-
Notifications
You must be signed in to change notification settings - Fork 2
137 lines (127 loc) · 5.35 KB
/
renovate.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: Renovate
on:
issues:
# Dependency Dashboard
types: [edited]
pull_request_target:
types:
# rebaseLabel
- labeled
# stopUpdatingLabel
- unlabeled
# PrControls
- edited
# ignore update
- closed
# Edited/Blocked
- synchronize
branches: ["main"]
push:
branches:
- "main"
# https://docs.renovatebot.com/config-validation/#validation-of-renovate-config-change-prs
- "renovate/reconfigure"
schedule:
# Run every 30 minutes:
- cron: "0,30 * * * *"
# This lets you dispatch a renovate job with different cache options if you want to reset or disable the cache manually.
workflow_dispatch:
inputs:
repoCache:
description: "Reset or disable the cache?"
type: choice
default: enabled
options:
- enabled
- disabled
- reset
permissions: {}
# Adding these as env variables makes it easy to re-use them in different steps and in bash.
env:
# This is the dir renovate provides -- if we set our own directory via cacheDir, we can run into permissions issues.
# It is also possible to cache a higher level of the directory, but it has minimal benefit. While renovate execution
# time gets faster, it also takes longer to upload the cache as it grows bigger.
# cache_dir: /tmp/renovate/cache/renovate/repository
cache_dir: /tmp/renovate/cache
# This can be manually changed to bust the cache if neccessary.
cache_key: renovate-cache
# tool versions
# renovate: datasource=docker depName=renovate packageName=ghcr.io/renovatebot/renovate
RENOVATE_VERSION: 37.399.8
jobs:
env:
runs-on: ubuntu-latest
outputs:
renovate_actor: "mazi-renovate[bot]"
dashboard_title: "Dependency Dashboard"
rebaseLabel: "rebase"
stopUpdatingLabel: "stop-updating"
steps:
- run: "exit 0"
renovate:
name: Renovate
needs: [env]
if: >-
${{
github.actor != needs.env.outputs.renovate_actor
&& (
(github.event.issue.title == needs.env.outputs.dashboard_title && github.event.issue.user.login == needs.env.outputs.renovate_actor)
|| (
github.event.pull_request.user.login == needs.env.outputs.renovate_actor
&& (
(github.event.action == 'labeled' && github.event.label.name == needs.env.outputs.rebaseLabel)
|| (github.event.action == 'unlabeled' && github.event.label.name == needs.env.outputs.stopUpdatingLabel)
|| contains(fromJSON('["edited", "closed", "synchronize"]'), github.event.action)
)
)
|| contains(fromJSON('["push", "schedule", "workflow_dispatch"]'), github.event_name)
)
}}
concurrency:
group: ${{ github.workflow }}
runs-on: ubuntu-latest
permissions:
actions: write
steps:
- uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
id: restore-cache
if: github.event.inputs.repoCache != 'disabled'
with:
key: ${{ env.cache_key }}
path: ${{ env.cache_dir }}
- run: sudo chown -R runneradmin:root /tmp/renovate/
continue-on-error: true
- name: Generate a token
id: generate_token
uses: actions/create-github-app-token@c8f55efbd427e7465d6da1106e7979bc8aaee856 # v1.10.1
with:
app-id: ${{ vars.MAZI_RENOVATE_APP_ID }}
private-key: ${{ secrets.MAZI_RENOVATE_PRIVATE_KEY }}
- uses: renovatebot/github-action@21d88b0bf0183abcee15f990011cca090dfc47dd # v40.1.12
with:
token: ${{ steps.generate_token.outputs.token }}
renovate-version: ${{ env.RENOVATE_VERSION }}
env-regex: "^(?:RENOVATE_\\w+|FORCE_COLOR|LOG_LEVEL)$"
env:
# This enables the cache -- if this is set, it's not necessary to add it to renovate.json.
RENOVATE_REPOSITORY_CACHE: ${{ github.event.inputs.repoCache || 'enabled' }}
RENOVATE_AUTODISCOVER: true # Renovate runs NOT only on this repository.
RENOVATE_AUTODISCOVER_FILTER: "${{ github.repository_owner }}/*"
RENOVATE_DEPENDENCY_DASHBOARD_FOOTER: "- [ ] <!-- manual job -->Check this box to trigger a request for Renovate to run again on this repository"
RENOVATE_PLATFORM_COMMIT: true
FORCE_COLOR: 3 # chalk.supportsColor
LOG_LEVEL: debug
RENOVATE_PR_FOOTER: "This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate/tree/${{ env.RENOVATE_VERSION }}). - [View logs](${{ github.event.repository.html_url }}/actions/runs/${{ github.run_id }})" # override
- run: tree -L 5 -h --du -F "${cache_dir}"
- name: delete old cache
if: github.event.inputs.repoCache != 'disabled' && github.ref_name == github.event.repository.default_branch
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
run: gh cache delete ${{ steps.restore-cache.outputs.cache-primary-key }}
continue-on-error: true
- uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
if: github.event.inputs.repoCache != 'disabled' && github.ref_name == github.event.repository.default_branch
with:
key: ${{ steps.restore-cache.outputs.cache-primary-key }}
path: ${{ env.cache_dir }}