Skip to content

fix(cozystack): address CodeRabbit review, add Renovate k3s tracking #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lexfrei merged 2 commits into from
Mar 18, 2026
Merged

fix(cozystack): address CodeRabbit review, add Renovate k3s tracking #13

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1c9a409
fix(cozystack): guard server group lookup, tighten hostname rejection…
lexfrei Mar 18, 2026
cdc7938
chore(renovate): track k3s version via github-releases datasource
lexfrei Mar 18, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 15 additions & 4 deletions .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,14 +99,25 @@ jobs:

- name: Test hostname host keys are rejected
run: |
if ansible-playbook tests/test-master-nodes.yml \
--inventory tests/test-hostname-inventory.yml 2>&1; then
set +e
output="$(ansible-playbook tests/test-master-nodes.yml \
--inventory tests/test-hostname-inventory.yml 2>&1)"
status=$?
set -e

if [ "$status" -eq 0 ]; then
echo "ERROR: Expected failure for hostname host keys, but playbook succeeded"
exit 1
else
echo "OK: Hostname host keys correctly rejected"
fi

if ! grep -q "not a valid IP address in MASTER_NODES" <<< "$output"; then
echo "ERROR: Playbook failed, but not due to hostname/IP validation"
echo "$output"
exit 1
fi

echo "OK: Hostname host keys correctly rejected"

e2e:
name: E2E
runs-on: ubuntu-latest
Expand Down
1 change: 1 addition & 0 deletions examples/rhel/inventory.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ cluster:
ansible_user: cloud-user

# k3s configuration (used by k3s.orchestration)
# renovate: datasource=github-releases depName=k3s-io/k3s
k3s_version: v1.35.0+k3s3
token: "CHANGE_ME"
api_endpoint: "10.0.0.10"
Expand Down
1 change: 1 addition & 0 deletions examples/suse/inventory.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ cluster:
ansible_user: opensuse

# k3s configuration (used by k3s.orchestration)
# renovate: datasource=github-releases depName=k3s-io/k3s
k3s_version: v1.35.0+k3s3
token: "CHANGE_ME"
api_endpoint: "10.0.0.10"
Expand Down
1 change: 1 addition & 0 deletions examples/ubuntu/inventory.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ cluster:
ansible_user: ubuntu

# k3s configuration (used by k3s.orchestration)
# renovate: datasource=github-releases depName=k3s-io/k3s
k3s_version: v1.35.0+k3s3
token: "CHANGE_ME"
api_endpoint: "10.0.0.10"
Expand Down
13 changes: 10 additions & 3 deletions renovate.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
"customManagers": [
{
"customType": "regex",
"managerFilePatterns": ["/roles/cozystack/defaults/main\\.yml$/"],
"fileMatch": ["/roles/cozystack/defaults/main\\.yml$/"],
"matchStrings": [
"cozystack_chart_version:\\s*\"(?<currentValue>[^\"]+)\""
],
Expand All @@ -24,7 +24,7 @@
},
{
"customType": "regex",
"managerFilePatterns": ["/^galaxy\\.yml$/"],
"fileMatch": ["/^galaxy\\.yml$/"],
"matchStrings": [
"version:\\s*(?<currentValue>\\S+)"
],
Expand All @@ -33,12 +33,19 @@
},
{
"customType": "regex",
"managerFilePatterns": ["/(^|/)requirements\\.yml$/"],
"fileMatch": ["/(^|/)requirements\\.yml$/"],
"matchStrings": [
"source:\\s*https://github\\.com/cozystack/ansible-cozystack\\.git\\s+type:\\s*git\\s+version:\\s*(?<currentValue>\\S+)"
],
"depNameTemplate": "ghcr.io/cozystack/cozystack/cozy-installer",
"datasourceTemplate": "docker"
},
{
"customType": "regex",
"fileMatch": ["inventory\\.yml$", "ci-inventory\\.yml$"],
"matchStrings": [
"#\\s*renovate:\\s*datasource=(?<datasource>[^\\s]+)\\s+depName=(?<depName>[^\\s]+)[\\s\\S]*?k3s_version:\\s*(?<currentValue>[^\\s]+)"
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist bot Mar 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The current regex for k3s_version is not anchored to the beginning of the line. This could cause it to incorrectly match a commented-out k3s_version line if one exists in the inventory file before the active one. This would lead Renovate to either fail or attempt to update the wrong line.

For example, in this scenario, the regex would incorrectly capture the commented-out version:

# renovate: datasource=github-releases depName=k3s-io/k3s
# k3s_version: v1.30.0+k3s1  # <-- old version, would be matched
k3s_version: v1.35.0+k3s3

To make the regex more robust, you should anchor the k3s_version match to the start of a line (using ^ in multiline mode).

        "#\s*renovate:\s*datasource=(?<datasource>[^\s]+)\s+depName=(?<depName>[^\s]+)[\s\S]*?^\s*k3s_version:\s*(?<currentValue>[^\s]+)"

Copy link
Copy Markdown
Contributor Author

@lexfrei lexfrei Mar 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The regex is anchored by the # renovate: annotation comment which acts as the match entry point. A commented-out k3s_version would only be caught if it had a # renovate: annotation directly above it, which would be intentional. The scenario you describe (annotation above a comment above the real value) is not a realistic pattern in our inventories. Keeping the regex simple is preferred over adding multiline anchoring complexity.

]
}
],
"packageRules": [
Expand Down
2 changes: 1 addition & 1 deletion roles/cozystack/tasks/compute-master-nodes.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
{%- if cozystack_master_nodes | length > 0 -%}
{{ cozystack_master_nodes }}
{%- else -%}
{{ groups['server'] | join(',') }}
{{ groups.get('server', []) | join(',') }}
{%- endif -%}

- name: Validate master node IPs are non-empty
Expand Down
1 change: 1 addition & 0 deletions tests/ci-inventory.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ cluster:
ansible_user: runner

# k3s configuration
# renovate: datasource=github-releases depName=k3s-io/k3s
k3s_version: v1.35.0+k3s3
token: "ci-test-token"
api_endpoint: "127.0.0.1"
Expand Down