🔧 Renovate: Update (minor) hoverkraft-tech/compose-action action to v2.3.0

Reviewed-on: #32

.gitea/workflows/pr-docker-deploy.yml

@@ -150,6 +150,12 @@ jobs:
         run: |
           docker login -u gitea-sonarqube-bot -p ${RIKKU_REGISTRY_PASSWORD} git.trez.wtf
 
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
       - name: Cache Vault install
         id: cache-vault
         uses: actions/cache@v4

.gitea/workflows/renovate-pr-deploy.yml

@@ -0,0 +1,128 @@
+name: Renovate PR Deployment
+
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [closed]
+    branches:
+      - main
+
+jobs:
+  deploy:
+    if: |
+      github.event.pull_request.merged == true &&
+      github.event.pull_request.user.login == 'renovate-bot'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Detect Renovate update type
+        id: detect-update
+        env:
+          PR_BODY: ${{ github.event.pull_request.body }}
+        run: |
+          echo "PR body: $PR_BODY"
+
+          if echo "$PR_BODY" | grep -qE 'Update\s+(patch|minor|major|digest)'; then
+            echo "update=true" >> $GITHUB_OUTPUT
+          else
+            echo "update=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Stop if update not patch/minor/major/digest
+        if: steps.detect-update.outputs.update != 'true'
+        run: |
+          echo "::warning::This PR does not involve patch/minor/major/digest update. Skipping deployment."
+          exit 0
+
+      - name: Get changed services from docker-compose.yml
+        id: services
+        run: |
+          # Ensure we have main branch available
+          git fetch origin main
+
+          # Find the common ancestor (merge-base) between PR HEAD and main
+          base=$(git merge-base HEAD origin/main)
+
+          # Get all image names added/changed in docker-compose.yml since base
+          images=$(git diff $base HEAD -- docker-compose.yml \
+            | grep -E '^\+.*image:' \
+            | sed -E 's/.*image:[[:space:]]*//g' \
+            | awk -F: '{print $1}' \
+            | sort -u)
+
+          # Map images to service names using yq
+          services=""
+          for img in $images; do
+            svc=$(yq e ".services | with_entries(select(.value.image | startswith(\"$img\"))) | keys | .[]" docker-compose.yml)
+            services="$services $svc"
+          done
+
+          # Deduplicate and trim
+          services=$(echo $services | tr ' ' '\n' | sort -u | xargs)
+          echo "services=$services" >> $GITHUB_OUTPUT
+
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RIKKU_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RIKKU_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: [RENOVATE] Docker Compose Deployment @ Rinoa'
+          notification_message: 'Starting Docker Compose run...'
+
+      - name: Pull images for modified services
+        if: steps.services.outputs.services != ''
+        run: |
+          services="${{ steps.services.outputs.services }}"
+          echo "Pulling images for services: $services"
+          for svc in $services; do
+            docker compose pull $svc || echo "Failed to pull $svc, continuing..."
+          done
+
+      - name: Docker Compose Deployment
+        uses: hoverkraft-tech/compose-action@v2.3.0
+        env:
+          DOCKER_HOST: tcp://dockerproxy:2375
+        with:
+          services: |
+            ${{ steps.services.outputs.services }}
+          up-flags: -d --remove-orphans
+          compose-flags: --profile rinoa-apps
+
+      - name: Docker Compose Healthcheck
+        continue-on-error: true
+        id: health
+        uses: jaracogmbh/docker-compose-health-check-action@v1.0.0
+        with:
+          max-retries: 30
+          retry-interval: 10
+          compose-file: "docker-compose.yml"
+          skip-exited: "true"
+          skip-no-healthcheck: "true"
+
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RIKKU_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RIKKU_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: [RENOVATE] Docker Compose Deployment @ Rinoa'
+          notification_message: 'Deployment completed successfully.'
+
+      - name: Deployment Summary
+        if: always()
+        run: |
+          echo "### 🚀 Renovate Patch Deployment Summary" >> $GITHUB_STEP_SUMMARY
+
+          if [[ -z "${{ steps.services.outputs.services }}" ]]; then
+            echo "- No services changed in this patch update." >> $GITHUB_STEP_SUMMARY
+            exit 0
+          fi
+
+          echo "- Updated services: \`${{ steps.services.outputs.services }}\`" >> $GITHUB_STEP_SUMMARY
+
+          if [[ "${{ steps.health.outcome }}" == "success" ]]; then
+            echo "- ✅ All services passed health checks." >> $GITHUB_STEP_SUMMARY
+          else
+            echo "- ⚠️ Some services failed health checks. Check logs above for details." >> $GITHUB_STEP_SUMMARY
+          fi

docker-compose.yml

@@ -10,7 +10,7 @@ services:
     container_name: adguard
     environment:
       TZ: ${TZ}
-    image: adguard/adguardhome:v0.107.65
+    image: adguard/adguardhome:v0.107.66
     network_mode: host
     privileged: true
     # ports:
@@ -37,7 +37,7 @@ services:
       HUB_URL: http://192.168.1.254:22220
     expose:
       - 45876
-    image: henrygd/beszel-agent:0.12.7
+    image: henrygd/beszel-agent:0.12.9
     network_mode: host
     restart: unless-stopped
     volumes:
@@ -176,7 +176,7 @@ services:
       - /run/dbus:/run/dbus:ro
   ollama:
     container_name: ollama
-    image: ollama/ollama:0.11.10
+    image: ollama/ollama:0.12.0
     ports:
       - 11434:11434
     restart: unless-stopped

renovate.json

@@ -4,6 +4,8 @@
   "prHourlyLimit": 2,
   "prConcurrentLimit": 5,
   "dependencyDashboard": true,
+  "dependencyDashboardApproval": true,
+  "dependencyDashboardHeader": "### 🔧 Renovate Dashboard\n\n- ✅ Patch updates will be created and auto-merged automatically.\n- 📝 Minor and Major updates will appear here first. Approve them to generate PRs.\n- 🏷️ Labels `update:patch`, `update:minor`, and `update:major` mark update types.\n",
   "labels": ["dependencies", "renovate"],
   "schedule": ["before 6am on monday"],
   "semanticCommits": "enabled",
@@ -11,65 +13,50 @@
   "branchNameStrict": true,
   "branchPrefix": "renovate/",
   "branchTopic": "{{manager}}/{{depName}}",
-  "commitMessageAction": "Update",
-  "commitMessageTopic": "{{manager}}/{{depName}}",
+  "commitMessageAction": "Update ({{updateType}})",
+  "commitMessageTopic": "{{manager}}/{{depName}} to {{newVersion}}",
+  "prBodyNotes": [
+    "### ⚡ Renovate Update Info",
+    "- **Update Type:** {{updateType}}",
+    "- **Automerge:** {{#if isAutomerge}}✅ This update will be auto-merged once all checks pass{{else}}🛑 This update requires manual approval{{/if}}"
+  ],
   "packageRules": [
     {
       "matchPackageNames": [
         "adguard/adguardhome",
         "henrygd/beszel-agent",
         "ghcr.io/gabe565/castsponsorskip",
+        "ollama/ollama",
+        "thecatlady/webhook"
+      ],
+      "versioning": "semver"
+    },
+    {
+      "matchPackageNames": [
         "ghcr.io/tecnativa/docker-socket-proxy",
         "ghcr.io/matt8707/ha-fusion",
         "ghcr.io/home-assistant/home-assistant",
-        "ollama/ollama",
-        "pavanputhra/logspout-signoz",
-        "ghcr.io/containrrr/watchtower",
-        "thecatlady/webhook"
+        "pavanputhra/logspout-signoz"
       ],
-      "groupName": "rikku-stack",
-      "separateMinorPatch": false,
-      "schedule": ["before 6am on monday"]
-    },
-    {
-      "matchPackageNames": ["adguard/adguardhome"],
-      "allowedVersions": "^v0\\.107\\."
-    },
-    {
-      "matchPackageNames": ["henrygd/beszel-agent"],
-      "allowedVersions": "^0\\.12\\."
-    },
-    {
-      "matchPackageNames": ["ghcr.io/gabe565/castsponsorskip"],
-      "allowedVersions": "^0\\.8\\."
-    },
-    {
-      "matchPackageNames": ["ghcr.io/tecnativa/docker-socket-proxy"],
-      "allowedVersions": "^latest$"
-    },
-    {
-      "matchPackageNames": ["ghcr.io/matt8707/ha-fusion"],
-      "allowedVersions": "^2024\\."
-    },
-    {
-      "matchPackageNames": ["ghcr.io/home-assistant/home-assistant"],
-      "allowedVersions": "^stable$"
-    },
-    {
-      "matchPackageNames": ["ollama/ollama"],
-      "allowedVersions": "^0\\.11\\."
-    },
-    {
-      "matchPackageNames": ["pavanputhra/logspout-signoz"],
-      "allowedVersions": "^2025\\."
-    },
-    {
-      "matchPackageNames": ["thecatlady/webhook"],
-      "allowedVersions": "^2\\.8\\."
+      "versioning": "docker"
     },
     {
       "matchUpdateTypes": ["patch"],
-      "schedule": ["every weekday"]
+      "schedule": ["every weekday"],
+      "automerge": true,
+      "labels": ["dependencies", "renovate", "update:patch"]
+    },
+    {
+      "matchUpdateTypes": ["minor"],
+      "automerge": false,
+      "dependencyDashboardApproval": true,
+      "labels": ["dependencies", "renovate", "update:minor"]
+    },
+    {
+      "matchUpdateTypes": ["major"],
+      "automerge": false,
+      "dependencyDashboardApproval": true,
+      "labels": ["dependencies", "renovate", "update:major"]
     },
     {
       "matchManagers": ["github-actions"],