Merge branch 'main' into fix-gh-bot-user-condition

mend · Dec 4, 2024 · 96467c4 · 96467c4
2 parents c478e55 + dc0fcee
commit 96467c4
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 2 deletions.
diff --git a/docs/read-only-fs.md b/docs/read-only-fs.md
@@ -0,0 +1,30 @@
+# Read-only File Systems
+
+Support for read-only file systems is available from version 9.0.0
+
+To test it, follow these steps:
+
+## Use the official release images:
+* Community: `ghcr.io/mend/renovate-ce:9.0.0`
+* Enterprise: `ghcr.io/mend/renovate-ee-server:9.0.0` and `ghcr.io/mend/renovate-ee-worker:9.0.0`
+
+## Run the images in read-only mode
+
+Set both the Server and Worker images to run with read-only file systems (e.g. `readOnlyRootFilesystem` in Kubernetes).
+
+## Map read-write volumes
+
+Ensure that the EE Server has a read-write `/tmp` volume.
+
+Ensure that the EE Worker has read-write `/tmp` and `/opt/containerbase` volumes.
+
+## Other volumes
+
+The main "risk" of a read-only FS for Renovate is that there are dozens of package managers that can be called, and those package managers can choose to write files into unexpected locations.
+
+When such cases are found, the best scenario is that the Renovate CLI can be enhanced to "coerce" managers into writing to `/tmp/renovate`, e.g. through the configuration of environment variables.
+However, it may also be feasible to selectively map files or folders as a stopgap solution (e.g. `/home/ubuntu/.some-manager`).
+
+## Testing and release
+
+The measure of success is that all packager managers succeed (e.g. at updating lock files) using the read-write volumes only.
diff --git a/docs/reporting-apis.md b/docs/reporting-apis.md
@@ -498,8 +498,9 @@ Note: Available only with Enterprise Edition. Returns no data when returned from
 ### Repo pull requests
 
 > [!IMPORTANT]  
-> 1. This API is available for GitHub repositories only.
+> 1. The `Repo pull request` API only works with GitHub repositories.
 > 2. Requires `RENOVATE_REPOSITORY_CACHE=enabled` set on Worker containers.
+> 3. If using S3 repo cache, the `RENOVATE_X_REPO_CACHE_FORCE_LOCAL` must be set on Worker containers.
 
 API: [GET] /api/repos/{org}/{repo}/-/pulls
 

diff --git a/helm-charts/mend-renovate-ce/values.yaml b/helm-charts/mend-renovate-ce/values.yaml
@@ -1,6 +1,6 @@
 image:
   repository: ghcr.io/mend/renovate-ce
-  tag: 8.6.0-full
+  tag: 8.7.0-full
   pullPolicy: IfNotPresent
 
 nameOverride: ""