docs(renovate): note GITHUB_COM_TOKEN is required for bun.lock updates
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -54,7 +54,7 @@ Self-hosted [Renovate](https://docs.renovatebot.com) that keeps dependencies ali
|
||||
|
||||
1. Create a Gitea PAT — a dedicated `renovate` bot user is cleanest — with scopes `read:user`, `write:repository`, `write:issue`. Add it as the `RENOVATE_TOKEN` Actions secret (org-level, or on this repo).
|
||||
2. Make sure the existing `NPMRC` secret (registry + `@played` auth) is visible to this repo's Actions run (org-level recommended) — Renovate uses it to look up `@played/*` versions.
|
||||
- *Optional but recommended:* add `RENOVATE_GITHUB_COM_TOKEN` — a **read-only** github.com PAT (no scopes). It stops `api.github.com` rate-limit warnings and enables changelogs + updates for the github.com actions in `deploy.yml` (`actions/checkout`, `appleboy/ssh-action`, …).
|
||||
- Add `RENOVATE_GITHUB_COM_TOKEN` — a **read-only** github.com PAT (no scopes). Required in practice: updating `bun.lock` installs `bun`, whose versions come from github.com releases, so without it lockfile artifacts fail with "No tool releases found". It also stops `api.github.com` rate-limit warnings and enables changelogs + `actions/checkout`/`appleboy/ssh-action` updates.
|
||||
3. Push, then run the workflow once (**Run workflow**). Renovate opens a "Configure Renovate" onboarding PR in each target repo that does `extends: ["local>played/workflows:renovate-config"]`; merge them to go live.
|
||||
|
||||
### Target repos
|
||||
|
||||
Reference in New Issue
Block a user