on: schedule: - cron: '*/30 * * * *' push: workflow_dispatch: inputs: args: description: 'Optional renovate args, they replace the defaults and disable autodiscover' required: false type: string env: RENOVATE_DRY_RUN: ${{ ((github.event_name != 'schedule' && github.event_name != 'workflow_dispatch') || github.ref_name != 'main') && 'full' || '' }} RENOVATE_GIT_PRIVATE_KEY: ${{ secrets.GPG }} jobs: renovate: name: Renovate runs-on: host container: image: git.hsn.dev/jahanson/renovate/renovate:39.87.0@sha256:3a17d23d6fb3ca2169b079bf2c970cb25567be639ba42bb2064750973b69b83c options: --tmpfs /tmp:exec steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: show-progress: false - name: Setup Docker auth run: | mkdir -p $HOME/.docker echo '{"auths":{"docker.io":{"auth":"${{ secrets.DOCKER_AUTH }}"}}}' > $HOME/.docker/config.json chmod 600 $HOME/.docker/config.json - name: Renovate env: # Global config RENOVATE_BINARY_SOURCE: "docker" RENOVATE_PLATFORM: gitea RENOVATE_ENDPOINT: ${{ github.server_url }} RENOVATE_TOKEN: ${{ github.repository == 'jahanson/renovate-config' && secrets.TOKEN || secrets.GITHUB_TOKEN }} # Git config RENOVATE_GIT_AUTHOR: 'Renovate Bot ' GIT_AUTHOR_NAME: 'Renovate Bot' GIT_AUTHOR_EMAIL: 'smeagol@hsn.dev' GIT_COMMITTER_NAME: 'Renovate Bot' GIT_COMMITTER_EMAIL: 'smeagol@hsn.dev' # Authentication GITHUB_COM_TOKEN: ${{ secrets.GH_TOKEN }} DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} # Logging LOG_LEVEL: debug LOG_FORMAT: json LOG_FILE_LEVEL: debug # Host rules for registry authentication RENOVATE_HOST_RULES: |- [ { "matchHost": "registry-1.docker.io", "hostType": "docker", "username": "${{ secrets.DOCKER_USERNAME }}", "password": "${{ secrets.DOCKER_PASSWORD }}" }, { "matchHost": "ghcr.io", "hostType": "docker", "username": "${{ secrets.GH_USERNAME }}", "password": "${{ secrets.GH_TOKEN }}" }, { "matchHost": "git.hsn.dev", "hostType": "gitea", "token": "${{ secrets.MIRROR_TOKEN }}" } ] # Command execution INPUT_ARGS: ${{ inputs.args || (github.repository != 'jahanson/renovate-config' && github.repository) || '--autodiscover' }} run: renovate ${{ env.INPUT_ARGS }}