Renovate #42
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Self-hosted Renovate (see renovate.json5). Runs daily; use workflow_dispatch to run on demand. | |
| # | |
| # Authentication: GitHub App installation token (recommended for orgs). No PAT required. | |
| # - Variable: RENOVATE_APP_ID (repo or org — numeric App ID from the app’s settings page) | |
| # - Secret: RENOVATE_APP_PRIVATE_KEY (PEM for that app; paste full key including BEGIN/END lines) | |
| # The app must be installed on argoproj-labs with access to this repository. | |
| # | |
| # If you also use the hosted "Renovate" GitHub App (Mend) on the same repo, disable one of the | |
| # two flows or they will both open dependency PRs. | |
| name: Renovate | |
| on: | |
| schedule: | |
| # Daily at 05:30 UTC (quoted: YAML treats "*" specially in cron strings) | |
| - cron: "30 5 * * *" | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: renovate | |
| cancel-in-progress: false | |
| jobs: | |
| renovate: | |
| name: Run Renovate | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Mint GitHub App installation token | |
| id: app-token | |
| uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3 | |
| with: | |
| app-id: ${{ vars.RENOVATE_APP_ID }} | |
| private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| # Without RENOVATE_REPOSITORIES, the container exits with "No repositories found" | |
| # (it does not infer the repo from checkout alone). | |
| - name: Self-hosted Renovate | |
| uses: renovatebot/github-action@b67590ea780158ccd13192c22a3655a5231f869d # v46.1.8 | |
| with: | |
| token: ${{ steps.app-token.outputs.token }} | |
| env: | |
| LOG_LEVEL: info | |
| RENOVATE_REPOSITORIES: '["${{ github.repository }}"]' |