Renovate #1025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Renovate | |
| on: | |
| # This lets you dispatch a renovate job with different cache options if you want to reset or disable the cache manually. | |
| workflow_dispatch: | |
| inputs: | |
| repoCache: | |
| description: 'Reset or disable the cache?' | |
| type: choice | |
| default: enabled | |
| options: | |
| - enabled | |
| - disabled | |
| - reset | |
| # https://docs.renovatebot.com/troubleshooting/#log-debug-levels | |
| logLevel: | |
| description: 'Renovate log level' | |
| type: choice | |
| default: INFO | |
| options: | |
| - INFO | |
| - DEBUG | |
| repositories: | |
| description: 'Specify the exact repositories to run on' | |
| schedule: | |
| - cron: '6 4 * * *' | |
| permissions: | |
| actions: write # Required to delete existing cache | |
| contents: read | |
| # Adding these as env variables makes it easy to re-use them in different steps and in bash. | |
| env: | |
| # This is the dir renovate provides -- if we set our own directory via cacheDir, we can run into permissions issues. | |
| # It is also possible to cache a higher level of the directory, but it has minimal benefit. While renovate execution | |
| # time gets faster, it also takes longer to upload the cache as it grows bigger. | |
| cache_dir: /tmp/renovate/cache/renovate/repository | |
| # This can be manually changed to bust the cache if necessary. | |
| cache_key: renovate-cache | |
| jobs: | |
| renovate: | |
| name: Renovate | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Restore cache | |
| if: github.event.inputs.repoCache != 'disabled' | |
| id: cache-restore | |
| uses: actions/cache/restore@v5 | |
| with: | |
| path: ${{ env.cache_dir }} | |
| key: ${{ env.cache_key }} | |
| - name: Try fix cache permissions | |
| if: ${{ steps.cache-restore.outputs.cache-hit }} | |
| continue-on-error: true | |
| run: | | |
| set -x | |
| # Unfortunately, the permissions expected within renovate's docker container | |
| # are different than the ones given after the cache is restored. We have to | |
| # change ownership to solve this. We also need to have correct permissions in | |
| # the entire /tmp/renovate tree, not just the section with the repo cache. | |
| sudo chown -R 12021:0 /tmp/renovate/ | |
| ls -R $cache_dir | |
| - uses: renovatebot/github-action@v44.2.0 | |
| with: | |
| configurationFile: self-hosted.json5 | |
| token: ${{ secrets.GH_TOKEN }} | |
| env: | |
| # This enables the cache -- if this is set, it's not necessary to add it to renovate.json. | |
| RENOVATE_REPOSITORY_CACHE: ${{ github.event.inputs.repoCache || 'enabled' }} | |
| LOG_LEVEL: ${{ github.event.inputs.logLevel || 'INFO' }} | |
| RENOVATE_GIT_PRIVATE_KEY: ${{ secrets.RENOVATE_GIT_PRIVATE_KEY }} | |
| RENOVATE_AUTODISCOVER: ${{ github.event.inputs.repositories != null && 'false' || 'true' }} | |
| RENOVATE_REPOSITORIES: ${{ github.event.inputs.repositories }} | |
| - name: Delete previous cache | |
| if: ${{ github.event.inputs.repoCache != 'disabled' && steps.cache-restore.outputs.cache-hit }} | |
| continue-on-error: true | |
| run: gh cache delete "${{ env.cache_key }}" | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Save cache | |
| uses: actions/cache/save@v5 | |
| if: github.event.inputs.repoCache != 'disabled' | |
| with: | |
| path: ${{ env.cache_dir }} | |
| key: ${{ env.cache_key }} | |