played/workflows
4
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

ci(renovate): automerge non-major + lockfile, document registry mapping

Browse Source 
Automerge third-party minor/patch updates and lockfile maintenance via
Gitea auto-merge; @played/* and majors stay manual. Document the bunfig.toml
scope mapping and the no-PR-CI automerge caveat.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Enrico Bühler
2026-05-29 02:19:28 +02:00
parent 09b3c4f62b
commit 12ddd85414
2 changed files with 19 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+11 -1
View File
@@ -61,4 +61,14 @@ Self-hosted [Renovate](https://docs.renovatebot.com) that keeps dependencies ali
Listed in `renovate.yml` under `RENOVATE_REPOSITORIES` (the six games + `plaza`). Add the shared packages (`app-ui`, `games-registry`, `api-core`, …) to that list to manage them too, or switch to `RENOVATE_AUTODISCOVER=true` with `RENOVATE_AUTODISCOVER_FILTER=played/*`.
> The bot only keeps versions *current* together (it opens PRs). For hard parity — failing CI when any repo drifts — pair it with a [`syncpack`](https://github.com/JamieMason/syncpack) check.
### Automerge
Third-party non-major (minor/patch) updates and weekly lockfile maintenance automerge (`platformAutomerge` → Gitea's "auto-merge"); `@played/*` bumps and majors stay manual (a `@played` minor can be breaking pre-1.0, and merging redeploys the game).
> ⚠️ There's currently no PR-level build check, so an automerged PR isn't validated before it lands on `main` (and triggers the deploy). If a bump breaks the build you'll find out at deploy time, not at merge. To make automerge safe, add a lightweight "build on PR" workflow and a required status check — then Renovate only merges green PRs.
### Registry resolution
`@played`/`@unom`/etc. scopes are mapped to the Gitea registry via a committed `bunfig.toml` in each repo (token-free). Without it, Renovate's lockfile `bun install` falls back to `registry.npmjs.org` and 404s. Auth comes from `RENOVATE_NPMRC` (the `NPMRC` secret), the gitignored local `.npmrc`, and the mounted build secret.
> Keeping versions *current* together isn't *hard parity*. For "every repo on the exact same version, CI red on drift", pair this with a [`syncpack`](https://github.com/JamieMason/syncpack) check.