chore: switch to GHA renovate

joryirving · Jan 8, 2024 · 419477f · 419477f
1 parent 888c640
commit 419477f
Show file tree

Hide file tree

Showing 7 changed files with 99 additions and 151 deletions.
diff --git a/.github/renovate.json5 b/.github/renovate.json5
@@ -1,34 +1,14 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "extends": [
-    "config:base",
+    "config:recommended",
     "docker:enableMajor",
-    ":disableRateLimiting",
     ":dependencyDashboard",
-    ":semanticCommits",
-    ":enablePreCommit",
-    ":automergeDigest",
-    ":automergeBranch",
-    "github>LilDrunkenSmurf/containers//.github/renovate/autoMerge.json5",
-    "github>LilDrunkenSmurf/containers//.github/renovate/commitMessage.json5",
-    "github>LilDrunkenSmurf/containers//.github/renovate/labels.json5",
-    "github>LilDrunkenSmurf/containers//.github/renovate/semanticCommits.json5",
-    "helpers:pinGitHubActionDigests"
+    ":disableRateLimiting",
+    ":semanticCommits"
   ],
-  "dependencyDashboard": true,
+  "onboarding": false,
+  "requireConfig": "optional",
   "dependencyDashboardTitle": "Renovate Dashboard 🤖",
-  "suppressNotifications": ["prIgnoreNotification"],
-  "rebaseWhen": "conflicted",
-  "pre-commit": {
-    "enabled": true
-  },
-  "regexManagers": [
-    {
-      "fileMatch": ["(^|/)Dockerfile$"],
-      "matchStrings": [
-        "datasource=(?<datasource>.*?) depName=(?<depName>.*?) versioning=(?<versioning>.*?)\\sARG .*?_VERSION=(?<currentValue>v.*)\\s"
-      ],
-      "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}"
-    }
-  ]
-}
+  "suppressNotifications": ["prEditedNotification", "prIgnoreNotification"]
+}
diff --git a/.github/renovate/autoMerge.json5 b/.github/renovate/autoMerge.json5
diff --git a/.github/renovate/commitMessage.json5 b/.github/renovate/commitMessage.json5
diff --git a/.github/renovate/labels.json5 b/.github/renovate/labels.json5
diff --git a/.github/renovate/semanticCommits.json5 b/.github/renovate/semanticCommits.json5
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
@@ -13,8 +13,21 @@ jobs:
     outputs:
       apps: ${{ steps.set-matrix.outputs.apps }}
     steps:
-      - name: Checkout code
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
+      - name: Lowercase repository owner
+        shell: bash
+        run: echo "LOWERCASE_REPO_OWNER=${GITHUB_REPOSITORY_OWNER,,}" >> $GITHUB_ENV
+
+      - name: Generate Token
+        uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: "${{ secrets.BOT_APP_ID }}"
+          private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          token: "${{ steps.app-token.outputs.token }}"
 
       - name: Collect changed files
         uses: dorny/paths-filter@v2
@@ -45,29 +58,29 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
+        uses: actions/checkout@v4
 
       - name: Login to ghcr
-        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2
+        uses: docker/login-action@v2
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Container meta
         id: meta
-        uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4
+        uses: docker/metadata-action@v4
         with:
           images: |
-            ghcr.io/${{ github.repository_owner }}/${{ matrix.app }}
+            ghcr.io/${{ env.LOWERCASE_REPO_OWNER }}/${{ matrix.app }}
           tags: |
             type=sha, format=long
 
       - name: Build and push to ghcr
-        uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9 # v4
+        uses: docker/build-push-action@v4
         with:
           context: .
           file: 'apps/${{ matrix.app }}/Dockerfile'
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml
@@ -0,0 +1,71 @@
+---
+    name: "Renovate"
+
+    on:
+      workflow_dispatch:
+        inputs:
+          dryRun:
+            description: Dry Run
+            default: "false"
+            required: false
+          logLevel:
+            description: Log Level
+            default: debug
+            required: false
+          version:
+            description: Renovate version
+            default: latest
+            required: false
+      schedule:
+        - cron: "0 * * * *"
+      push:
+        branches: ["main"]
+        paths:
+          - .github/renovate.json5
+
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
+      cancel-in-progress: true
+
+    # Retrieve BOT_USER_ID via `curl -s "https://api.github.com/users/${BOT_USERNAME}%5Bbot%5D" | jq .id`
+    env:
+      RENOVATE_PLATFORM: github
+      RENOVATE_PLATFORM_COMMIT: true
+      RENOVATE_ONBOARDING_CONFIG_FILE_NAME: .github/renovate.json5
+      RENOVATE_AUTODISCOVER: true
+      RENOVATE_AUTODISCOVER_FILTER: "${{ github.repository }}"
+      RENOVATE_USERNAME: "${{ secrets.BOT_USERNAME }}[bot]"
+      RENOVATE_GIT_AUTHOR: "${{ secrets.BOT_USERNAME }} <${{ secrets.BOT_USER_ID }}+${{ secrets.BOT_USERNAME }}[bot]@users.noreply.github.com>"
+      WORKFLOW_RENOVATE_DRY_RUN: false
+      WORKFLOW_RENOVATE_LOG_LEVEL: debug
+      WORKFLOW_RENOVATE_VERSION: latest
+
+    jobs:
+      renovate:
+        name: Renovate
+        runs-on: ubuntu-latest
+        steps:
+          - name: Generate Token
+            uses: actions/create-github-app-token@v1
+            id: app-token
+            with:
+              app-id: "${{ secrets.BOT_APP_ID }}"
+              private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+
+          - name: Checkout
+            uses: actions/checkout@v4
+            with:
+              token: "${{ steps.app-token.outputs.token }}"
+
+          - name: Override default config from dispatch variables
+            shell: bash
+            run: |
+              echo "RENOVATE_DRY_RUN=${{ github.event.inputs.dryRun || env.WORKFLOW_RENOVATE_DRY_RUN }}" >> $GITHUB_ENV
+              echo "LOG_LEVEL=${{ github.event.inputs.logLevel || env.WORKFLOW_RENOVATE_LOG_LEVEL }}" >> $GITHUB_ENV
+    
+          - name: Renovate
+            uses: renovatebot/github-action@v39.2.4
+            with:
+              configurationFile: "${{ env.RENOVATE_ONBOARDING_CONFIG_FILE_NAME }}"
+              token: "${{ steps.app-token.outputs.token }}"
+              renovate-version: "${{ github.event.inputs.version || env.WORKFLOW_RENOVATE_VERSION }}"