Uniform tag and version indicated in releases

[EmyLIEUTAUD]

What would you like to be added:
When we import syft into our projects via the .tar.gz package for example, the version is indicated in 2 places in a different format (with and without the v):
https://github.com/anchore/syft/releases/download/v0.60.3/syft_0.60.3_linux_amd64.tar.gz
It would be useful to standardize the tags with the versions indicated in the package names: put the "v" nowhere or everywhere.

Why is this needed:
If Renovate can't automatically identify a dependency, it needs to be told so via a regex. In this regex, we need to specify where the version is located. This poses a problem when 2 versions in the same package have a different format. It therefore fails to update the dependency correctly.
Thanks to this standardization, it would be able to correctly modify the version in both places.

[tgerla]

Hi @EmyLIEUTAUD, thanks for filing the issue. We aren't familiar with Renovate over here. We would prefer not to change our url scheme at this point, but we'd be happy to help you find a suitable workaround. Perhaps just include the "v" character in your template, something like this:

https://github.com/whatever/v${VERSION}/syft_${VERSION}_linux_amd64.tar.gz

...and then set VERSION=0.60.3

Please feel free to share some more details and we might be able to help with a good workaround.

[EmyLIEUTAUD]

Hi !

I already tried with the "v" exclude from the version but when Renovate find the new version, it add a "v" in front of the 2 versions, which will not work.

With an environment variable to have only one place with the version, it's normally possible but I need a GitHub token to be able to find the new version directly on GitHub without passing by Artifactory, which is not what I want.

Maybe we will find another solution, or wait for an uniformization of the version and tag for the release, or an update on Renovate side to be able to identify 2 different versions into a same dependency.

Thanks anyway !