From c8b23370f67c87f0a9856c2689f9198688dcfd5a Mon Sep 17 00:00:00 2001
From: Geoff Lamrock <geoff.lamrock@gmail.com>
Date: Mon, 11 Dec 2023 11:42:15 +1100
Subject: [PATCH] Add renovate for dependency management

---
 .eslintrc.json                                |  2 +-
 .../renovate-pull-request-automation.yml      | 26 +++++++++++++++
 .github/workflows/update-dependencies.yml     | 28 ++++++++++++++++
 renovate-config.js                            | 33 +++++++++++++++++++
 tsconfig.eslint.json                          | 11 +++++++
 5 files changed, 99 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/renovate-pull-request-automation.yml
 create mode 100644 .github/workflows/update-dependencies.yml
 create mode 100644 renovate-config.js
 create mode 100644 tsconfig.eslint.json

diff --git a/.eslintrc.json b/.eslintrc.json
index 7c6792a7..1522d1cd 100644
--- a/.eslintrc.json
+++ b/.eslintrc.json
@@ -7,7 +7,7 @@
   "parser": "@typescript-eslint/parser",
   "parserOptions": {
     "ecmaVersion": 9,
-    "project": "./tsconfig.json",
+    "project": "./tsconfig.eslint.json",
     "sourceType": "module"
   },
   "plugins": ["jest", "@typescript-eslint"],
diff --git a/.github/workflows/renovate-pull-request-automation.yml b/.github/workflows/renovate-pull-request-automation.yml
new file mode 100644
index 00000000..86c33e20
--- /dev/null
+++ b/.github/workflows/renovate-pull-request-automation.yml
@@ -0,0 +1,26 @@
+name: Renovate Pull Request Approval
+
+on:
+  pull_request:
+    branches: [main]
+
+# Increase the access for the GITHUB_TOKEN
+permissions:
+  # This Allows the GITHUB_TOKEN to approve pull requests
+  pull-requests: write
+  # This Allows the GITHUB_TOKEN to auto merge pull requests
+  contents: write
+
+env:
+  PR_URL: ${{github.event.pull_request.html_url}}
+  # By default, GitHub Actions workflows triggered by renovate get a GITHUB_TOKEN with read-only permissions.
+  GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+
+jobs:
+  approve_renovate_pull_requests:
+    runs-on: ubuntu-latest
+    name: Approve renovate pull request
+    if: ${{ (github.actor == 'Octobob') && (contains(github.head_ref, 'renovate')) }}
+    steps:
+      - name: Approve a renovate created PR
+        run: gh pr review --approve "$PR_URL"
diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml
new file mode 100644
index 00000000..cb9fcc0e
--- /dev/null
+++ b/.github/workflows/update-dependencies.yml
@@ -0,0 +1,28 @@
+name: Renovate
+on:
+  schedule:
+    - cron: "0 2 * * *"
+
+  workflow_dispatch:
+    inputs:
+      dryRun:
+        type: boolean
+        required: false
+        default: false
+        description: Dry run (don't create PRs)
+
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Self-hosted Renovate
+        uses: renovatebot/github-action@0dbf03d3f50da30b8e523f51b628d2743c4934dc # v39.0.6
+        with:
+          configurationFile: renovate-config.js
+          token: ${{ secrets.RENOVATE_GITHUB_TOKEN }}
+        env:
+          LOG_LEVEL: debug
+          RENOVATE_DRY_RUN: ${{ inputs.dryRun && 'full' || null }}
diff --git a/renovate-config.js b/renovate-config.js
new file mode 100644
index 00000000..5591e82a
--- /dev/null
+++ b/renovate-config.js
@@ -0,0 +1,33 @@
+// eslint-disable-next-line import/no-commonjs
+module.exports = {
+  extends: [
+    'config:base',
+    ':disableMajorUpdates',
+    ':ignoreModulesAndTests',
+    ':pinVersions',
+    ':rebaseStalePrs',
+    ':automergeDigest',
+    ':automergePatch',
+    ':automergePr',
+    ':automergeRequireAllStatusChecks',
+    ':automergeLinters',
+    ':automergeTesters',
+    ':automergeTypes',
+    'packages:eslint',
+    'workarounds:typesNodeVersioning',
+    'github>whitesource/merge-confidence:beta'
+  ],
+  branchPrefix: 'renovate/',
+  platform: 'github',
+  repositories: ['OctopusDeploy/install-octopus-cli-action'],
+  packageRules: [],
+  timezone: 'Australia/Brisbane',
+  onboarding: false,
+  requireConfig: false,
+  allowedPostUpgradeCommands: ['.*'],
+  postUpgradeTasks: {
+    commands: ['npm install && npm run build'],
+    fileFilters: ['**/index.js'],
+    executionMode: 'update'
+  }
+}
diff --git a/tsconfig.eslint.json b/tsconfig.eslint.json
new file mode 100644
index 00000000..75012ab7
--- /dev/null
+++ b/tsconfig.eslint.json
@@ -0,0 +1,11 @@
+{
+    "extends": "./tsconfig.json",
+    "include": [
+      "src",
+      "__tests__",
+      "renovate-config.js"
+    ],
+    "compilerOptions": {
+      "allowJs": true
+    }
+  }
\ No newline at end of file