name: Renovate
run-name: Renovate dependency sync

# Self-hosted Renovate bot for the played ecosystem. Runs on a schedule (and
# on demand) against the game repos, opening grouped dependency-update PRs.
# Every target repo extends the shared preset (renovate-config.json in this
# repo) so versions stay aligned across repos — see RENOVATE_ONBOARDING_CONFIG.
#
# One-time setup (cannot be scripted here):
#   1. Create a Gitea PAT (a `renovate` bot user is cleanest) with scopes:
#      read:user, write:repository, write:issue. Add it as the Actions secret
#      RENOVATE_TOKEN (org-level, or on this `workflows` repo).
#   2. Ensure the existing NPMRC secret (registry + @played auth) is visible to
#      this repo's Actions run (org-level secret recommended).
#   3. Push this repo, then trigger once via "Run workflow" (workflow_dispatch).
#      Renovate opens a "Configure Renovate" onboarding PR in each repo below;
#      merge them and it's live.

on:
  schedule:
    # Mondays 06:00 UTC. Gitea cron is UTC; the preset's `timezone` governs
    # Renovate's own schedule strings.
    - cron: "0 6 * * 1"
  workflow_dispatch:
    inputs:
      logLevel:
        description: Log level
        type: choice
        options: [info, debug]
        default: info
      dryRun:
        description: Dry run (no branches/PRs)
        type: boolean
        default: false

concurrency:
  group: renovate
  cancel-in-progress: false

jobs:
  renovate:
    runs-on: ubuntu-24.04
    steps:
      - name: Run Renovate
        env:
          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
          # Reuse the build-time npmrc so Renovate can resolve @played/* from
          # the Gitea registry.
          RENOVATE_NPMRC: ${{ secrets.NPMRC }}
          # Read-only github.com PAT (no scopes needed for public data). Avoids
          # api.github.com rate limits and enables changelogs + updates for the
          # real github.com actions used in deploy.yml (actions/checkout, etc.).
          GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }}
          LOG_LEVEL: ${{ inputs.logLevel || 'info' }}
          RENOVATE_DRY_RUN: ${{ inputs.dryRun && 'full' || '' }}
        run: |
          docker run --rm \
            -e RENOVATE_TOKEN \
            -e RENOVATE_NPMRC \
            -e GITHUB_COM_TOKEN \
            -e LOG_LEVEL \
            -e RENOVATE_DRY_RUN \
            -e RENOVATE_PLATFORM=gitea \
            -e RENOVATE_ENDPOINT=https://git.unom.io/api/v1/ \
            -e RENOVATE_GIT_AUTHOR='Renovate Bot <renovate@unom.io>' \
            -e RENOVATE_AUTODISCOVER=false \
            -e RENOVATE_ONBOARDING=true \
            -e RENOVATE_ONBOARDING_CONFIG='{"$schema":"https://docs.renovatebot.com/renovate-schema.json","extends":["local>played/workflows:renovate-config"]}' \
            -e RENOVATE_REPOSITORIES='played/achievements,played/api-core,played/app-ui,played/auth,played/cms,played/config,played/create-game,played/discord-bot,played/games-registry,played/gen,played/infra,played/media,played/omiru,played/platform,played/plaza,played/refaire,played/rejouer,played/relayer,played/rememed,played/remplir,played/resolu,played/ui,played/workflows' \
            renovate/renovate:latest