fix(cozystack): address CodeRabbit review, add Renovate k3s tracking

[lexfrei]

Summary

Follow-up to #12 addressing CodeRabbit review comments and adding Renovate tracking for k3s versions.

Changes

• Guard groups['server'] lookup with groups.get('server', []) to produce a clear assert error instead of a hard-fail when the group is absent
• Tighten negative hostname test to verify the specific IP validation error message, not just any playbook failure
• Add Renovate annotations (# renovate: datasource=github-releases depName=k3s-io/k3s) to all inventory files with k3s_version
• Add customManager regex rule to renovate.json for automatic k3s version tracking
• Fix pre-existing managerFilePatterns → fileMatch in all customManagers (Renovate 37 compatibility)

Test plan

• ansible-lint passes
• All existing tests pass (multi-master, single-master, explicit override, hostname rejection)
• Renovate --platform=local correctly detects k3s updates across all 4 inventory files

Summary by CodeRabbit

• Bug Fixes

  • Improved error handling when server group configuration is missing from deployment setup

• Chores

  • Enhanced automated dependency tracking for k3s across example and test inventory files
  • Strengthened test validation workflow with more robust error detection and reporting
  • Updated dependency management configuration to improve version update tracking

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 23d122ef-3986-4917-a7f0-8479d9f2d2ac

📥 Commits

Reviewing files that changed from the base of the PR and between 8a19589 and cdc7938.

📒 Files selected for processing (7)

• .github/workflows/test.yml
• examples/rhel/inventory.yml
• examples/suse/inventory.yml
• examples/ubuntu/inventory.yml
• renovate.json
• roles/cozystack/tasks/compute-master-nodes.yml
• tests/ci-inventory.yml

---

📝 Walkthrough

Walkthrough

This pull request enhances dependency tracking and error validation across the project. It renames a Renovate configuration field, adds k3s version tracking via Renovate metadata comments in inventory files, improves the test workflow's error validation logic, and adds defensive error handling to the Ansible task.

Changes

Cohort / File(s)	Summary
Test Workflow Enhancement .github/workflows/test.yml	Updates the "Test hostname host keys are rejected" step to capture Ansible output and validate specific error messages before marking success, rather than relying solely on exit status.
Renovate Configuration renovate.json	Renames "managerFilePatterns" to "fileMatch" in three existing regex customManagers entries; adds new customManagers entry to track k3s_version from inventory files using regex pattern matching on Renovate metadata comments.
Inventory Renovate Annotations examples/rhel/inventory.yml, examples/suse/inventory.yml, examples/ubuntu/inventory.yml, tests/ci-inventory.yml	Adds Renovate metadata comments documenting k3s GitHub Releases source for dependency tracking.
Ansible Task Robustness roles/cozystack/tasks/compute-master-nodes.yml	Replaces direct dictionary access groups['server'] with safe .get() method to prevent KeyError when the 'server' group is absent.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

Poem

🐰 With whiskers twitching, renovate hops along,
Tracking k3s versions, keeping things strong!
Safe dictionary checks and workflow tests true,
Dependencies dancing—our project's refreshed anew! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix(cozystack): address CodeRabbit review, add Renovate k3s tracking' accurately reflects the main changes: implementing CodeRabbit review comments and adding Renovate configuration for k3s version tracking.
Description check	✅ Passed	The description is well-structured, matches the template with Summary and Changes sections, includes a comprehensive test plan with all items checked, and thoroughly documents the rationale and scope of changes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/coderabbit-review-followup

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the stability of the Ansible playbooks by making the server group lookup more resilient to missing data. Additionally, it introduces automated dependency management for k3s versions across various inventory files using Renovate, ensuring that the project stays up-to-date with the latest k3s releases. The Renovate configuration itself was also updated for compatibility with a newer version.

Highlights

• Improved Robustness: Modified Ansible playbook logic to safely handle cases where the 'server' group might be absent, preventing hard failures.
• Automated K3s Version Tracking: Integrated Renovate annotations into inventory files and configured renovate.json to automatically track and update k3s versions from GitHub releases.
• Renovate Configuration Update: Updated Renovate custom manager configurations from managerFilePatterns to fileMatch for compatibility with Renovate 37.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/test.yml

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request adds Renovate tracking for k3s versions and addresses feedback from a previous review. The changes are generally well-implemented, including updating the Renovate configuration for v37 compatibility and improving the robustness of an Ansible task. However, I've identified a potential issue in the new regex for k3s version tracking in renovate.json. The current regex could incorrectly match commented-out versions. I've provided a suggestion to make the regex more robust.

[gemini-code-assist]

The current regex for k3s_version is not anchored to the beginning of the line. This could cause it to incorrectly match a commented-out k3s_version line if one exists in the inventory file before the active one. This would lead Renovate to either fail or attempt to update the wrong line.

For example, in this scenario, the regex would incorrectly capture the commented-out version:

# renovate: datasource=github-releases depName=k3s-io/k3s
# k3s_version: v1.30.0+k3s1  # <-- old version, would be matched
k3s_version: v1.35.0+k3s3

To make the regex more robust, you should anchor the k3s_version match to the start of a line (using ^ in multiline mode).

        "#\s*renovate:\s*datasource=(?<datasource>[^\s]+)\s+depName=(?<depName>[^\s]+)[\s\S]*?^\s*k3s_version:\s*(?<currentValue>[^\s]+)"

[lexfrei]

The regex is anchored by the # renovate: annotation comment which acts as the match entry point. A commented-out k3s_version would only be caught if it had a # renovate: annotation directly above it, which would be intentional. The scenario you describe (annotation above a comment above the real value) is not a realistic pattern in our inventories. Keeping the regex simple is preferred over adding multiline anchoring complexity.