Renovate #633
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Renovate | |
| "on": | |
| push: | |
| branches: | |
| - main | |
| repository_dispatch: | |
| types: [renovate] | |
| schedule: | |
| - cron: "0 0 * * *" | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }} | |
| cancel-in-progress: true | |
| # Least-privilege workflow token. Renovate authenticates via the GitHub App | |
| # (RENOVATE_TOKEN), so the workflow's GITHUB_TOKEN only needs read access for | |
| # actions/checkout. Write operations (PRs, branches, comments) go through the | |
| # App's own permissions, configured at install time. | |
| permissions: | |
| contents: read | |
| jobs: | |
| renovate: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Get GitHub App Token | |
| id: get_token | |
| # yamllint disable-line rule:line-length | |
| uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 | |
| with: | |
| client-id: ${{ vars.RENOVATE_BOT_CLIENT_ID }} | |
| private-key: ${{ secrets.RENOVATE_BOT_PRIVATE_KEY }} | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Self-hosted Renovate | |
| # yamllint disable-line rule:line-length | |
| uses: renovatebot/github-action@f66d8679fcfcfa051abde6e7a623007173bf5164 # v46.1.12 | |
| env: | |
| LOG_LEVEL: debug | |
| RENOVATE_TOKEN: ${{ steps.get_token.outputs.token }} | |
| RENOVATE_REPOSITORIES: '["${{ github.repository }}"]' |