasource required? Provide details

[ ] Yes, provide details.
[x] No.

Will users need the capability to specify a custom host/registry to look up? Can it be found within the package files, or within other files inside the repository, or would it require Renovate configuration?

Probably.

Do the package files have any "constraints" on the parent language (e.g. supports only v3.x of Python) or platform (Linux, Windows, etc.) that should be used in the lookup procedure?

AFAIK, no.

Will users need the ability to configure language or other constraints using Renovate config?

AFAIK, no.

Artifacts

Are lock files or checksum files used? Are they mandatory?

No.

If so, what tool and exact commands should be used if updating one or more package versions in a dependency file?

If applicable, describe how the tool maintains a cache and if it can be controlled via CLI or environment variables? Do you recommend the cache be kept or disabled/ignored?

If applicable, what command should be used to generate a lock file from scratch if you already have a package file? This will be used for "lock file maintenance"

Other

Is there anything else to know about this package manager?

simenandre commented 1 year ago

Hello!

For reference, I have experimented with using regexManager for this. It works fine, for what I'm doing.

See https://github.com/getbranches/conf

renovatebot / renovate

Adding Pulumi as Manager #5794

New package manager questionnaire

Basics

Name of package manager

What language does this support?

How popular is this package manager?

Does this language have other (competing?) package managers?

Package File Detection

What type of package files and names does it use?

What fileMatch pattern(s) should be used?

Is it likely that many users would need to extend this pattern for custom file names?

Is the fileMatch pattern likely to get many "false hits" for files that have nothing to do with package management?

Parsing and Extraction

Can package files have "local" links to each other that need to be resolved?

Is there a reason why package files need to be parsed together (in serial) instead of independently?

What format/syntax is the package file in?

How do you suggest parsing the file?

Does the package file structure distinguish between different "types" of dependencies? e.g. production dependencies, development dependencies, etc?

List all the sources/syntaxes of dependencies that can be extracted

Describe which types of dependencies above are supported and which will be implemented in future

Versioning

What versioning scheme does the package file(s) use?

Does this versioning scheme support range constraints, e.g. `^1.0.0` or `1.x`?

Lookup

Is a new datasource required? Provide details

Will users need the capability to specify a custom host/registry to look up? Can it be found within the package files, or within other files inside the repository, or would it require Renovate configuration?

Do the package files have any "constraints" on the parent language (e.g. supports only v3.x of Python) or platform (Linux, Windows, etc.) that should be used in the lookup procedure?

Will users need the ability to configure language or other constraints using Renovate config?

Artifacts

Are lock files or checksum files used? Are they mandatory?

If so, what tool and exact commands should be used if updating one or more package versions in a dependency file?

If applicable, describe how the tool maintains a cache and if it can be controlled via CLI or environment variables? Do you recommend the cache be kept or disabled/ignored?

If applicable, what command should be used to generate a lock file from scratch if you already have a package file? This will be used for "lock file maintenance"

Other

Is there anything else to know about this package manager?

renovatebot / renovate

Adding Pulumi as Manager #5794

New package manager questionnaire

Basics

Name of package manager

What language does this support?

How popular is this package manager?

Does this language have other (competing?) package managers?

Package File Detection

What type of package files and names does it use?

What fileMatch pattern(s) should be used?

Is it likely that many users would need to extend this pattern for custom file names?

Is the fileMatch pattern likely to get many "false hits" for files that have nothing to do with package management?

Parsing and Extraction

Can package files have "local" links to each other that need to be resolved?

Is there a reason why package files need to be parsed together (in serial) instead of independently?

What format/syntax is the package file in?

How do you suggest parsing the file?

Does the package file structure distinguish between different "types" of dependencies? e.g. production dependencies, development dependencies, etc?

List all the sources/syntaxes of dependencies that can be extracted

Describe which types of dependencies above are supported and which will be implemented in future

Versioning

What versioning scheme does the package file(s) use?

Does this versioning scheme support range constraints, e.g. ^1.0.0 or 1.x?

Lookup

Is a new datasource required? Provide details

Will users need the capability to specify a custom host/registry to look up? Can it be found within the package files, or within other files inside the repository, or would it require Renovate configuration?

Do the package files have any "constraints" on the parent language (e.g. supports only v3.x of Python) or platform (Linux, Windows, etc.) that should be used in the lookup procedure?

Will users need the ability to configure language or other constraints using Renovate config?

Artifacts

Are lock files or checksum files used? Are they mandatory?

If so, what tool and exact commands should be used if updating one or more package versions in a dependency file?

If applicable, describe how the tool maintains a cache and if it can be controlled via CLI or environment variables? Do you recommend the cache be kept or disabled/ignored?

If applicable, what command should be used to generate a lock file from scratch if you already have a package file? This will be used for "lock file maintenance"

Other

Is there anything else to know about this package manager?

Does this versioning scheme support range constraints, e.g. `^1.0.0` or `1.x`?