chore: Configure Renovate

[ghost]

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

---

Detected Package Files

• .github/workflows/commitlint.yaml (github-actions)
• .github/workflows/terraform.yaml (github-actions)
• .github/workflows/terrascan.yaml (github-actions)
• template-repo/template/.github/workflows/build.yml (github-actions)
• template-repo/template/.github/workflows/conventional-labels.yaml (github-actions)
• main.tf (terraform)
• providers.tf (terraform)
• template-repo/main.tf (terraform)
• tf-repo/main.tf (terraform)

Configuration Summary

Based on the default config's presets, Renovate will:

• Start dependency updates only once this onboarding PR is merged
• Enable Renovate Dependency Dashboard creation.
• Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
• Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
• Group known monorepo packages together.
• Use curated list of recommended non-monorepo package groupings.
• Apply crowd-sourced package replacement rules.
• Apply crowd-sourced workarounds for known problems with packages.
• Pin Docker digests.
• Pin github-action digests.
• Pin dependency versions for development dependencies.
• Pin dependency versions where depType=dependencies. Usually applies only to non-dev dependencies in package.json.
• Use semantic prefixes for commit messages and PR titles.

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

---

You have configured Renovate to use branch main as base branch.

What to Expect

With your current configuration, Renovate will create 2 Pull Requests:

chore(deps): pin dependencies

• Schedule: ["at any time"]
• Branch name: renovate/pin-dependencies
• Merge into: main
• Upgrade actions/checkout to 11bd71901bbe5b1630ceea73d27597364c9af683
• Upgrade actions/github-script to 60a0d83039c74a4aee543508d2ffcb1c3799cdea
• Upgrade bcoe/conventional-release-labels to 886f696738527c7be444262c327c89436dfb95a8
• Upgrade github/codeql-action to 45775bd8235c68ba998cffa5171334d58593da47
• Upgrade hashicorp/setup-terraform to b9cd54a3c349d3f38e8881555d616ced269862dd
• Upgrade wagoid/commitlint-github-action to b948419dd99f3fd78a6548d48f94e3df7f6bf3ed

chore(deps): update terraform github to ~> 6.6.0

• Schedule: ["at any time"]
• Branch name: renovate/github-6.x
• Merge into: main
• Upgrade github to ~> 6.6.0

---

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

---

This PR has been generated by Renovate Bot.

[peter-svensson]

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Validation Output

Success! The configuration is valid.

Terraform Plan 📖success

Show Plan

terraform
module.terraform-aws-k8s-addons-argocd.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-argocd]
module.terraform-aws-kops-state-store.github_repository.repo: Refreshing state... [id=terraform-aws-kops-state-store]
module.terraform-aws-k8s.github_repository.repo: Refreshing state... [id=terraform-aws-k8s]
module.terraform-cloudamqp-rabbitmq.github_repository.repo: Refreshing state... [id=terraform-cloudamqp-rabbitmq]
module.terraform-aws-k8s-addons-grafana-agent-operator.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-grafana-agent-operator]
module.terraform-aws-k8s-addons-external-dns.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-external-dns]
module.terraform-aws-aurora-mysql.github_repository.repo: Refreshing state... [id=terraform-aws-aurora-mysql]
module.terraform-aws-k8s-addons-external-secrets-operator.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-external-secrets-operator]
module.terraform-aws-k8s-argocd-cluster-secret.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-argocd-cluster-secret]
module.terraform-aws-rds-instance-postgresql.github_repository.repo: Refreshing state... [id=terraform-aws-rds-instance-postgresql]
module.terraform-aws-dns-validated-certificate.github_repository.repo: Refreshing state... [id=terraform-aws-dns-validated-certificate]
module.terraform-aws-rds-instance-mysql.github_repository.repo: Refreshing state... [id=terraform-aws-rds-instance-mysql]
module.terraform-aws-aurora-postgresql.github_repository.repo: Refreshing state... [id=terraform-aws-aurora-postgresql]
module.terraform-aws-k8s-addons-github-runners.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-github-runners]
module.terraform-aws-k8s-addons-cluster-autoscaler.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-cluster-autoscaler]
module.terraform-aws-elasticache-redis.github_repository.repo: Refreshing state... [id=terraform-aws-elasticache-redis]
module.template.github_repository.repo: Refreshing state... [id=tf-template]
module.terraform-aws-k8s-addons-fluentbit.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-fluentbit]
module.terraform-aws-k8s-network.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-network]
module.terraform-aws-kops-state-store.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGMvdvs4Bycx5]
module.terraform-aws-k8s-addons-argocd.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGN5IuM4Bycts]
module.terraform-aws-k8s.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGDcMAs4BycuE]
module.terraform-cloudamqp-rabbitmq.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGkwzzs4Byc2F]
module.terraform-aws-aurora-mysql.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGMveJs4Byb9g]
module.terraform-aws-k8s-addons-grafana-agent-operator.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOHIT5w84BycwF]
module.terraform-aws-k8s-argocd-cluster-secret.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGmRzyc4Bycx3]
module.terraform-aws-rds-instance-postgresql.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGOzETs4Bycx_]
module.terraform-aws-k8s-addons-external-dns.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGXoYjM4Bycu_]
module.terraform-aws-k8s-addons-external-secrets-operator.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGng-n84Bycu4]
module.terraform-aws-dns-validated-certificate.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGNsNLM4Byb86]
module.terraform-aws-rds-instance-mysql.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGOzCK84Bycx-]
module.terraform-aws-aurora-postgresql.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGMvXJc4Byb8x]
module.terraform-aws-k8s-addons-github-runners.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGN7J-s4Bycvo]
module.terraform-aws-k8s-addons-cluster-autoscaler.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOIBlhgc4BycvB]
module.terraform-aws-elasticache-redis.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGN1cCc4Byctu]
module.template.github_repository_file.examples: Refreshing state... [id=tf-template/examples/.gitkeep]
module.template.github_repository_file.files["Makefile"]: Refreshing state... [id=tf-template/Makefile]
module.template.github_repository_file.files["CODEOWNERS"]: Refreshing state... [id=tf-template/CODEOWNERS]
module.template.github_repository_file.files[".gitignore"]: Refreshing state... [id=tf-template/.gitignore]
module.template.github_repository_file.github[".github/workflows/build.yml"]: Refreshing state... [id=tf-template/.github/workflows/build.yml]
module.template.github_repository_file.github[".github/workflows/terrascan.yaml"]: Refreshing state... [id=tf-template/.github/workflows/terrascan.yaml]
module.template.github_repository_file.github[".github/workflows/commitlint.yaml"]: Refreshing state... [id=tf-template/.github/workflows/commitlint.yaml]
module.template.github_repository_file.github[".github/release.yml"]: Refreshing state... [id=tf-template/.github/release.yml]
module.template.github_repository_file.github[".github/workflows/conventional-labels.yaml"]: Refreshing state... [id=tf-template/.github/workflows/conventional-labels.yaml]
module.template.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOIPw-ls4ByDD8]
module.template.github_repository_file.github[".github/commitlint.config.js"]: Refreshing state... [id=tf-template/.github/commitlint.config.js]
module.template.github_repository_file.github[".github/dependabot.yml"]: Refreshing state... [id=tf-template/.github/dependabot.yml]
module.terraform-aws-k8s-addons-fluentbit.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGfsb-s4Bycvj]
module.terraform-aws-k8s-network.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGEz1n84Bycx1]
module.example.github_repository.repo: Refreshing state... [id=example]
module.example.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOIPxQ984ByDG5]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place

Terraform will perform the following actions:

  # module.template.github_repository_file.github[".github/commitlint.config.mjs"] will be created
  + resource "github_repository_file" "github" {
      + autocreate_branch_source_sha = (known after apply)
      + branch                       = "main"
      + commit_author                = "CI"
      + commit_email                 = "ci@opzkit.io"
      + commit_message               = "chore: update .github/commitlint.config.mjs"
      + commit_sha                   = (known after apply)
      + content                      = <<-EOT
            export default {
              extends: ['@commitlint/config-conventional'],
              /*
               * Any rules defined here will override rules from @commitlint/config-conventional
               */
              rules: {
                'body-max-line-length': [2, 'always', 200],
              },
            };
        EOT
      + file                         = ".github/commitlint.config.mjs"
      + id                           = (known after apply)
      + overwrite_on_create          = true
      + ref                          = (known after apply)
      + repository                   = "tf-template"
      + sha                          = (known after apply)
    }

  # module.template.github_repository_file.github[".github/dependabot.yml"] will be updated in-place
  ~ resource "github_repository_file" "github" {
        id                  = "tf-template/.github/dependabot.yml"
      ~ overwrite_on_create = false -> true
        # (10 unchanged attributes hidden)
    }

  # module.template.github_repository_file.github[".github/release.yml"] will be updated in-place
  ~ resource "github_repository_file" "github" {
        id                  = "tf-template/.github/release.yml"
      ~ overwrite_on_create = false -> true
        # (10 unchanged attributes hidden)
    }

  # module.template.github_repository_file.github[".github/workflows/build.yml"] will be updated in-place
  ~ resource "github_repository_file" "github" {
        id                  = "tf-template/.github/workflows/build.yml"
      ~ overwrite_on_create = false -> true
        # (10 unchanged attributes hidden)
    }

  # module.template.github_repository_file.github[".github/workflows/commitlint.yaml"] will be updated in-place
  ~ resource "github_repository_file" "github" {
        id                  = "tf-template/.github/workflows/commitlint.yaml"
      ~ overwrite_on_create = false -> true
        # (10 unchanged attributes hidden)
    }

  # module.template.github_repository_file.github[".github/workflows/conventional-labels.yaml"] will be updated in-place
  ~ resource "github_repository_file" "github" {
        id                  = "tf-template/.github/workflows/conventional-labels.yaml"
      ~ overwrite_on_create = false -> true
        # (10 unchanged attributes hidden)
    }

  # module.template.github_repository_file.github[".github/workflows/terrascan.yaml"] will be updated in-place
  ~ resource "github_repository_file" "github" {
        id                  = "tf-template/.github/workflows/terrascan.yaml"
      ~ overwrite_on_create = false -> true
        # (10 unchanged attributes hidden)
    }

  # module.terraform-aws-aurora-postgresql.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGMvXJQ"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-k8s.github_branch_protection.repo will be updated in-place
  ~ resource "github_branch_protection" "repo" {
        id                              = "BPR_kwDOGDcMAs4BycuE"
        # (10 unchanged attributes hidden)

      ~ required_status_checks {
          ~ contexts = [
              + "terrascan",
                # (2 unchanged elements hidden)
            ]
            # (1 unchanged attribute hidden)
        }

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-addons-external-dns.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
        id                          = "terraform-aws-k8s-addons-external-dns"
        name                        = "terraform-aws-k8s-addons-external-dns"
        # (36 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-addons-external-secrets-operator.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
        id                          = "terraform-aws-k8s-addons-external-secrets-operator"
        name                        = "terraform-aws-k8s-addons-external-secrets-operator"
        # (36 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-addons-grafana-agent-operator.github_branch_protection.repo will be updated in-place
  ~ resource "github_branch_protection" "repo" {
        id                              = "BPR_kwDOHIT5w84BycwF"
        # (10 unchanged attributes hidden)

      ~ required_status_checks {
          ~ contexts = [
              + "terrascan",
                # (2 unchanged elements hidden)
            ]
            # (1 unchanged attribute hidden)
        }

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-addons-grafana-agent-operator.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ archived                    = true -> false
        id                          = "terraform-aws-k8s-addons-grafana-agent-operator"
        name                        = "terraform-aws-k8s-addons-grafana-agent-operator"
      ~ vulnerability_alerts        = false -> true
      + web_commit_signoff_required = false
        # (34 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-network.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "MDEwOlJlcG9zaXRvcnk0MDc2OTY3OTk="
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-k8s-network.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
        id                          = "terraform-aws-k8s-network"
        name                        = "terraform-aws-k8s-network"
        # (36 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-kops-state-store.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGMvdvg"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-kops-state-store.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
        id                          = "terraform-aws-kops-state-store"
        name                        = "terraform-aws-kops-state-store"
        # (36 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 4 to add, 13 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pusher: @opzkit-renovate[bot], Action: pull_request, Working Directory: ``, Workflow: Terraform