enricobuehler
11de357074
Wire an optional read-only GITHUB_COM_TOKEN so Renovate can reach api.github.com (changelogs + actions/checkout-style updates) without rate limiting, and disable management of the internal Gitea reusable workflow `played/workflows` (it's a @main ref, not a github.com action). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
71 lines
2.9 KiB
YAML
71 lines
2.9 KiB
YAML
name: Renovate
|
|
run-name: Renovate dependency sync
|
|
|
|
# Self-hosted Renovate bot for the played ecosystem. Runs on a schedule (and
|
|
# on demand) against the game repos, opening grouped dependency-update PRs.
|
|
# Every target repo extends the shared preset (renovate-config.json in this
|
|
# repo) so versions stay aligned across repos — see RENOVATE_ONBOARDING_CONFIG.
|
|
#
|
|
# One-time setup (cannot be scripted here):
|
|
# 1. Create a Gitea PAT (a `renovate` bot user is cleanest) with scopes:
|
|
# read:user, write:repository, write:issue. Add it as the Actions secret
|
|
# RENOVATE_TOKEN (org-level, or on this `workflows` repo).
|
|
# 2. Ensure the existing NPMRC secret (registry + @played auth) is visible to
|
|
# this repo's Actions run (org-level secret recommended).
|
|
# 3. Push this repo, then trigger once via "Run workflow" (workflow_dispatch).
|
|
# Renovate opens a "Configure Renovate" onboarding PR in each repo below;
|
|
# merge them and it's live.
|
|
|
|
on:
|
|
schedule:
|
|
# Mondays 06:00 UTC. Gitea cron is UTC; the preset's `timezone` governs
|
|
# Renovate's own schedule strings.
|
|
- cron: "0 6 * * 1"
|
|
workflow_dispatch:
|
|
inputs:
|
|
logLevel:
|
|
description: Log level
|
|
type: choice
|
|
options: [info, debug]
|
|
default: info
|
|
dryRun:
|
|
description: Dry run (no branches/PRs)
|
|
type: boolean
|
|
default: false
|
|
|
|
concurrency:
|
|
group: renovate
|
|
cancel-in-progress: false
|
|
|
|
jobs:
|
|
renovate:
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- name: Run Renovate
|
|
env:
|
|
RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
|
|
# Reuse the build-time npmrc so Renovate can resolve @played/* from
|
|
# the Gitea registry.
|
|
RENOVATE_NPMRC: ${{ secrets.NPMRC }}
|
|
# Read-only github.com PAT (no scopes needed for public data). Avoids
|
|
# api.github.com rate limits and enables changelogs + updates for the
|
|
# real github.com actions used in deploy.yml (actions/checkout, etc.).
|
|
GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }}
|
|
LOG_LEVEL: ${{ inputs.logLevel || 'info' }}
|
|
RENOVATE_DRY_RUN: ${{ inputs.dryRun && 'full' || '' }}
|
|
run: |
|
|
docker run --rm \
|
|
-e RENOVATE_TOKEN \
|
|
-e RENOVATE_NPMRC \
|
|
-e GITHUB_COM_TOKEN \
|
|
-e LOG_LEVEL \
|
|
-e RENOVATE_DRY_RUN \
|
|
-e RENOVATE_PLATFORM=gitea \
|
|
-e RENOVATE_ENDPOINT=https://git.unom.io/api/v1/ \
|
|
-e RENOVATE_GIT_AUTHOR='Renovate Bot <renovate@unom.io>' \
|
|
-e RENOVATE_AUTODISCOVER=false \
|
|
-e RENOVATE_ONBOARDING=true \
|
|
-e RENOVATE_ONBOARDING_CONFIG='{"$schema":"https://docs.renovatebot.com/renovate-schema.json","extends":["local>played/workflows:renovate-config"]}' \
|
|
-e RENOVATE_REPOSITORIES='played/relayer,played/rememed,played/remplir,played/resolu,played/rejouer,played/refaire,played/plaza' \
|
|
renovate/renovate:latest
|