Skip to content

Renovate

Renovate #487

Workflow file for this run

name: Renovate
on:
schedule:
- cron: '41 */6 * * *'
workflow_dispatch:
jobs:
renovate:
permissions:
contents: read # needed to read the contents of the repository
id-token: write # needed to create a GitHub App token
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Checkout Code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: retrieve secrets
id: get-secrets
uses: grafana/shared-workflows/actions/get-vault-secrets@7d18a46aafb8b875ed76a0bc98852d74b91e7f91 # v1.0.0
with:
common_secrets: |
GRAFANA_RENOVATE_APP_ID=grafana-renovate-app:app-id
GRAFANA_RENOVATE_PRIVATE_KEY=grafana-renovate-app:private-key
- name: create GitHub app token
id: app-token
# Beware that the token generated here has elevated permissions wrt to
# the ones set in the action. In particular, it will be able to write
# to the repository (e.g. create branches) and create pull requests.
uses: actions/create-github-app-token@v1
with:
app-id: ${{ env.GRAFANA_RENOVATE_APP_ID }}
private-key: ${{ env.GRAFANA_RENOVATE_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Self-hosted Renovate
uses: renovatebot/[email protected]
with:
renovate-version: 39.23.0
configurationFile: .github/renovate-app.json
token: '${{ steps.app-token.outputs.token }}'
docker-cmd-file: .github/renovate
env:
LOG_LEVEL: debug
RENOVATE_PLATFORM: github
RENOVATE_REPOSITORIES: ${{ github.repository }}
RENOVATE_USERNAME: GrafanaRenovateBot