diff --git a/internal/embed/networks/aztec/helmfile.yaml.gotmpl b/internal/embed/networks/aztec/helmfile.yaml.gotmpl index a770e7fd..c433323c 100644 --- a/internal/embed/networks/aztec/helmfile.yaml.gotmpl +++ b/internal/embed/networks/aztec/helmfile.yaml.gotmpl @@ -9,7 +9,8 @@ releases: namespace: aztec-{{ .Values.id }} createNamespace: true chart: obol/aztec-node - version: 0.2.0 + # renovate: datasource=helm depName=aztec-node registryUrl=https://obolnetwork.github.io/helm-charts + version: 2.3.0 values: - role: sequencer sequencer: @@ -19,7 +20,8 @@ releases: networkName: '{{ .Values.id }}' image: repository: aztecprotocol/aztec - tag: 2.1.5 + # renovate: datasource=docker depName=aztecprotocol/aztec + tag: 4.3.0 pullPolicy: Always node: replicas: 1 diff --git a/internal/embed/networks/ethereum/helmfile.yaml.gotmpl b/internal/embed/networks/ethereum/helmfile.yaml.gotmpl index 4d1a8e1f..d971c2ce 100644 --- a/internal/embed/networks/ethereum/helmfile.yaml.gotmpl +++ b/internal/embed/networks/ethereum/helmfile.yaml.gotmpl @@ -24,6 +24,8 @@ releases: namespace: ethereum-{{ .Values.id }} createNamespace: true chart: ethereum-helm-charts/ethereum-node + # renovate: datasource=helm depName=ethereum-node registryUrl=https://ethpandaops.github.io/ethereum-helm-charts + version: 0.2.14 needs: [ethereum-pvcs] values: # Network and checkpoint sync configuration @@ -37,41 +39,51 @@ releases: sepolia: https://checkpoint-sync.sepolia.ethpandaops.io hoodi: https://checkpoint-sync.hoodi.ethpandaops.io - # Execution client (pinned versions — update periodically) + # Execution client (pinned versions — Renovate-tracked) - {{ .Values.executionClient }}: enabled: true image: {{- if eq .Values.executionClient "reth" }} - tag: v1.11.1 + # renovate: datasource=github-releases depName=paradigmxyz/reth + tag: v2.2.0 {{- else if eq .Values.executionClient "geth" }} - tag: v1.17.0 + # renovate: datasource=github-releases depName=ethereum/go-ethereum + tag: v1.17.3 {{- else if eq .Values.executionClient "nethermind" }} - tag: "1.36.0" + # renovate: datasource=github-releases depName=NethermindEth/nethermind + tag: "1.37.2" {{- else if eq .Values.executionClient "besu" }} - tag: "26.2.0" + # renovate: datasource=github-releases depName=hyperledger/besu + tag: "26.5.0" {{- else if eq .Values.executionClient "erigon" }} - tag: v3.3.8 + # renovate: datasource=github-releases depName=erigontech/erigon + tag: v3.4.2 {{- end }} persistence: enabled: true size: 500Gi existingClaim: execution-{{ .Values.executionClient }}-{{ .Values.network }} - # Consensus client (pinned versions — update periodically) + # Consensus client (pinned versions — Renovate-tracked) # The upstream chart wires --execution-endpoint and --network automatically. - {{ .Values.consensusClient }}: enabled: true image: {{- if eq .Values.consensusClient "lighthouse" }} - tag: v8.1.1 + # renovate: datasource=github-releases depName=sigp/lighthouse + tag: v8.1.3 {{- else if eq .Values.consensusClient "prysm" }} - tag: v7.1.2 + # renovate: datasource=github-releases depName=OffchainLabs/prysm + tag: v7.1.4 {{- else if eq .Values.consensusClient "teku" }} - tag: "26.2.0" + # renovate: datasource=github-releases depName=Consensys/teku + tag: "26.4.0" {{- else if eq .Values.consensusClient "nimbus" }} - tag: multiarch-v26.3.0 + # renovate: datasource=docker depName=statusim/nimbus-eth2 + tag: multiarch-v26.5.0 {{- else if eq .Values.consensusClient "lodestar" }} - tag: v1.40.0 + # renovate: datasource=github-releases depName=ChainSafe/lodestar + tag: v1.43.0 {{- end }} persistence: enabled: true diff --git a/renovate.json b/renovate.json index 5c21ccde..79df0e32 100644 --- a/renovate.json +++ b/renovate.json @@ -118,6 +118,28 @@ ], "datasourceTemplate": "docker", "versioningTemplate": "loose" + }, + { + "customType": "regex", + "description": "Track Ethereum/Aztec client image tags pinned in network helmfiles. Uses the `# renovate: datasource=X depName=Y` annotation immediately above each `tag:` line so the same regex handles every form we use (`v1.2.3`, `\"1.2.3\"`, `multiarch-v1.2.3`, plain `4.3.0`).", + "matchStrings": [ + "#\\s*renovate:\\s*datasource=(?\\S+)\\s+depName=(?\\S+)\\s*\\n\\s*tag:\\s*[\"']?(?[A-Za-z0-9._+-]+)[\"']?" + ], + "fileMatch": [ + "^internal/embed/networks/.+/helmfile\\.yaml\\.gotmpl$" + ], + "versioningTemplate": "loose" + }, + { + "customType": "regex", + "description": "Track Helm chart versions pinned in network helmfiles. Uses the `# renovate: datasource=helm depName=X registryUrl=Y` annotation immediately above each `version:` line in a release block.", + "matchStrings": [ + "#\\s*renovate:\\s*datasource=(?\\S+)\\s+depName=(?\\S+)\\s+registryUrl=(?\\S+)\\s*\\n\\s*version:\\s*[\"']?(?[0-9][^\\s\"']*)[\"']?" + ], + "fileMatch": [ + "^internal/embed/networks/.+/helmfile\\.yaml\\.gotmpl$" + ], + "versioningTemplate": "semver" } ], "packageRules": [ @@ -336,6 +358,34 @@ ], "groupName": "Obol Network image updates", "pinDigests": true + }, + { + "description": "Batch every Ethereum execution/consensus client tag and the ethereum-node chart pin into a single standing PR. The helmfile pins every supported EL+CL client (only one is selected per install via --execution-client / --consensus-client), but they all live in the same template, so it's simplest to bump them together. One PR, not ten.", + "matchFileNames": [ + "internal/embed/networks/ethereum/**" + ], + "labels": [ + "renovate/ethereum-clients" + ], + "schedule": [ + "before 6am on monday" + ], + "groupName": "Ethereum EL/CL client updates", + "groupSlug": "ethereum-clients" + }, + { + "description": "Batch the obol/aztec-node chart pin and the aztecprotocol/aztec image tag into a single standing PR. Aztec testnet upgrades require the image and chart appVersion to stay aligned, so they should land together.", + "matchFileNames": [ + "internal/embed/networks/aztec/**" + ], + "labels": [ + "renovate/aztec" + ], + "schedule": [ + "before 6am on monday" + ], + "groupName": "Aztec node updates", + "groupSlug": "aztec-node" } ] }