-
Notifications
You must be signed in to change notification settings - Fork 0
133 lines (123 loc) · 4.72 KB
/
renovate.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: Renovate
on:
issues:
# Dependency Dashboard
types: [edited]
pull_request_target:
types:
# rebaseLabel
- labeled
# stopUpdatingLabel
- unlabeled
# PrControls
- edited
# ignore update
- closed
# Edited/Blocked
- synchronize
branches: ["main"]
push:
branches:
- "main"
# https://docs.renovatebot.com/config-validation/#validation-of-renovate-config-change-prs
- "renovate/reconfigure"
schedule:
# Run every 30 minutes:
- cron: "0,30 * * * *"
# This lets you dispatch a renovate job with different cache options if you want to reset or disable the cache manually.
workflow_dispatch:
inputs:
repoCache:
description: "Reset or disable the cache?"
type: choice
default: enabled
options:
- enabled
- disabled
- reset
permissions: {}
# Adding these as env variables makes it easy to re-use them in different steps and in bash.
env:
# This is the dir renovate provides
cache_dir: /tmp/renovate/cache
# This can be manually changed to bust the cache if neccessary.
cache_key: renovate-cache
# tool versions
# renovate: datasource=docker depName=renovate packageName=ghcr.io/renovatebot/renovate
RENOVATE_VERSION: 37.377.4
jobs:
env:
runs-on: ubuntu-latest
outputs:
renovate_actor: "mazi-renovate[bot]"
dashboard_title: "Dependency Dashboard"
rebaseLabel: "rebase"
stopUpdatingLabel: "stop-updating"
steps:
- run: ""
renovate:
name: Renovate
needs: [env]
if: >-
${{
github.actor != needs.env.outputs.renovate_actor
&& (
(github.event.issue.title == needs.env.outputs.dashboard_title && github.event.issue.user.login == needs.env.outputs.renovate_actor)
|| (
github.event.pull_request.user.login == needs.env.outputs.renovate_actor
&& (
(github.event.action == 'labeled' && github.event.label.name == needs.env.outputs.rebaseLabel)
|| (github.event.action == 'unlabeled' && github.event.label.name == needs.env.outputs.stopUpdatingLabel)
|| contains(fromJSON('["edited", "closed", "synchronize"]'), github.event.action)
)
)
|| contains(fromJSON('["push", "schedule", "workflow_dispatch"]'), github.event_name)
)
}}
concurrency:
group: ${{ github.workflow }}
runs-on: ubuntu-latest
permissions:
actions: write
steps:
- uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
id: restore-cache
if: github.event.inputs.repoCache != 'disabled'
with:
key: ${{ env.cache_key }}
path: ${{ env.cache_dir }}
- run: sudo chown -R runneradmin:root /tmp/renovate/
continue-on-error: true
- name: Generate a token
id: generate_token
uses: actions/create-github-app-token@a0de6af83968303c8c955486bf9739a57d23c7f1 # v1.10.0
with:
app-id: ${{ vars.MAZI_RENOVATE_APP_ID }}
private-key: ${{ secrets.MAZI_RENOVATE_PRIVATE_KEY }}
- uses: renovatebot/github-action@063e0c946b9c1af35ef3450efc44114925d6e8e6 # v40.1.11
with:
token: ${{ steps.generate_token.outputs.token }}
renovate-version: ${{ env.RENOVATE_VERSION }}
env-regex: "^(?:RENOVATE_\\w+|FORCE_COLOR|LOG_LEVEL)$"
env:
# This enables the cache -- if this is set, it's not necessary to add it to renovate.json.
RENOVATE_REPOSITORY_CACHE: ${{ github.event.inputs.repoCache || 'enabled' }}
RENOVATE_AUTODISCOVER: true
RENOVATE_AUTODISCOVER_FILTER: "${{ github.repository }}"
RENOVATE_DEPENDENCY_DASHBOARD_FOOTER: "- [ ] <!-- manual job -->Check this box to trigger a request for Renovate to run again on this repository"
RENOVATE_PLATFORM_COMMIT: true
FORCE_COLOR: 3 # chalk.supportsColor
LOG_LEVEL: debug
- run: tree -L 5 -h --du -F "${cache_dir}"
- name: delete old cache
if: github.event.inputs.repoCache != 'disabled' && github.ref_name == github.event.repository.default_branch
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
run: gh cache delete ${{ steps.restore-cache.outputs.cache-primary-key }}
continue-on-error: true
- uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
if: github.event.inputs.repoCache != 'disabled' && github.ref_name == github.event.repository.default_branch
with:
key: ${{ steps.restore-cache.outputs.cache-primary-key }}
path: ${{ env.cache_dir }}