Renovate #44484
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# yoinked from onedr0p and modified | |
# info in comments is accurate as of 2023-11-25 | |
name: "Renovate" | |
on: | |
workflow_call: | |
workflow_dispatch: | |
inputs: | |
dryRun: | |
description: Dry-Run | |
default: "false" | |
required: false | |
logLevel: | |
description: Log-Level | |
default: debug | |
required: false | |
paths: | |
description: Paths to run Renovate on. Comma separated without spaces for multiple. | |
required: false | |
managers: | |
description: Managers that Renovate should use. Comma separated without spaces for multiple. | |
required: false | |
schedule: | |
- cron: "0 * * * *" # every hour | |
push: | |
branches: ["main"] | |
paths: | |
- renovate.json5 | |
- .renovaterc.json5 | |
- .renovate/** | |
- .github/renovate** | |
- .github/workflows/renovate.yaml | |
env: | |
LOG_LEVEL: debug | |
RENOVATE_DRY_RUN: false | |
RENOVATE_PLATFORM: "github" | |
RENOVATE_PLATFORM_COMMIT: "true" | |
# for those forking: set your own secrets in your GitHub repo settings before running | |
RENOVATE_AUTODISCOVER: true | |
RENOVATE_AUTODISCOVER_FILTER: "${{ github.repository }}" # this is to prevent forks from running Renovate against upstream repo | |
RENOVATE_USERNAME: "${{ secrets.BOT_USERNAME }}[bot]" | |
RENOVATE_GIT_AUTHOR: "${{ secrets.BOT_USERNAME }} <${{ secrets.BOT_API_ID }}+${{ secrets.BOT_USERNAME }}[bot]@users.noreply.github.com>" # get $BOT_API_ID from `curl -s 'https://api.github.com/users/$(BOT_USERNAME)%5Bbot%5D' | yq .id` | |
jobs: | |
renovate: | |
name: Renovate | |
runs-on: ubuntu-latest | |
steps: | |
- name: "Generate Short Lived OAuth App Token (ghs_*)" | |
uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 | |
id: oauth-token | |
with: | |
app-id: "${{ secrets.BOT_APP_ID }}" # $BOT_APP_ID is found in GitHub App main settings page | |
private-key: "${{ secrets.BOT_JWT_PRIVATE_KEY }}" # $BOT_JWT_PRIVATE_KEY is generated in GitHub App main settings page, uses the X.509 private key format | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
token: "${{ steps.oauth-token.outputs.token }}" | |
- name: Override default config from dispatch variables | |
shell: bash | |
run: | | |
echo "RENOVATE_DRY_RUN=${{ github.event.inputs.dryRun || env.RENOVATE_DRY_RUN }}" >> "${GITHUB_ENV}" | |
echo "LOG_LEVEL=${{ github.event.inputs.logLevel || env.LOG_LEVEL }}" >> "${GITHUB_ENV}" | |
if [[ ! -z "${{ github.event.inputs.paths }}" ]]; then echo "RENOVATE_INCLUDE_PATHS=${{ github.event.inputs.paths }}" >> "${GITHUB_ENV}"; fi | |
if [[ ! -z "${{ github.event.inputs.managers }}" ]]; then echo "RENOVATE_ENABLED_MANAGERS=${{ github.event.inputs.managers }}" >> "${GITHUB_ENV}"; fi | |
- name: Renovate | |
uses: renovatebot/github-action@936628dfbff213ab2eb95033c5e123cfcaf09ebb # v41.0.5 | |
with: | |
token: "${{ steps.oauth-token.outputs.token }}" |