chore(deps): refresh pip-compile outputs

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
ci(e2e): pin emulator versions and fix Azurite compatibility (#725 )
2026-03-10 12:42:20 +01:00 · 2026-01-13 09:00:45 +00:00 · 2026-01-13 09:54:30 +01:00 · 2026-01-12 14:19:00 +01:00 · 2026-01-10 16:08:17 +01:00 · 2026-01-10 16:03:47 +01:00
13 changed files with 74 additions and 40 deletions
--- a/.github/workflows/barman-base-image.yml
+++ b/.github/workflows/barman-base-image.yml
@ -27,7 +27,7 @@ jobs:
      - name: Install Dagger
        env:
          # renovate: datasource=github-tags depName=dagger/dagger versioning=semver
-          DAGGER_VERSION: 0.19.8
+          DAGGER_VERSION: 0.19.9
        run: |
          curl -L https://dl.dagger.io/dagger/install.sh | BIN_DIR=$HOME/.local/bin sh
      - name: Publish a barman-base
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -44,7 +44,7 @@ jobs:
      - name: Install Dagger
        env:
          # renovate: datasource=github-tags depName=dagger/dagger versioning=semver
-          DAGGER_VERSION: 0.19.8
+          DAGGER_VERSION: 0.19.9
        run: |
          curl -L https://dl.dagger.io/dagger/install.sh | BIN_DIR=$HOME/.local/bin sh
      - name: Run CI task
--- a/.github/workflows/release-please.yml
+++ b/.github/workflows/release-please.yml
@ -31,7 +31,7 @@ jobs:
      - name: Install Dagger
        env:
          # renovate: datasource=github-tags depName=dagger/dagger versioning=semver
-          DAGGER_VERSION: 0.19.8
+          DAGGER_VERSION: 0.19.9
        run: |
          curl -L https://dl.dagger.io/dagger/install.sh | BIN_DIR=$HOME/.local/bin sh
      - name: Create image and manifest
--- a/.github/workflows/release-publish.yml
+++ b/.github/workflows/release-publish.yml
@ -21,7 +21,7 @@ jobs:
      - name: Install Dagger
        env:
          # renovate: datasource=github-tags depName=dagger/dagger versioning=semver
-          DAGGER_VERSION: 0.19.8
+          DAGGER_VERSION: 0.19.9
        run: |
          curl -L https://dl.dagger.io/dagger/install.sh | BIN_DIR=$HOME/.local/bin sh
      - name: Create image and manifest
--- a/Taskfile.yml
+++ b/Taskfile.yml
@ -85,9 +85,13 @@ tasks:
    env:
      # renovate: datasource=git-refs depName=crd-gen-refs lookupName=https://github.com/cloudnative-pg/daggerverse currentValue=main
      DAGGER_CRDGENREF_SHA: ee59e34a99940e45f87a16177b1d640975b05b74
+      # renovate: datasource=go depName=github.com/elastic/crd-ref-docs
+      CRDREFDOCS_VERSION: v0.2.0
    cmds:
      - >
-        GITHUB_REF= dagger -s call -m github.com/cloudnative-pg/daggerverse/crd-ref-docs@${DAGGER_CRDGENREF_SHA} generate
+        GITHUB_REF= dagger -s call -m github.com/cloudnative-pg/daggerverse/crd-ref-docs@${DAGGER_CRDGENREF_SHA}
+        --version ${CRDREFDOCS_VERSION}
+        generate
        --src .
        --source-path api/v1
        --config-file hack/crd-gen-refs/config.yaml
@ -202,7 +206,7 @@ tasks:
      - start-build-network
    vars:
      # renovate: datasource=github-tags depName=dagger/dagger versioning=semver
-      DAGGER_VERSION: 0.19.8
+      DAGGER_VERSION: 0.19.9
      DAGGER_ENGINE_IMAGE: registry.dagger.io/engine:v{{ .DAGGER_VERSION }}
    cmds:
      - >
--- a/containers/sidecar-requirements.in
+++ b/containers/sidecar-requirements.in
@ -1,3 +1,3 @@
-barman[azure,cloud,google,snappy,zstandard,lz4]==3.16.2
+barman[azure,cloud,google,snappy,zstandard,lz4]==3.17.0
 setuptools==80.9.0
 zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability
--- a/containers/sidecar-requirements.txt
+++ b/containers/sidecar-requirements.txt
@ -4,9 +4,9 @@
 #
 #    pip-compile --allow-unsafe --generate-hashes --output-file=sidecar-requirements.txt --strip-extras sidecar-requirements.in
 #
-azure-core==1.37.0 \
-    --hash=sha256:7064f2c11e4b97f340e8e8c6d923b822978be3016e46b7bc4aa4b337cfb48aee \
-    --hash=sha256:b3abe2c59e7d6bb18b38c275a5029ff80f98990e7c90a5e646249a56630fcc19
+azure-core==1.38.0 \
+    --hash=sha256:8194d2682245a3e4e3151a667c686464c3786fed7918b394d035bdcd61bb5993 \
+    --hash=sha256:ab0c9b2cd71fecb1842d52c965c95285d3cfb38902f6766e4a471f1cd8905335
    # via
    #   azure-identity
    #   azure-storage-blob
@ -18,17 +18,17 @@ azure-storage-blob==12.28.0 \
    --hash=sha256:00fb1db28bf6a7b7ecaa48e3b1d5c83bfadacc5a678b77826081304bd87d6461 \
    --hash=sha256:e7d98ea108258d29aa0efbfd591b2e2075fa1722a2fae8699f0b3c9de11eff41
    # via barman
-barman==3.16.2 \
-    --hash=sha256:0549f451a1b928647c75c5a2977526233ad7a976bb83e9a4379c33ce61443515 \
-    --hash=sha256:ab0c6f4f5cfc0cc12b087335bdd5def2edbca32bc1bf553cc5a9e78cd83df43a
+barman==3.17.0 \
+    --hash=sha256:07b033da14e72f103de44261c31bd0c3169bbb2e4de3481c6bb3510e9870d38e \
+    --hash=sha256:d6618990a6dbb31af3286d746a278a038534b7e3cc617c2b379ef7ebdeb7ed5a
    # via -r sidecar-requirements.in
-boto3==1.42.24 \
-    --hash=sha256:8ed6ad670a5a2d7f66c1b0d3362791b48392c7a08f78479f5d8ab319a4d9118f \
-    --hash=sha256:c47a2f40df933e3861fc66fd8d6b87ee36d4361663a7e7ba39a87f5a78b2eae1
+boto3==1.42.26 \
+    --hash=sha256:0fbcf1922e62d180f3644bc1139425821b38d93c1e6ec27409325d2ae86131aa \
+    --hash=sha256:f116cfbe7408e0a9153da363f134d2f1b5008f17ee86af104f0ce59a62be1833
    # via barman
-botocore==1.42.24 \
-    --hash=sha256:8fca9781d7c84f7ad070fceffaff7179c4aa7a5ffb27b43df9d1d957801e0a8d \
-    --hash=sha256:be8d1bea64fb91eea08254a1e5fea057e4428d08e61f4e11083a02cafc1f8cc6
+botocore==1.42.26 \
+    --hash=sha256:1c8855e3e811f015d930ccfe8751d4be295aae0562133d14b6f0b247cd6fd8d3 \
+    --hash=sha256:71171c2d09ac07739f4efce398b15a4a8bc8769c17fb3bc99625e43ed11ad8b7
    # via
    #   boto3
    #   s3transfer
@ -587,17 +587,17 @@ proto-plus==1.27.0 \
    --hash=sha256:1baa7f81cf0f8acb8bc1f6d085008ba4171eaf669629d1b6d1673b21ed1c0a82 \
    --hash=sha256:873af56dd0d7e91836aee871e5799e1c6f1bda86ac9a983e0bb9f0c266a568c4
    # via google-api-core
-protobuf==6.33.2 \
-    --hash=sha256:1f8017c48c07ec5859106533b682260ba3d7c5567b1ca1f24297ce03384d1b4f \
-    --hash=sha256:2981c58f582f44b6b13173e12bb8656711189c2a70250845f264b877f00b1913 \
-    --hash=sha256:56dc370c91fbb8ac85bc13582c9e373569668a290aa2e66a590c2a0d35ddb9e4 \
-    --hash=sha256:7109dcc38a680d033ffb8bf896727423528db9163be1b6a02d6a49606dcadbfe \
-    --hash=sha256:7636aad9bb01768870266de5dc009de2d1b936771b38a793f73cbbf279c91c5c \
-    --hash=sha256:87eb388bd2d0f78febd8f4c8779c79247b26a5befad525008e49a6955787ff3d \
-    --hash=sha256:8cd7640aee0b7828b6d03ae518b5b4806fdfc1afe8de82f79c3454f8aef29872 \
-    --hash=sha256:b5d3b5625192214066d99b2b605f5783483575656784de223f00a8d00754fc0e \
-    --hash=sha256:d9b19771ca75935b3a4422957bc518b0cecb978b31d1dd12037b088f6bcc0e43 \
-    --hash=sha256:fc2a0e8b05b180e5fc0dd1559fe8ebdae21a27e81ac77728fb6c42b12c7419b4
+protobuf==6.33.4 \
+    --hash=sha256:0f12ddbf96912690c3582f9dffb55530ef32015ad8e678cd494312bd78314c4f \
+    --hash=sha256:1fe3730068fcf2e595816a6c34fe66eeedd37d51d0400b72fabc848811fdc1bc \
+    --hash=sha256:2fe67f6c014c84f655ee06f6f66213f9254b3a8b6bda6cda0ccd4232c73c06f0 \
+    --hash=sha256:3df850c2f8db9934de4cf8f9152f8dc2558f49f298f37f90c517e8e5c84c30e9 \
+    --hash=sha256:757c978f82e74d75cba88eddec479df9b99a42b31193313b75e492c06a51764e \
+    --hash=sha256:8f11ffae31ec67fc2554c2ef891dcb561dae9a2a3ed941f9e134c2db06657dbc \
+    --hash=sha256:918966612c8232fc6c24c78e1cd89784307f5814ad7506c308ee3cf86662850d \
+    --hash=sha256:955478a89559fa4568f5a81dce77260eabc5c686f9e8366219ebd30debf06aa6 \
+    --hash=sha256:c7c64f259c618f0bef7bee042075e390debbf9682334be2b67408ec7c1c09ee6 \
+    --hash=sha256:dc2e61bca3b10470c1912d166fe0af67bfc20eb55971dcef8dfa48ce14f0ed91
    # via
    #   google-api-core
    #   googleapis-common-protos
--- a/go.mod
+++ b/go.mod
@ -22,7 +22,7 @@ require (
 	k8s.io/apiextensions-apiserver v0.35.0
 	k8s.io/apimachinery v0.35.0
 	k8s.io/client-go v0.35.0
-	k8s.io/utils v0.0.0-20251222233032-718f0e51e6d2
+	k8s.io/utils v0.0.0-20260108192941-914a6e750570
 	sigs.k8s.io/controller-runtime v0.22.4
 	sigs.k8s.io/kustomize/api v0.21.0
 	sigs.k8s.io/kustomize/kyaml v0.21.0
--- a/go.sum
+++ b/go.sum
@ -326,8 +326,8 @@ k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20251125145642-4e65d59e963e h1:iW9ChlU0cU16w8MpVYjXk12dqQ4BPFBEgif+ap7/hqQ=
 k8s.io/kube-openapi v0.0.0-20251125145642-4e65d59e963e/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ=
-k8s.io/utils v0.0.0-20251222233032-718f0e51e6d2 h1:OfgiEo21hGiwx1oJUU5MpEaeOEg6coWndBkZF/lkFuE=
-k8s.io/utils v0.0.0-20251222233032-718f0e51e6d2/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk=
+k8s.io/utils v0.0.0-20260108192941-914a6e750570 h1:JT4W8lsdrGENg9W+YwwdLJxklIuKWdRm+BC+xt33FOY=
+k8s.io/utils v0.0.0-20260108192941-914a6e750570/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.33.0 h1:qPrZsv1cwQiFeieFlRqT627fVZ+tyfou/+S5S0H5ua0=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.33.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw=
 sigs.k8s.io/controller-runtime v0.22.4 h1:GEjV7KV3TY8e+tJ2LCTxUTanW4z/FmNB7l327UfMq9A=
--- a/renovate.json5
+++ b/renovate.json5
@ -11,6 +11,17 @@
  ],
  rebaseWhen: 'never',
  prConcurrentLimit: 5,
+  // Override default ignorePaths to scan test/e2e for emulator image dependencies
+  // Removed: '**/test/**'
+  ignorePaths: [
+    '**/node_modules/**',
+    '**/bower_components/**',
+    '**/vendor/**',
+    '**/examples/**',
+    '**/__tests__/**',
+    '**/tests/**',
+    '**/__fixtures__/**',
+  ],
  lockFileMaintenance: {
    enabled: true,
  },
@ -28,7 +39,7 @@
    {
      customType: 'regex',
      managerFilePatterns: [
-        '/(^Taskfile\\.yml$)/',
+        '/(^|/)Taskfile\\.yml$/',
      ],
      matchStrings: [
        '# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[^\\s]+?))?(?: extractVersion=(?<extractVersion>[^\\s]+?))?(?: currentValue=(?<currentValue>[^\\s]+?))?\\s+[A-Za-z0-9_]+?_SHA\\s*:\\s*["\']?(?<currentDigest>[a-f0-9]+?)["\']?\\s',
@ -38,7 +49,16 @@
    {
      customType: 'regex',
      managerFilePatterns: [
-        '/(^docs/config\\.yaml$)/',
+        '/\\.go$/',
+      ],
+      matchStrings: [
+        '//\\s*renovate:\\s*datasource=(?<datasource>[a-z-.]+?)\\s+depName=(?<depName>[^\\s]+?)(?:\\s+versioning=(?<versioning>[^\\s]+?))?\\s*\\n\\s*//\\s*Version:\\s*(?<currentValue>[^\\s]+?)\\s*\\n\\s*Image:\\s*"[^@]+@(?<currentDigest>sha256:[a-f0-9]+)"',
+      ],
+    },
+    {
+      customType: 'regex',
+      managerFilePatterns: [
+        '/(^|/)docs/config\\.yaml$/',
      ],
      matchStrings: [
        '# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[^\\s]+?))?(?: extractVersion=(?<extractVersion>[^\\s]+?))?\\s+kubernetesVersion:\\s*["\']?(?<currentValue>.+?)["\']?\\s',
--- a/test/e2e/internal/objectstore/azurite.go
+++ b/test/e2e/internal/objectstore/azurite.go
@ -71,8 +71,15 @@ func newAzuriteDeployment(namespace, name string) *appsv1.Deployment {
 					Containers: []corev1.Container{
 						{
 							Name: name,
-							// TODO: renovate the image
-							Image: "mcr.microsoft.com/azure-storage/azurite",
+							// renovate: datasource=docker depName=mcr.microsoft.com/azure-storage/azurite versioning=docker
+							// Version: 3.35.0
+							Image: "mcr.microsoft.com/azure-storage/azurite@sha256:647c63a91102a9d8e8000aab803436e1fc85fbb285e7ce830a82ee5d6661cf37",
+							Args: []string{
+								"azurite-blob",
+								"--blobHost",
+								"0.0.0.0",
+								"--skipApiVersionCheck",
+							},
 							Ports: []corev1.ContainerPort{
 								{
 									ContainerPort: 10000,
--- a/test/e2e/internal/objectstore/fakegcsserver.go
+++ b/test/e2e/internal/objectstore/fakegcsserver.go
@ -71,7 +71,9 @@ func newGCSDeployment(namespace, name string) *appsv1.Deployment {
 					Containers: []corev1.Container{
 						{
 							Name:  name,
-							Image: "fsouza/fake-gcs-server:latest",
+							// renovate: datasource=docker depName=fsouza/fake-gcs-server versioning=docker
+							// Version: 1.52.3
+							Image: "fsouza/fake-gcs-server@sha256:666f86b873120818b10a5e68d99401422fcf8b00c1f27fe89599c35236f48b4c",
 							Ports: []corev1.ContainerPort{
 								{
 									ContainerPort: 4443,
--- a/test/e2e/internal/objectstore/minio.go
+++ b/test/e2e/internal/objectstore/minio.go
@ -71,8 +71,9 @@ func newMinioDeployment(namespace, name string) *appsv1.Deployment {
 					Containers: []corev1.Container{
 						{
 							Name: name,
-							// TODO: renovate the image
-							Image: "minio/minio:latest",
+							// renovate: datasource=docker depName=minio/minio versioning=docker
+							// Version: RELEASE.2025-09-07T16-13-09Z
+							Image: "minio/minio@sha256:14cea493d9a34af32f524e538b8346cf79f3321eff8e708c1e2960462bd8936e",
 							Args:  []string{"server", "/data"},
 							Ports: []corev1.ContainerPort{
 								{
Author	SHA1	Message	Date
renovate[bot]	cd538806f5	chore(deps): refresh pip-compile outputs Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-01-13 09:00:45 +00:00
Marco Nenciarini	5bc006b035	ci(e2e): pin emulator versions and fix Azurite compatibility (#725 ) Some checks failed release-please / release-please (push) Failing after 2s Details Pin all e2e test emulator images to specific SHA256 digests to ensure immutability and prevent unexpected breakage from upstream changes. The three emulators (Azurite for Azure, MinIO for S3, and fake-gcs-server for GCS) were previously using the :latest tag, which could cause test failures when new versions with breaking changes or bugs were released. Using SHA256 digests instead of version tags provides immutability (ensures we always pull the exact same image), transparency (easy to verify what's running via digest comparison), and Renovate compatibility (can still track and propose updates). All pinned SHAs match the current :latest tag, confirming we're using the same images that were previously tested. Updated Renovate configuration to track digest-based updates while preserving version information in comments for human readability. Fixed Renovate to scan test directories and handle multi-line regex patterns for .go files. Also fixed Azurite compatibility issue by adding the --skipApiVersionCheck flag. Tests were failing because the PostgreSQL container images install Python dependencies without version pinning, which resulted in azure-storage-blob 12.28.0 (released January 6, 2026) being installed. This version uses API version 2026-02-06 which Azurite 3.35.0 doesn't support yet. The flag allows Azurite to accept any API version in the test environment. Note that MinIO is now in maintenance mode and will not receive further updates, but it has been included for completeness. Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>	2026-01-13 09:54:30 +01:00
Marco Nenciarini	4f5b407c0f	ci(docs): pin crd-ref-docs version to avoid upstream changes (#724 ) Some checks failed release-please / release-please (push) Failing after 3s Details Pin crd-ref-docs to v0.2.0 (latest stable release) instead of using the master branch. This prevents issues from upstream changes and provides better control over when to adopt new versions. Configure Renovate to automatically track and update the version, allowing us to review and test changes before merging. Closes #722 Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>	2026-01-12 14:19:00 +01:00
renovate[bot]	b3bcf6d9c1	fix(deps): update k8s.io/utils digest to 914a6e7 (#715 ) Some checks failed release-please / release-please (push) Failing after 2s Details Barman Base Image / build (push) Failing after 2s Details Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-01-10 16:08:17 +01:00
renovate[bot]	757ca11304	chore(deps): update dependency dagger/dagger to v0.19.9 (#718 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-01-10 16:03:47 +01:00
renovate[bot]	31acf7ce0f	chore(deps): update dependency barman to v3.17.0 (#720 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-01-10 16:01:49 +01:00