ci(renovate.json): implement grouping for less noise and make most Do…

…cker images versioned

docker-compose/all-in-one/docker-compose.yml

@@ -3,7 +3,7 @@ version: "3.9"
 services:
   # Garuda Cloud
   nextcloud_app:
-    image: linuxserver/nextcloud:latest
+    image: linuxserver/nextcloud:27.0.2
     container_name: nextcloud
     depends_on: [nextcloud_db, nextcloud_redis]
     environment:
@@ -14,7 +14,7 @@ services:
     volumes: [./nextcloud/config:/config, ./nextcloud/data:/data]
     restart: always
   nextcloud_db:
-    image: mariadb:latest
+    image: mariadb:11.1.2
     container_name: nextcloud_db
     command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
     environment:
@@ -25,7 +25,7 @@ services:
     volumes: [./nextcloud/db:/var/lib/mysql]
     restart: always
   nextcloud_redis:
-    image: redis:latest
+    image: redis:7.2.1
     container_name: nextcloud_redis
     environment:
       ALLOW_EMPTY_PASSWORD: true
@@ -34,7 +34,7 @@ services:
   # Firefox syncserver
   syncserver:
     container_name: syncserver
-    image: crazymax/firefox-syncserver:latest
+    image: crazymax/firefox-syncserver:edge # newest, versioned one 3 years old
     volumes: [./syncserver:/data]
     ports: [5001:5000]
     environment:
@@ -49,15 +49,15 @@ services:
 
   # Web IRC access
   thelounge:
-    image: thelounge/thelounge:latest
+    image: thelounge/thelounge:4.4.1
     container_name: thelounge
     volumes: [./thelounge:/var/opt/thelounge]
     ports: [9000:9000]
     restart: always
 
   # Password vault
   bitwarden:
-    image: vaultwarden/server:testing
+    image: vaultwarden/server:1.29.2
     container_name: bitwarden
     volumes: [./bitwarden:/data]
     ports: [8081:80]
@@ -78,7 +78,7 @@ services:
 
   # Secure pastebin
   privatebin:
-    image: privatebin/nginx-fpm-alpine:latest
+    image: privatebin/nginx-fpm-alpine:1.5.2
     container_name: privatebin
     volumes:
       - ./privatebin:/srv/data
@@ -88,15 +88,15 @@ services:
 
   # Garuda startpage
   homer:
-    image: b4bz/homer:latest
+    image: b4bz/homer:v23.05.1
     container_name: homer
     volumes: [./startpage:/www/assets]
     ports: [8083:8080]
     restart: always
 
   # MongoDB instance
   mongodb:
-    image: mongo:latest
+    image: mongo:7.0.1
     container_name: mongodb
     volumes: [./mongo:/data/db]
     ports: [27017:27017]
@@ -105,7 +105,7 @@ services:
       MONGO_INITDB_ROOT_PASSWORD: ${MONGO_ROOT_PASSWORD:-?err}
     restart: always
   wikijs:
-    image: requarks/wiki:latest
+    image: requarks/wiki:2.5
     container_name: wikijs
     volumes: [./wikijs/assets:/wiki/assets/favicons]
     ports: [3001:3000]
@@ -120,7 +120,7 @@ services:
 
   # Matrix homeserver
   matrix:
-    image: matrixdotorg/synapse:latest
+    image: matrixdotorg/synapse:v1.91.2
     container_name: matrix
     volumes: [./matrix/matrix:/data]
     ports: [8008:8008]
@@ -145,7 +145,7 @@ services:
 
   # Matrix web client
   matrix_web:
-    image: vectorim/element-web
+    image: vectorim/element-web:v1.11.40
     container_name: element_web
     depends_on: [matrix]
     volumes: [./matrix/element/config.json:/app/config.json]
@@ -154,22 +154,22 @@ services:
 
   # Admin interface for Matrix
   matrix_admin:
-    image: awesometechnologies/synapse-admin:latest
+    image: awesometechnologies/synapse-admin:latest # Versioned lags behind 7 months
     container_name: matrix_admin
     depends_on: [matrix]
     ports: [8085:80]
     restart: always
 
   # Matrix to IRC/Discord/Telegram relay
   matterbridge:
-    image: 42wim/matterbridge:stable
+    image: 42wim/matterbridge:1.26
     container_name: matterbridge
     depends_on: [matrix]
     volumes:
       - ./matterbridge/matterbridge.toml:/etc/matterbridge/matterbridge.toml:ro
     restart: always
   lemmy_seeder:
-    image: nowsci/lcs
+    image: nowsci/lcs:20230901035206
     container_name: lemmy_lcs
     environment:
       COMMUNITY_COUNT: 50
@@ -189,7 +189,7 @@ services:
 
   # Automated container updates
   watchtower:
-    image: containrrr/watchtower
+    image: containrrr/watchtower:1.5.3
     container_name: watchtower
     command:
       --cleanup matrix_web matrix_admin wikijs mongodb homer privatebin bitwarden

docker-compose/github-runner/docker-compose.yml

@@ -2,7 +2,7 @@
 version: "3.9"
 services:
   github-runner:
-    image: myoung34/github-runner:latest
+    image: myoung34/github-runner:2.309.0
     depends_on: [watchtower]
     container_name: github-runner
     privileged: true
@@ -19,7 +19,7 @@ services:
 
   # Automated container updates
   watchtower:
-    image: containrrr/watchtower
+    image: containrrr/watchtower:1.5.3
     container_name: watchtower
     command: --cleanup
     volumes: [/var/run/docker.sock:/var/run/docker.sock]

docker-compose/proxied/docker-compose.yml

@@ -3,7 +3,7 @@ version: "3.9"
 services:
   # Whoogle search engine
   whoogle:
-    image: benbusby/whoogle-search:latest
+    image: benbusby/whoogle-search:latest # It tends do be important to stay current
     container_name: whoogle
     user: whoogle
     security_opt: [no-new-privileges]
@@ -28,7 +28,7 @@ services:
 
   # Searxng search engine
   searx:
-    image: searxng/searxng:latest
+    image: searxng/searxng:latest # It tends do be important to stay current
     container_name: searx
     depends_on: [filtron, morty]
     volumes: [./searxng:/etc/searxng]
@@ -38,43 +38,15 @@ services:
       BIND_ADDRESS: 0.0.0.0:8080
       HTTPS_PROXY: http://10.0.5.1:3128
       HTTP_PROXY: http://10.0.5.1:3128
+      INSTANCE_NAME: Garuda's SearxNG
       NO_PROXY: "*.garudalinux.org"
-      MORTY_KEY: ${SX_MORTY_KEY:-?err}
-      MORTY_URL: https://searx.garudalinux.org/morty/
     cap_drop: [ALL]
     cap_add: [CHOWN, SETGID, SETUID, DAC_OVERRIDE]
     restart: always
-  morty:
-    image: dalf/morty:latest
-    container_name: morty
-    ports: [3000:3000]
-    command: -timeout 6 -ipv6
-    environment:
-      HTTP_PROXY: http://10.0.5.1:3128
-      HTTPS_PROXY: http://10.0.5.1:3128
-      MORTY_KEY: ${SX_MORTY_KEY:-?err}
-      MORTY_ADDRESS: 0.0.0.0:3000
-    logging:
-      driver: none
-    read_only: true
-    cap_drop: [ALL]
-    restart: always
-  filtron:
-    image: dalf/filtron:latest
-    container_name: filtron
-    ports: [4040:4040, 4041:4041]
-    command: -listen 0.0.0.0:4040 -api 0.0.0.0:4041 -target searxng:8080
-    volumes: [./searxng/rules.json:/etc/filtron/rules.json:rw]
-    read_only: true
-    cap_drop: [ALL]
-    environment:
-      HTTP_PROXY: http://10.0.5.1:3128
-      HTTPS_PROXY: http://10.0.5.1:3128
-    restart: always
 
   # Lingva
   lingva:
-    image: thedaviddelta/lingva-translate:latest
+    image: thedaviddelta/lingva-translate:latest # Only latest tag is available
     container_name: lingva
     environment:
       DARK_THEME: "true"
@@ -88,7 +60,7 @@ services:
 
   # Invious YouTube frontend
   invidious:
-    image: quay.io/invidious/invidious:latest
+    image: quay.io/invidious/invidious:latest # It tends do be important to stay current
     container_name: invidious
     depends_on: [invidious_db]
     environment:
@@ -127,7 +99,7 @@ services:
       retries: 2
     restart: always
   invidious_db:
-    image: docker.io/library/postgres:14
+    image: docker.io/library/postgres:14.9
     container_name: invidious_db
     volumes:
       - ./invidious/db:/var/lib/postgresql/data
@@ -143,7 +115,7 @@ services:
 
   # Piped
   piped_backend:
-    image: 1337kavin/piped:latest
+    image: 1337kavin/piped:latest # It tends do be important to stay current
     container_name: piped_backend
     depends_on: [piped_postgres]
     volumes: [./piped/config.properties:/app/config.properties:ro]
@@ -166,7 +138,7 @@ services:
     depends_on: [piped_backend]
     restart: always
   piped_nginx:
-    image: nginx:mainline-alpine
+    image: nginx:1.25.2-alpine
     container_name: piped_nginx
     depends_on: [piped_backend, piped_frontend, piped_proxy]
     volumes:
@@ -183,7 +155,7 @@ services:
       NO_PROXY: garudalinux.org,piped-api.garudalinux.org,piped.garudalinux.org,piped-proxy.garudalinux.org,lbry.com,api.lbry.com
     restart: always
   piped_postgres:
-    image: postgres:13-alpine
+    image: postgres:13.12-alpine
     container_name: piped_postgres
     volumes: [./piped/db:/var/lib/postgresql/data]
     environment:
@@ -192,7 +164,7 @@ services:
       POSTGRES_USER: piped
     restart: always
   piped_proxy:
-    image: 1337kavin/piped-proxy:latest
+    image: 1337kavin/piped-proxy:latest # It tends do be important to stay current
     container_name: piped_proxy
     environment:
       HTTP_PROXY: http://10.0.5.1:3128
@@ -204,7 +176,7 @@ services:
 
   # Automated container updates
   watchtower:
-    image: containrrr/watchtower
+    image: containrrr/watchtower:1.5.3
     container_name: watchtower
     command:
       --cleanup piped_backend piped_frontend piped_proxy invidious searx lingva

renovate.json

@@ -1,7 +1,30 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "assignees": ["dr460nf1r3"],
+  "assigneesFromCodeOwners": true,
   "commitMessageAction": "update",
   "extends": ["config:base", ":gitSignOff"],
+  "packageRules": [
+    {
+      "matchUpdateTypes": ["minor", "patch", "pin", "digest"],
+      "automerge": true
+    },
+    {
+      "additionalBranchPrefix": "minor-",
+      "groupName": "all non-major dependencies",
+      "groupSlug": "all-minor-patch",
+      "labels": ["update-minor"],
+      "matchPackagePatterns": ["*"],
+      "matchUpdateTypes": ["minor", "patch"]
+    },
+    {
+      "additionalBranchPrefix": "major-",
+      "labels": ["update-major"],
+      "matchPackagePatterns": ["*"],
+      "matchUpdateTypes": ["major"]
+    }
+  ],
+  "gitAuthor": "Chaotic Temeraire <[email protected]",
+  "prHourlyLimit": 3,
+  "prConcurrentLimit": 5,
   "reviewersFromCodeOwners": true
 }