Skip to content

Renovate

Renovate #74

Workflow file for this run

name: Renovate
on:
workflow_call:
inputs:
logLevel:
description: "Override default log level"
required: false
default: "info"
type: string
overrideSchedule:
description: "Override all schedules"
required: false
default: "false"
type: string
processAuthJson:
description: "Transfer credentials from auth.json in renovate.json"
required: false
default: true
type: boolean
schedule:
- cron: '30 3 * * *'
concurrency: renovate
jobs:
renovate:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
# Don't waste time starting Renovate if JSON is invalid
- name: Validate Renovate JSON
run: jq type renovate.json
- name: Get token
id: get_token
uses: tibdex/github-app-token@021a2405c7f990db57f5eae5397423dcc554159c # v1.7.0
with:
app_id: ${{ secrets.RENOVATE_APP_ID }}
installation_id: ${{ secrets.RENOVATE_INSTALL_ID }}
private_key: ${{ secrets.RENOVATE_PRIVATE_KEY }}
# todo chack if enabled and if file exists
- name: Process auth.json
id: process-auth-json
if: ${{ inputs.processAuthJson }}
run: |
import os
import json
# process auth.json
if os.path.isfile("renovate.json"):
file = open("renovate.json", "r")
renovate = json.loads(file.read())
file.close()
if "hostRules" not in renovate:
renovate["hostRules"] = []
if os.path.isfile("auth.json"):
auth = json.loads(open("auth.json", "r").read())
if "http-basic" in auth:
for key in auth["http-basic"]:
secretName = key.upper()
host = "https://" + key
username = auth["http-basic"][key]["username"]
password = auth["http-basic"][key]["password"]
renovate["hostRules"].append({
"hostType": "packagist",
"matchHost": host,
"username": username,
"password": password
})
file = open("renovate.json", "w")
file.write(json.dumps(renovate, indent=2))
file.close()
print("renovate.json updated")
else:
print("auth.json doesn't exist")
else:
print("renovate.json doesn't exist")
shell: python
- name: Generate Renovate Secrets
id: renovate-secret-generator
run: |
import os
import json
print("Available secrets")
print(os.environ['ALLSECRETS'])
secrets = json.loads(os.environ['ALLSECRETS'])
secretsToUse = {}
for key in secrets:
if(key.startswith('RENOVATE_SECRET_')):
secretsToUse[key.replace("RENOVATE_SECRET_", "")] = secrets[key]
print("determined secrets")
print(secretsToUse)
with open(os.environ['GITHUB_OUTPUT'], 'a') as fh:
print(f'RENOVATE_SECRETS='+json.dumps(secretsToUse), file=fh)
shell: python
env:
ALLSECRETS: ${{ toJSON(secrets) }}
- name: Self-hosted Renovate
uses: renovatebot/github-action@8343fa1c8d38f3d030aa8332773b737f7e2fa591 # v34.82.0
env:
# Repository taken from variable to keep configuration file generic
RENOVATE_REPOSITORIES: ${{ github.repository }}
# Onboarding not needed for self hosted
RENOVATE_ONBOARDING: "false"
# Username for GitHub authentication (should match GitHub App name + [bot])
RENOVATE_USERNAME: "renovate[bot]"
# Git commit author used, must match GitHub App
RENOVATE_GIT_AUTHOR: "renovate <renovate[bot]@users.noreply.github.com>"
# Use GitHub API to create commits (this allows for signed commits from GitHub App)
RENOVATE_PLATFORM_COMMIT: "true"
# Override schedule if set
RENOVATE_FORCE: ${{ github.event.inputs.overrideSchedule == 'true' && '{''schedule'':null}' || '' }}
LOG_LEVEL: ${{ inputs.logLevel || 'info' }}
RENOVATE_USER_AGENT: "Composer: renovatebot"
RENOVATE_SECRETS: ${{ steps.renovate-secret-generator.outputs.RENOVATE_SECRETS }}
with:
configurationFile: renovate.json
token: '${{ steps.get_token.outputs.token }}'