Skip to content

Renovate

Renovate #521

Workflow file for this run

name: Renovate
on:
schedule:
- cron: "18 */4 * * *"
workflow_dispatch:
jobs:
renovate:
permissions:
contents: read # needed to read the contents of the repository
id-token: write # needed to create a GitHub App token
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Checkout Code
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: retrieve secrets
id: get-secrets
uses: grafana/shared-workflows/actions/get-vault-secrets@332fb1cf3349234b5b1940f3f2797410e6ccd5d2
with:
common_secrets: |
GRAFANA_RENOVATE_APP_ID=grafana-renovate-app:app-id
GRAFANA_RENOVATE_PRIVATE_KEY=grafana-renovate-app:private-key
- name: create GitHub app token
id: app-token
# Beware that the token generated here has elevated permissions wrt to
# the ones set in the action. In particular, it will be able to write
# to the repository (e.g. create branches) and create pull requests.
uses: actions/create-github-app-token@v1
with:
app-id: ${{ env.GRAFANA_RENOVATE_APP_ID }}
private-key: ${{ env.GRAFANA_RENOVATE_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Self-hosted Renovate
uses: renovatebot/github-action@dd4d265eb8646cd04fc5f86ff8bc8d496d75a251 # v40.2.8
with:
renovate-version: 39.14.1@sha256:65e8c6c295d33569995412053890b983cd01a6c8de643adb4d175889a27a07ed
configurationFile: .github/renovate-app.json
token: "${{ steps.app-token.outputs.token }}"
env:
LOG_LEVEL: debug
RENOVATE_PLATFORM: github
RENOVATE_REPOSITORIES: ${{ github.repository }}