From 6ec1c014a85b7897fcf6c25da955b6194082a9f4 Mon Sep 17 00:00:00 2001
From: Lucas Schwiderski <lucas@lschwiderski.de>
Date: Sat, 24 Aug 2024 17:10:22 +0200
Subject: [PATCH 1/7] Fix fluentd image

---
 images/fluentd/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/images/fluentd/Dockerfile b/images/fluentd/Dockerfile
index a217761..1e05089 100644
--- a/images/fluentd/Dockerfile
+++ b/images/fluentd/Dockerfile
@@ -1,4 +1,4 @@
-FROM fluent/fluentd:v1.16.1
+FROM fluent/fluentd:v1.16.2-1.1
 
 USER root
 

From 84e699c4a1664099ca9daa27ce6da43071a3c65d Mon Sep 17 00:00:00 2001
From: Renovate <renovate-bot@sclu1034.dev>
Date: Fri, 23 Aug 2024 13:10:52 +0000
Subject: [PATCH 2/7] Add .renovaterc

---
 .renovaterc | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 .renovaterc

diff --git a/.renovaterc b/.renovaterc
new file mode 100644
index 0000000..b36f3b4
--- /dev/null
+++ b/.renovaterc
@@ -0,0 +1,11 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended",
+    ":combinePatchMinorReleases",
+    ":enableVulnerabilityAlerts",
+    ":rebaseStalePrs"
+  ],
+  "prConcurrentLimit": 10,
+  "branchPrefix": "renovate/"
+}

From b4ea7d0ab59324f9f04c89041da581d2b193be30 Mon Sep 17 00:00:00 2001
From: Lucas Schwiderski <lucas@lschwiderski.de>
Date: Fri, 23 Aug 2024 16:14:52 +0200
Subject: [PATCH 3/7] Implement custom version checks

Many dependencies are installed manually within the Dockerfiles,
where Renovate cannot determine the version numbers by default.
However, through custom matching, the corresponding data sources
can be invoked, and the version number replaced via regex.
---
 .renovaterc                           | 26 +++++++++++++++++++++-
 images/fava/Dockerfile                |  4 +++-
 images/frp/Dockerfile                 |  1 +
 images/lua-clib/Dockerfile            |  7 ++++--
 images/nextcloud/Dockerfile           | 32 ++++++++++++++-------------
 images/node-script/Dockerfile         | 29 ++++++++++++++++++------
 images/python-script/Dockerfile       | 14 +++++++++---
 images/python-script/requirements.txt |  8 +++++++
 images/rust-xwin/Dockerfile           |  2 ++
 9 files changed, 94 insertions(+), 29 deletions(-)
 create mode 100644 images/python-script/requirements.txt

diff --git a/.renovaterc b/.renovaterc
index b36f3b4..f3d58ed 100644
--- a/.renovaterc
+++ b/.renovaterc
@@ -7,5 +7,29 @@
     ":rebaseStalePrs"
   ],
   "prConcurrentLimit": 10,
-  "branchPrefix": "renovate/"
+  "branchPrefix": "renovate/",
+  "customManagers": [
+    {
+      "customType": "regex",
+      "description": "Update _VERSION variables in Dockerfiles",
+      "fileMatch": [
+        "(^|/|\\.)Dockerfile$",
+        "(^|/)Dockerfile\\.[^/]*$"
+      ],
+      "matchStrings": [
+        "# renovate: datasource=(?<datasource>[a-z-]+?)(?: depName=(?<depName>.+?))? packageName=(?<packageName>.+?)(?: versioning=(?<versioning>[a-z-]+?))?\\s(?:ENV|ARG) .+?_VERSION=(?<currentValue>.+?)\\s"
+      ]
+    }
+  ],
+  "packageRules": [
+    {
+      "matchDatasources": [
+        "github-release"
+      ],
+      "matchPackageNames": [
+        "llvm/llvm-project"
+      ],
+      "extractVersion": "^llvmorg-(?<version>\\d+)\\.\\d+\\.\\d+$"
+    }
+  ]
 }
diff --git a/images/fava/Dockerfile b/images/fava/Dockerfile
index 4e2c60c..6c9b166 100644
--- a/images/fava/Dockerfile
+++ b/images/fava/Dockerfile
@@ -1,7 +1,9 @@
+# renovate: datasource=github-tags depName=beancount packageName=beancount/beancount
 ARG BEANCOUNT_VERSION=2.3.6
+# renovate: datasource=github-tags depName=fava packageName=beancount/fava
 ARG FAVA_VERSION=1.27.3
 
-FROM node:lts-slim as node_build_env
+FROM node:20.17.0-slim as node_build_env
 ARG FAVA_VERSION
 
 RUN set -eux; \
diff --git a/images/frp/Dockerfile b/images/frp/Dockerfile
index 47df792..6155f54 100644
--- a/images/frp/Dockerfile
+++ b/images/frp/Dockerfile
@@ -1,3 +1,4 @@
+# renovate: datasource=github-releases depName=frp packageName=fateder/frp
 ARG FRP_VERSION=0.60.0
 
 FROM scratch AS src
diff --git a/images/lua-clib/Dockerfile b/images/lua-clib/Dockerfile
index 347ee26..dea5cd7 100644
--- a/images/lua-clib/Dockerfile
+++ b/images/lua-clib/Dockerfile
@@ -2,8 +2,11 @@ ARG LUA_5_1_VERSION=5.1.5
 ARG LUA_5_2_VERSION=5.2.4
 ARG LUA_5_3_VERSION=5.3.6
 ARG LUA_5_4_VERSION=5.4.4
+# renovate: datasource=github-tags depName=luarocks packageName=luarocks/luarocks
 ARG LUAROCKS_VERSION=3.10.0
+# renovate: datasource=github-releases depName=dart-sass packageName=sass/dart-sass
 ARG DART_SASS_VERSION=1.71.1
+# renovate: datasource=github-tags depName=node packageName=nodejs/node
 ARG NODE_VERSION=20.11.1
 
 FROM debian:bookworm-slim AS builder
@@ -84,7 +87,7 @@ RUN set -e; \
     make -j $(nproc); \
     make install;
 
-FROM builder AS dart
+FROM builder AS sass
 
 ARG DART_SASS_VERSION
 ADD https://github.com/sass/dart-sass/releases/download/${DART_SASS_VERSION}/dart-sass-${DART_SASS_VERSION}-linux-x64.tar.gz /build/sass.tar.gz
@@ -140,7 +143,7 @@ COPY --from=lua52 /usr/local /usr/local
 COPY --from=lua53 /usr/local /usr/local
 COPY --from=lua54 /usr/local /usr/local
 COPY --from=node /usr/local /usr/local
-COPY --from=dart /usr/local /usr/local
+COPY --from=sass /usr/local /usr/local
 
 RUN --mount=type=cache,target=/var/cache/luarocks \
     set -e; \
diff --git a/images/nextcloud/Dockerfile b/images/nextcloud/Dockerfile
index 6b54255..97969b9 100644
--- a/images/nextcloud/Dockerfile
+++ b/images/nextcloud/Dockerfile
@@ -1,27 +1,29 @@
 FROM nextcloud:28.0.6-apache
 
+# renovate: datasource=github-releases depName=yt-dlp packageName=yt-dlp/yt-dlp versioning=loose
 ARG YTDLP_VERSION=2024.05.27
 # Debian ships node.js v18, make sure that the pageres version supports that
+# renovate: datasource=npm packageName=pageres-cli
 ARG PAGERES_VERSION=8.0.0
 
 RUN set -ex; \
     apt-get update; \
     apt-get install -y --no-install-recommends --no-install-suggests \
-    aria2 \
-    cifs-utils \
-    clamav \
-    ffmpeg \
-    libnss3 \
-    libbz2-dev \
-    nodejs \
-    npm \
-    smbclient \
-    p7zip \
-    p7zip-full \
-    python3-pip \
-    unzip \
-    wget \
-    ; \
+        aria2 \
+        cifs-utils \
+        clamav \
+        ffmpeg \
+        libnss3 \
+        libbz2-dev \
+        nodejs \
+        npm \
+        smbclient \
+        p7zip \
+        p7zip-full \
+        python3-pip \
+        unzip \
+        wget \
+        ; \
     docker-php-ext-install bz2; \
     npm install --global pageres-cli@${PAGERES_VERSION} puppeteer; \
     npx puppeteer browsers install chrome; \
diff --git a/images/node-script/Dockerfile b/images/node-script/Dockerfile
index 86d00cb..b46daa4 100644
--- a/images/node-script/Dockerfile
+++ b/images/node-script/Dockerfile
@@ -1,5 +1,20 @@
 FROM node:20.17.0-slim
 
+# renovate: datasource=npm packageName=npm
+ARG NPM_VERSION=10.5.0
+# renovate: datasource=npm packageName=bluebird
+ARG BLUEBIRD_VERSION=3.7.2
+# renovate: datasource=npm packageName=lodash
+ARG LODASH_VERSION=4.17.21
+# renovate: datasource=npm packageName=moment
+ARG MOMENT_VERSION=2.30.1
+# renovate: datasource=npm packageName=shelljs
+ARG SHELLJS_VERSION=0.8.5
+# renovate: datasource=npm packageName=js-yaml
+ARG JS_YAML_VERSION=4.1.0
+# renovate: datasource=npm packageName=got
+ARG GOT_VERSION=14.4.2
+
 # No need for root access for a script runner
 RUN useradd -m -d /home/runner -s /bin/bash runner;
 WORKDIR /home/runner
@@ -11,13 +26,13 @@ ENV PATH=/home/runner/.npm-global/bin:$PATH
 
 RUN set -e; \
     npm install --global --audit=false \
-        npm@10.5.0 \
-        bluebird \
-        lodash \
-        moment \
-        shelljs \
-        js-yaml \
-        got \
+        npm@${NPM_VERSION} \
+        bluebird@${BLUEBIRD_VERSION} \
+        lodash@${LODASH_VERSION} \
+        moment@${MOMENT_VERSION} \
+        shelljs@${SHELLJS_VERSION} \
+        js-yaml@${JS_YAML_VERSION} \
+        got@${GOT_VERSION} \
         ; \
     rm -r \
         /home/runner/.npm/_cacache \
diff --git a/images/python-script/Dockerfile b/images/python-script/Dockerfile
index 8466be4..0111c67 100644
--- a/images/python-script/Dockerfile
+++ b/images/python-script/Dockerfile
@@ -1,6 +1,13 @@
 FROM python:3.12.5-slim-bookworm
 
-LABEL version=1.1.0
+ARG PIP_VERSION=24.2
+ARG NUMPY_VERSION=2.1.0
+ARG HTTPIE_VERSION=3.2.3
+ARG PYFROGEJO_VERSION=1.0.2
+ARG DOCKER_VERSION=7.1.0
+ARG XQ_VERSION=0.0.4
+ARG SPOTIFY_VERSION=0.10.2
+ARG REQUESTS_VERSION=2.32.2
 
 RUN set -e; \
     apt-get update -q; \
@@ -30,7 +37,8 @@ USER runner
 
 ENV PATH=/home/runner/.local/bin:$PATH
 
+COPY requirements.txt ./
+
 RUN set -e; \
-    pip install --upgrade pip; \
-    pip install --user numpy httpie giteapy docker xq yp spotify requests; \
+    pip install --user -r requirements.txt; \
     rm -r /home/runner/.cache;
diff --git a/images/python-script/requirements.txt b/images/python-script/requirements.txt
new file mode 100644
index 0000000..88239ac
--- /dev/null
+++ b/images/python-script/requirements.txt
@@ -0,0 +1,8 @@
+pip
+numpy
+httpie
+pyforgejo
+requests
+spotify
+xq
+docker
diff --git a/images/rust-xwin/Dockerfile b/images/rust-xwin/Dockerfile
index aadd9d6..2164875 100644
--- a/images/rust-xwin/Dockerfile
+++ b/images/rust-xwin/Dockerfile
@@ -2,6 +2,7 @@
 FROM debian:bullseye-slim AS xwin-download
 
 ARG MANIFEST_VERSION=16
+# renovate: datasource=github-releases depName=xwin packageName=Jake-Shadle/xwin
 ARG XWIN_VERSION=0.6.5
 ARG XWIN_PREFIX="xwin-$XWIN_VERSION-x86_64-unknown-linux-musl"
 ADD https://github.com/Jake-Shadle/xwin/releases/download/$XWIN_VERSION/$XWIN_PREFIX.tar.gz /root/$XWIN_PREFIX.tar.gz
@@ -27,6 +28,7 @@ RUN set -eux; \
 
 FROM rust:slim-bullseye AS rust-xwin
 
+# renovate: datasource=github-releases depName=llvm packageName=llvm/llvm-project
 ARG LLVM_VERSION=18
 ENV KEYRINGS=/usr/local/share/keyrings
 

From e8f7bba8cc54db50521389adfbf175f58ac3bf1b Mon Sep 17 00:00:00 2001
From: Lucas Schwiderski <lucas@lschwiderski.de>
Date: Fri, 23 Aug 2024 16:20:46 +0200
Subject: [PATCH 4/7] Fix GitHub repo name for frp

---
 images/frp/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/images/frp/Dockerfile b/images/frp/Dockerfile
index 6155f54..7881993 100644
--- a/images/frp/Dockerfile
+++ b/images/frp/Dockerfile
@@ -1,4 +1,4 @@
-# renovate: datasource=github-releases depName=frp packageName=fateder/frp
+# renovate: datasource=github-releases depName=frp packageName=fatedier/frp
 ARG FRP_VERSION=0.60.0
 
 FROM scratch AS src

From 8d51731d4554de177fde0932c792f00b0ebb4495 Mon Sep 17 00:00:00 2001
From: Lucas Schwiderski <lucas@lschwiderski.de>
Date: Fri, 23 Aug 2024 16:29:42 +0200
Subject: [PATCH 5/7] Fix versioning schemes

The `node` versioning scheme does only use LTS by default, which we
want. So we need to apply that for the Docker tags of node.js images.

NPM packages should use the appropriate versioning scheme as well.
---
 .renovaterc                           |  9 +++++++++
 images/node-script/Dockerfile         | 14 +++++++-------
 images/python-script/Dockerfile       |  9 ---------
 images/python-script/requirements.txt | 16 ++++++++--------
 4 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/.renovaterc b/.renovaterc
index f3d58ed..ac7910d 100644
--- a/.renovaterc
+++ b/.renovaterc
@@ -30,6 +30,15 @@
         "llvm/llvm-project"
       ],
       "extractVersion": "^llvmorg-(?<version>\\d+)\\.\\d+\\.\\d+$"
+    },
+    {
+      "matchPackageNames": [
+        "node"
+      ],
+      "matchDatasources": [
+        "docker"
+      ],
+      "versioning": "node"
     }
   ]
 }
diff --git a/images/node-script/Dockerfile b/images/node-script/Dockerfile
index b46daa4..38f17b4 100644
--- a/images/node-script/Dockerfile
+++ b/images/node-script/Dockerfile
@@ -1,18 +1,18 @@
 FROM node:20.17.0-slim
 
-# renovate: datasource=npm packageName=npm
+# renovate: datasource=npm packageName=npm versioning=npm
 ARG NPM_VERSION=10.5.0
-# renovate: datasource=npm packageName=bluebird
+# renovate: datasource=npm packageName=bluebird versioning=npm
 ARG BLUEBIRD_VERSION=3.7.2
-# renovate: datasource=npm packageName=lodash
+# renovate: datasource=npm packageName=lodash versioning=npm
 ARG LODASH_VERSION=4.17.21
-# renovate: datasource=npm packageName=moment
+# renovate: datasource=npm packageName=moment versioning=npm
 ARG MOMENT_VERSION=2.30.1
-# renovate: datasource=npm packageName=shelljs
+# renovate: datasource=npm packageName=shelljs versioning=npm
 ARG SHELLJS_VERSION=0.8.5
-# renovate: datasource=npm packageName=js-yaml
+# renovate: datasource=npm packageName=js-yaml versioning=npm
 ARG JS_YAML_VERSION=4.1.0
-# renovate: datasource=npm packageName=got
+# renovate: datasource=npm packageName=got versioning=npm
 ARG GOT_VERSION=14.4.2
 
 # No need for root access for a script runner
diff --git a/images/python-script/Dockerfile b/images/python-script/Dockerfile
index 0111c67..522236d 100644
--- a/images/python-script/Dockerfile
+++ b/images/python-script/Dockerfile
@@ -1,14 +1,5 @@
 FROM python:3.12.5-slim-bookworm
 
-ARG PIP_VERSION=24.2
-ARG NUMPY_VERSION=2.1.0
-ARG HTTPIE_VERSION=3.2.3
-ARG PYFROGEJO_VERSION=1.0.2
-ARG DOCKER_VERSION=7.1.0
-ARG XQ_VERSION=0.0.4
-ARG SPOTIFY_VERSION=0.10.2
-ARG REQUESTS_VERSION=2.32.2
-
 RUN set -e; \
     apt-get update -q; \
     apt-get install -qy --no-install-recommends --no-install-suggests \
diff --git a/images/python-script/requirements.txt b/images/python-script/requirements.txt
index 88239ac..bdd3284 100644
--- a/images/python-script/requirements.txt
+++ b/images/python-script/requirements.txt
@@ -1,8 +1,8 @@
-pip
-numpy
-httpie
-pyforgejo
-requests
-spotify
-xq
-docker
+pip==24.2
+numpy==2.1.0
+httpie==3.2.1
+pyforgejo==1.0.2
+requests==2.32.1
+spotify==0.10.2
+xq==0.0.4
+docker==7.0.1

From 925028dc4b84dff3247543da342e47dc3666099a Mon Sep 17 00:00:00 2001
From: Lucas Schwiderski <lucas@lschwiderski.de>
Date: Fri, 23 Aug 2024 16:56:18 +0200
Subject: [PATCH 6/7] Fix Fava requirements

---
 images/fava/Dockerfile        | 34 ++++++++++++++--------------------
 images/fava/requirements.txt  |  9 +++++++++
 images/node-script/Dockerfile |  2 +-
 3 files changed, 24 insertions(+), 21 deletions(-)
 create mode 100644 images/fava/requirements.txt

diff --git a/images/fava/Dockerfile b/images/fava/Dockerfile
index 6c9b166..b8e38f1 100644
--- a/images/fava/Dockerfile
+++ b/images/fava/Dockerfile
@@ -3,52 +3,46 @@ ARG BEANCOUNT_VERSION=2.3.6
 # renovate: datasource=github-tags depName=fava packageName=beancount/fava
 ARG FAVA_VERSION=1.27.3
 
-FROM node:20.17.0-slim as node_build_env
+FROM node:20.11.0-slim AS node_build_env
 ARG FAVA_VERSION
 
 RUN set -eux; \
     apt-get update; \
     apt-get install -y python3-babel git make;
 
-RUN git clone --depth 1 --branch v${FAVA_VERSION} https://github.com/beancount/fava /tmp/build/fava
+RUN git clone --depth 1 --branch v${FAVA_VERSION} https://github.com/beancount/fava /tmp/build/fava;
 
 WORKDIR /tmp/build/fava
 RUN set -eux; \
     make -j $(nproc); \
     rm -rf .*cache .eggs .tox build dist frontend/node_modules; \
     find . -type f -name '*.py[c0]' -delete; \
-    find . -type d -name "__pycache__" -delete
+    find . -type d -name "__pycache__" -delete;
 
-FROM python:3.12.3-slim as build_env
+FROM python:3.12.3-slim AS build_env
 ARG BEANCOUNT_VERSION
+ENV PATH "/app/bin:$PATH"
 
 RUN set -eux; \
     apt-get update; \
-    apt-get install -y build-essential libxml2-dev libxslt-dev curl git;
+    apt-get install -y build-essential libxml2-dev libxslt-dev curl git; \
+    python -mvenv /app;
 
-ENV PATH "/app/bin:$PATH"
-RUN python -mvenv /app
 COPY --from=node_build_env /tmp/build/fava /tmp/build/fava
 
-RUN git clone --depth 1 --branch ${BEANCOUNT_VERSION} https://github.com/beancount/beancount /tmp/build/beancount
+RUN git clone --depth 1 --branch ${BEANCOUNT_VERSION} https://github.com/beancount/beancount /tmp/build/beancount;
 
 WORKDIR /tmp/build/beancount
+
+COPY requirements.txt ./
+
 RUN set -eux; \
     CFLAGS=-s pip3 install -U /tmp/build/beancount; \
     pip3 install -U /tmp/build/fava; \
-    pip3 install \
-        beancount-reds-plugins \
-        git+https://github.com/andreasgerstmayr/fava-dashboards.git \
-        git+https://github.com/beancount/beangrow.git \
-        git+https://github.com/redstreet/fava_investor.git \
-        git+https://github.com/daniel-wells/beancount_checkclosed.git \
-        git+https://github.com/PhracturedBlue/fava-portfolio-summary.git \
-        git+https://github.com/polarmutex/fava-envelope.git \
-        git+https://github.com/scauligi/refried.git \
-        git+https://github.com/beancount/beanprice.git@41576e2ac889e4825e4985b6f6c56aa71de28304 \
-        ; \
+    pip3 install -r requirements.txt; \
     pip3 uninstall -y pip; \
-    find /app -name __pycache__ -exec rm -rf -v {} +
+    find /app -name __pycache__ -exec rm -rf -v {} + \;; \
+    rm -r /app/share;
 
 FROM python:3.12.3-slim
 COPY --from=build_env /app /app
diff --git a/images/fava/requirements.txt b/images/fava/requirements.txt
new file mode 100644
index 0000000..b697a65
--- /dev/null
+++ b/images/fava/requirements.txt
@@ -0,0 +1,9 @@
+beancount-reds-plugins==0.3.0
+beanprice==1.2.0
+fava_envelope==0.5.8
+fava-investor==0.7.0
+git+https://github.com/andreasgerstmayr/fava-dashboards.git@df40f4e2ccc6b4ec479e5146d8e62c327e44e6f9
+git+https://github.com/beancount/beangrow.git@7dd642b10a66c10ec807d9eb50fd58dc26635ba2
+git+https://github.com/daniel-wells/beancount_checkclosed.git@5abc380703105c12b518144f83a5c4fe25cc8f39
+git+https://github.com/PhracturedBlue/fava-portfolio-summary.git@fb31e371c9808a8a99ea02a60e3712271925d379
+git+https://github.com/scauligi/refried.git@b1b2a1fe1efd321142163ecc1796a38b71bb48b0
diff --git a/images/node-script/Dockerfile b/images/node-script/Dockerfile
index 38f17b4..29a29c7 100644
--- a/images/node-script/Dockerfile
+++ b/images/node-script/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:20.17.0-slim
+FROM node:20.11.0-slim
 
 # renovate: datasource=npm packageName=npm versioning=npm
 ARG NPM_VERSION=10.5.0

From a1a3d43567fca78aaf78132fc6570fa75089bc7b Mon Sep 17 00:00:00 2001
From: Lucas Schwiderski <lucas@lschwiderski.de>
Date: Fri, 23 Aug 2024 16:58:15 +0200
Subject: [PATCH 7/7] Fix node versioning

---
 .renovaterc                | 2 +-
 images/lua-clib/Dockerfile | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.renovaterc b/.renovaterc
index ac7910d..b4a9f5f 100644
--- a/.renovaterc
+++ b/.renovaterc
@@ -33,7 +33,7 @@
     },
     {
       "matchPackageNames": [
-        "node"
+        "nodejs/node", "nodejs"
       ],
       "matchDatasources": [
         "docker"
diff --git a/images/lua-clib/Dockerfile b/images/lua-clib/Dockerfile
index dea5cd7..0b695cb 100644
--- a/images/lua-clib/Dockerfile
+++ b/images/lua-clib/Dockerfile
@@ -6,7 +6,7 @@ ARG LUA_5_4_VERSION=5.4.4
 ARG LUAROCKS_VERSION=3.10.0
 # renovate: datasource=github-releases depName=dart-sass packageName=sass/dart-sass
 ARG DART_SASS_VERSION=1.71.1
-# renovate: datasource=github-tags depName=node packageName=nodejs/node
+# renovate: datasource=github-tags depName=node packageName=nodejs/node versioning=node
 ARG NODE_VERSION=20.11.1
 
 FROM debian:bookworm-slim AS builder