-
Notifications
You must be signed in to change notification settings - Fork 2
138 lines (127 loc) · 4.88 KB
/
renovate.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
name: Renovate
on:
issues:
# Dependency Dashboard
types: [edited]
pull_request_target:
types:
# rebaseLabel
- labeled
# stopUpdatingLabel
- unlabeled
# PrControls
- edited
# ignore update
- closed
# Edited/Blocked
- synchronize
branches: ["main"]
push:
branches:
- "main"
# https://docs.renovatebot.com/config-validation/#validation-of-renovate-config-change-prs
- "renovate/reconfigure"
schedule:
# Run every 30 minutes:
- cron: "0,30 * * * *"
# This lets you dispatch a renovate job with different cache options if you want to reset or disable the cache manually.
workflow_dispatch:
inputs:
repoCache:
description: "Reset or disable the cache?"
type: choice
default: enabled
options:
- enabled
- disabled
- reset
permissions: {}
# Adding these as env variables makes it easy to re-use them in different steps and in bash.
env:
# This is the dir renovate provides -- if we set our own directory via cacheDir, we can run into permissions issues.
# It is also possible to cache a higher level of the directory, but it has minimal benefit. While renovate execution
# time gets faster, it also takes longer to upload the cache as it grows bigger.
# cache_dir: /tmp/renovate/cache/renovate/repository
cache_dir: /tmp/renovate/cache
# This can be manually changed to bust the cache if neccessary.
cache_key: renovate-cache
# tool versions
# renovate: datasource=docker depName=renovate packageName=ghcr.io/renovatebot/renovate pinDigests=false
RENOVATE_VERSION: 37.368.8
jobs:
env:
runs-on: ubuntu-latest
outputs:
renovate_actor: "mazi-renovate[bot]"
dashboard_title: "Dependency Dashboard"
rebaseLabel: "rebase"
stopUpdatingLabel: "stop-updating"
steps:
- run: ""
renovate:
name: Renovate
needs: [env]
if: >-
${{
github.actor != needs.env.outputs.renovate_actor
&& (
(github.event.issue.title == needs.env.outputs.dashboard_title && github.event.issue.user.login == needs.env.outputs.renovate_actor)
|| (
github.event.pull_request.user.login == needs.env.outputs.renovate_actor
&& (
(github.event.action == 'labeled' && github.event.label.name == needs.env.outputs.rebaseLabel)
|| (github.event.action == 'unlabeled' && github.event.label.name == needs.env.outputs.stopUpdatingLabel)
|| contains(fromJSON('["edited", "closed", "synchronize"]'), github.event.action)
)
)
|| contains(fromJSON('["push", "schedule"]'), github.event_name)
)
}}
concurrency:
group: ${{ github.workflow }}
runs-on: ubuntu-latest
permissions:
actions: write
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
id: restore-cache
if: github.event.inputs.repoCache != 'disabled'
with:
key: ${{ env.cache_key }}
path: ${{ env.cache_dir }}
- run: sudo chown -R runneradmin:root /tmp/renovate/
continue-on-error: true
- name: Generate a token
id: generate_token
uses: actions/create-github-app-token@a0de6af83968303c8c955486bf9739a57d23c7f1 # v1.10.0
with:
app-id: ${{ vars.MAZI_RENOVATE_APP_ID }}
private-key: ${{ secrets.MAZI_RENOVATE_PRIVATE_KEY }}
- uses: renovatebot/github-action@063e0c946b9c1af35ef3450efc44114925d6e8e6 # v40.1.11
with:
configurationFile: .github/renovate.json5
token: ${{ steps.generate_token.outputs.token }}
renovate-version: ${{ env.RENOVATE_VERSION }}
env-regex: "^(?:RENOVATE_\\w+|LOG_LEVEL|FORCE_COLOR)$"
env:
# This enables the cache -- if this is set, it's not necessary to add it to renovate.json.
RENOVATE_REPOSITORY_CACHE: ${{ github.event.inputs.repoCache || 'enabled' }}
RENOVATE_AUTODISCOVER: true
RENOVATE_AUTODISCOVER_FILTER: "${{ github.repository }}"
RENOVATE_PLATFORM_COMMIT: true
FORCE_COLOR: 3 # chalk.supportsColor
LOG_LEVEL: debug
- name: delete old cache
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
run: gh cache delete ${{ steps.restore-cache.outputs.cache-primary-key }}
continue-on-error: true
- run: tree -L 6 -h --du -F /tmp/renovate
continue-on-error: true
- uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
if: github.event.inputs.repoCache != 'disabled'
with:
key: ${{ steps.restore-cache.outputs.cache-primary-key }}
path: ${{ env.cache_dir }}