Renovate #11748
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Renovate | |
| on: | |
| # For manual dispatch | |
| workflow_dispatch: | |
| inputs: | |
| dryRun: | |
| description: Dry-Run | |
| default: "false" | |
| required: false | |
| logLevel: | |
| description: Log-Level | |
| default: debug | |
| required: false | |
| repoCache: | |
| description: 'Reset or disable the cache?' | |
| type: choice | |
| default: enabled | |
| options: | |
| - enabled | |
| - disabled | |
| - reset | |
| # For auto-merge - should exclude non-renovate branch dispatches in job definitions below | |
| workflow_run: | |
| workflows: | |
| - Validate | |
| types: | |
| - completed | |
| # For auto-merge and rebasing | |
| push: | |
| branches: ["main"] | |
| schedule: | |
| # Hour 0, 6, 12, 18 in JST(+9) | |
| # which translates to hour 9, 15, 21, 27(3) in UTC(+0) | |
| - cron: "0 3,9,15,21 * * *" | |
| permissions: | |
| packages: read | |
| # Limit renovate from executing concurrently | |
| concurrency: | |
| group: renovate | |
| cancel-in-progress: false | |
| env: | |
| LOG_LEVEL: debug | |
| RENOVATE_DRY_RUN: false | |
| RENOVATE_CONFIG_FILE: .github/renovate-bot.js | |
| cache_archive: renovate_cache.tar.gz | |
| cache_dir: /tmp/renovate/cache/renovate/repository | |
| cache_key: renovate-cache | |
| jobs: | |
| renovate: | |
| name: Renovate | |
| runs-on: ubuntu-latest | |
| # Exclude dispatch from non-renovate checks | |
| if: ${{ !(github.event_name == 'workflow_run' && !startsWith(github.event.workflow_run.head_branch, 'renovate/')) }} | |
| steps: | |
| - name: Generate Token | |
| uses: tibdex/github-app-token@v2 | |
| id: generate-token | |
| with: | |
| app_id: "${{ secrets.RENOVATE_APP_ID }}" | |
| private_key: "${{ secrets.RENOVATE_APP_PRIVATE_KEY }}" | |
| - uses: actions/checkout@v6 | |
| # Renovateは別で設定が必要らしい? | |
| # - name: Login to GitHub Container Registry | |
| # uses: docker/login-action@v3 | |
| # with: | |
| # registry: ghcr.io | |
| # username: "trapyojo" | |
| # password: "${{ secrets.GHCR_PAT }}" | |
| - name: Override default config from dispatch variables | |
| shell: bash | |
| run: | | |
| echo "RENOVATE_DRY_RUN=${{ github.event.inputs.dryRun || env.RENOVATE_DRY_RUN }}" >> "${GITHUB_ENV}" | |
| echo "LOG_LEVEL=${{ github.event.inputs.logLevel || env.LOG_LEVEL }}" >> "${GITHUB_ENV}" | |
| - uses: dawidd6/action-download-artifact@v11 | |
| if: github.event.inputs.repoCache != 'disabled' | |
| continue-on-error: true | |
| with: | |
| name: ${{ env.cache_key }} | |
| path: cache-download | |
| if_no_artifact_found: "warn" | |
| - name: Extract renovate cache | |
| run: | | |
| set -x | |
| if [ ! -d cache-download ] ; then | |
| echo "No cache found." | |
| exit 0 | |
| fi | |
| mkdir -p $cache_dir | |
| tar -xzf cache-download/$cache_archive -C $cache_dir | |
| sudo chown -R 12021:0 /tmp/renovate/ | |
| ls -R $cache_dir | |
| - name: Renovate | |
| uses: renovatebot/[email protected] | |
| with: | |
| renovate-image: "ghcr.io/renovatebot/renovate" | |
| renovate-version: "latest" | |
| configurationFile: "${{ env.RENOVATE_CONFIG_FILE }}" | |
| token: "${{ steps.generate-token.outputs.token }}" | |
| env: | |
| RENOVATE_GITHUB_PAT: "${{ secrets.GHCR_PAT }}" | |
| RENOVATE_REPOSITORY_CACHE: ${{ github.event.inputs.repoCache || 'enabled' }} | |
| - name: Compress renovate cache | |
| run: | | |
| if [ -d "$cache_dir" ] ; then | |
| tar -czvf $cache_archive -C $cache_dir . | |
| fi | |
| - uses: actions/upload-artifact@v5 | |
| if: github.event.inputs.repoCache != 'disabled' | |
| with: | |
| name: ${{ env.cache_key }} | |
| path: ${{ env.cache_archive }} | |
| retention-days: 1 |