Renovate #80
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Dependencies Management Workflow | |
# | |
# This workflow automates the dependence management based on self-hosed Renovate | |
# ensure the project's dependencies remains up-to-date and | |
# security fixes are delivered regularly. | |
# | |
# Key Features: | |
# - Automated PR creation into pyproject.toml and uv.lock regeneration | |
# - Dry-run for debug purposes | |
# - Dependency dashboard (is available in GitHub issues) maintenance | |
# | |
# Process Stages: | |
# | |
# 1. Dependencies Management: | |
# - Runs on a daily schedule. | |
# - Identifies dependencies that may be updated based on .github/renovate.json5 configuration. | |
# - Opens corresponding PRs with respect to schedule defined in Renovate config file. | |
# - Updates Renovate Dependency dashboard that is available in GitHub issues. | |
# | |
# Required Secrets: | |
# - RENOVATE_APP_ID: application ID | |
# - RENOVATE_APP_PEM: application private key | |
# | |
# Example Usage: | |
# 1. Scheduled Run: | |
# Automatically runs, daily | |
# | |
# 2. Manual Trigger: | |
# workflow_dispatch: | |
# inputs: | |
# dry-run: | |
# description: "Run Renovate in dry-run mode (no PR)" | |
# required: false | |
# default: false | |
# type: boolean | |
# | |
# Note: Renovate maintains and updates Dependency dashboard that is available in GitHub issues. | |
name: Renovate | |
on: | |
schedule: | |
# daily | |
- cron: "0 2 * * *" | |
# allow to manually trigger this workflow | |
workflow_dispatch: | |
inputs: | |
dry-run: | |
description: "Run Renovate in dry-run mode (no PR)" | |
required: false | |
default: false | |
type: boolean | |
permissions: {} | |
jobs: | |
renovate: | |
permissions: | |
contents: read | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
with: | |
persist-credentials: false | |
- name: Get token | |
id: get-github-app-token | |
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 | |
with: | |
app-id: ${{ secrets.RENOVATE_APP_ID }} | |
private-key: ${{ secrets.RENOVATE_APP_PEM }} | |
- name: Self-hosted Renovate | |
uses: renovatebot/github-action@53bdcc4ec92f28e5023ac92356ea8bb45f8b807d # v43.0.15 | |
with: | |
configurationFile: .github/renovate.json5 | |
token: "${{ steps.get-github-app-token.outputs.token }}" | |
env: | |
LOG_LEVEL: ${{ github.event_name == 'workflow_dispatch' && 'debug' || 'info' }} | |
# Dry run if the event is workflow_dispatch AND the dry-run input is true | |
RENOVATE_DRY_RUN: ${{ (github.event_name == 'workflow_dispatch' && github.event.inputs.dry-run == 'true') && 'full' || null }} | |
RENOVATE_PLATFORM: github | |
RENOVATE_REPOSITORIES: ${{ github.repository }} |