Skip to content

Schedule - Update Bot #331

Schedule - Update Bot

Schedule - Update Bot #331

name: Schedule - Update Bot
on: # yamllint disable-line rule:truthy
workflow_dispatch:
inputs:
dryRun:
description: "Dry-Run"
default: "false"
required: false
logLevel:
description: "Log-Level"
default: "debug"
required: false
schedule:
- cron: "0 11 * * *"
push:
branches:
- main
paths:
- ".github/renovate.json5"
- ".github/renovate/**.json"
env:
LOG_LEVEL: info
DRY_RUN: false
RENOVATE_CONFIG_FILE: .github/renovate.json5
# yamllint disable rule:line-length
jobs:
update-bot:
if: github.repository == 'SovereignCloudStack/cluster-stack-provider-openstack'
name: Renovate
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
# qemu is not required as of now because we don't build images for arm64
# use docker/setup-qemu-action@v3 if you want to have arm64 images.
- name: Set up Docker Buildx # required for building image
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3
- name: Generate Token
uses: actions/create-github-app-token@3378cda945da322a8db4b193e19d46352ebe2de5 # v1
id: generate-token
with:
app-id: ${{ secrets.SCS_APP_ID }}
private-key: ${{ secrets.SCS_APP_PRIVATE_KEY }}
- name: Override default config from dispatch variables
run: |
echo "DRY_RUN=${{ github.event.inputs.dryRun || env.DRY_RUN }}" >> "$GITHUB_ENV"
echo "LOG_LEVEL=${{ github.event.inputs.logLevel || env.LOG_LEVEL }}" >> "$GITHUB_ENV"
- name: Renovate
uses: renovatebot/github-action@630a255a1f2f56c8d8ce160bed3e3ca577ca53e2 # v40.2.7
env:
RENOVATE_HOST_RULES: '[{"hostType": "docker", "matchHost": "ghcr.io", "username": "${{ github.actor }}", "password": "${{ secrets.GITHUB_TOKEN }}" }]'
RENOVATE_ALLOWED_POST_UPGRADE_COMMANDS: '[".*"]'
BUILDER_IMAGE: 'ghcr.io/sovereigncloudstack/cspo-builder'
RENOVATE_POST_UPGRADE_TASKS: '{ commands: ["BUILD_IMAGE_TOKEN=${{ secrets.GITHUB_TOKEN }} BUILD_IMAGE_USER=${{ github.actor }} CI=true ./hack/upgrade-builder-image.sh"], fileFilters: ["Makefile", ".builder-image-version.txt", ".github/**/*.yml", ".github/**/*.yaml"], executionMode: "branch"}'
with:
configurationFile: ${{ env.RENOVATE_CONFIG_FILE }}
token: "x-access-token:${{ steps.generate-token.outputs.token }}"
mount-docker-socket: "true"