updatecli/README.md
The Rancher project uses updatecli to automate and orchestrate security related updates and versions bumps.
We use updatecli for this automation, instead of Dependabot or Renovate, because of its extensibility and multiple plugins resources that allow greater flexibility when automating sequences of conditional update steps.
For detailed information on how to use updatecli, please consult its documentation.
The automation runs as a GitHub Actions scheduled workflow once per day. Manual execution of the pipelines can be triggered when needed.
A manifest or pipeline consists of three stages: sources, conditions and
targets, that define how to apply the update strategy.
When adding a new manifest, please follow the example structure defined below.
updatecli/
├── README.md
├── scripts # For auxiliary scripts if needed
├── updatecli.d # For the update related workflows
│ ├── update-k8s-k3s # Each workflow should have its own subdirectory
│ └── update-versions-config-yaml # Another workflow in its own directory
└── values.d # For variable related configuration files
├── values.yaml # Configuration values
└── versions.yaml # Configuration versions
The manifest files must be placed inside a directory path named accordingly to its main purpose.
Local testing of manifests require:
diff, that will show the changes
without actually applying them.export UPDATECLI_GITHUB_TOKEN="your GH token"
updatecli diff --clean --values updatecli/values.d/values.yaml --values <other values files> --config updatecli/updatecli.d/<your workflow>
Before contributing, please follow the guidelines provided in this README and make sure to test locally your changes, and against your own fork, before opening a PR.
<!-- Links -->