Skip to content

Commit

Permalink
ci: renovate
Browse files Browse the repository at this point in the history
  • Loading branch information
Mogyuchi committed Apr 21, 2024
1 parent 2209f67 commit f1ba41c
Showing 1 changed file with 102 additions and 0 deletions.
102 changes: 102 additions & 0 deletions .github/workflows/renovate.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
name: Renovate
on:
push:
branches: ["main"]
# This lets you dispatch a renovate job with different cache options if you want to reset or disable the cache manually.
workflow_dispatch:
inputs:
repoCache:
description: "Reset or disable the cache?"
type: choice
default: enabled
options:
- enabled
- disabled
- reset
schedule:
# Run every 30 minutes:
- cron: "0,30 * * * *"

# Adding these as env variables makes it easy to re-use them in different steps and in bash.
env:
cache_archive: renovate_cache.tar.gz
# This is the dir renovate provides -- if we set our own directory via cacheDir, we can run into permissions issues.
# It is also possible to cache a higher level of the directory, but it has minimal benefit. While renovate execution
# time gets faster, it also takes longer to upload the cache as it grows bigger.
cache_dir: /tmp/renovate/cache/renovate/repository
# This can be manually changed to bust the cache if neccessary.
cache_key: renovate-cache
# tool versions
RENOVATE_VERSION: 37.313.1 # renovate: datasource=docker depName=renovate packageName=ghcr.io/renovatebot/renovate

jobs:
renovate:
name: Renovate
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

# This third party action allows you to download the cache artifact from different workflow runs
# Note that actions/cache doesn't work well because the cache key would need to be computed from
# a file within the cache, meaning there would never be any data to restore. With other keys, the
# cache wouldn't necessarily upload when it changes. actions/download-artifact also doesn't work
# because it only handles artifacts uploaded in the same run, and we want to restore from the
# previous successful run.
- uses: dawidd6/action-download-artifact@v2
if: github.event.inputs.repoCache != 'disabled'
continue-on-error: true
with:
name: ${{ env.cache_key }}
path: cache-download

# Using tar to compress and extract the archive isn't strictly necessary, but it can improve
# performance significantly when uploading artifacts with lots of files.
- name: Extract renovate cache
run: |
set -x
# Skip if no cache is set, such as the first time it runs.
if [ ! -d cache-download ] ; then
echo "No cache found."
exit 0
fi
# Make sure the directory exists, and extract it there. Note that it's nested in the download directory.
mkdir -p $cache_dir
tar -xzf cache-download/$cache_archive -C $cache_dir
sudo chown -R runneradmin:root /tmp/renovate/
ls -R $cache_dir
- name: Generate a token
id: generate_token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.MAZI_RENOVATE_APP_ID }}
private-key: ${{ secrets.MAZI_RENOVATE_PRIVATE_KEY }}

- uses: renovatebot/github-action@78bdcb3bffa5e95e646183ca0a2ac2895abd6a20 # v40.1.3
with:
configurationFile: .github/renovate.json
token: ${{ steps.generate_token.outputs.token }}
renovate-version: ${{ env.RENOVATE_VERSION }}
env:
# This enables the cache -- if this is set, it's not necessary to add it to renovate.json.
RENOVATE_REPOSITORY_CACHE: ${{ github.event.inputs.repoCache || 'enabled' }}
LOG_LEVEL: ${{ vars.LOG_LEVEL }}
RENOVATE_AUTODISCOVER: true
RENOVATE_AUTODISCOVER_FILTER: "${{ github.repository }}"

# Compression helps performance in the upload step!
- name: Compress renovate cache
run: |
ls $cache_dir
# The -C is important -- otherwise we end up extracting the files with
# their full path, ultimately leading to a nested directory situation.
# To solve *that*, we'd have to extract to root (/), which isn't safe.
tar -czvf $cache_archive -C $cache_dir .
- uses: actions/upload-artifact@v3
if: github.event.inputs.repoCache != 'disabled'
with:
name: ${{ env.cache_key }}
path: ${{ env.cache_archive }}
# Since this is updated and restored on every run, we don't need to keep it
# for long. Just make sure this value is large enough that multiple renovate
# runs can happen before older cache archives are deleted.
retention-days: 1

0 comments on commit f1ba41c

Please sign in to comment.