Automatic dependency tag upgrades

[4t1l4]

Expected Behavior

Dependency tags are kept up to date with some automated process.

Current Behavior

Tags in some variables in places like the sample inventory are not updated automatically and this is not a chore worth a human's time.

Steps to Reproduce

1. A dependency upstream is updated, like MetalLB controller.
2. The default tag for it is not updated.
3. Someone will have to notice and commit a change with the updated tag.

Context (variables)

Operating system: All

Hardware: All

Variables Used

all.yml

k3s_version: ""

calico_tag: ""

kube_vip_tag_version: ""

metal_lb_speaker_tag_version: ""
metal_lb_controller_tag_version: ""

Hosts

Not relevant.

Possible Solution

I haven't found a solution using Dependabot, but I am happy to submit a PR with the needed changes to let Renovate do this. It's a hobby of mine to get people onboard Renovate, I'm not associated in any way with them, just love how easy they made my life maintaining projects.

• I've checked the General Troubleshooting Guide

[4t1l4]

Hi! Sorry it's been a while. I have something that is kind of ready for review. I wouldn't want to pollute this repo with unwanted config/PRs, so before I do some commit clean-up and submit the PR here, you can take a look at how the Renovate setup could work in the following:

• This is the PR list on my fork (all ❌ due to the lack of config for self-hosted runners in my fork, I assume).
• This is the Dependency Dashboard that allows for fine grained control of retries, rebases, and a good overview.

Also to bear in mind:

• Renovate raises PRs and then rebases on a frequency that might use too many resources on the self-hosted runners. This can be controlled by setting up a schedule or grouping dependency types. Grouping comes at the cost of less granularity of upgrades and higher risk, so I usually pick a schedule that matches how often I'll really look at the PRs.
• The fileMatch in the renovate.json customManager is pointing only at the files where I knew it'd find the current dependencies. I had to narrow this down to reduce warnings about a max iterations limit when scanning the code for regex matches. When/If adding other files with dependencies in them that also need the custom regex manager, they'll need to be added explicitly.

Any other comments or concerns, please let me know, I think the bulk of this is done and it's now just a matter of adding config based on preferences.

[4t1l4]

I've got a few notes about how to migrate from dependabot to Renovate that I'll gather and add here to make it easier. Dependabot can then remain enabled just for vulnerability scans and Renovate will use them in the PR reports. I also noticed the dependencies tag is not being added in my repo config but that's an easy one to set.