Skip to content

Renovate

Renovate #449

Workflow file for this run

name: Renovate
on:
schedule:
- cron: '41 */6 * * *'
workflow_dispatch:
jobs:
renovate:
permissions:
contents: read # needed to read the contents of the repository
id-token: write # needed to create a GitHub App token
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Checkout Code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: retrieve secrets
id: get-secrets
uses: grafana/shared-workflows/actions/get-vault-secrets@7d18a46aafb8b875ed76a0bc98852d74b91e7f91 # v1.0.0
with:
common_secrets: |
GRAFANA_RENOVATE_APP_ID=grafana-renovate-app:app-id
GRAFANA_RENOVATE_PRIVATE_KEY=grafana-renovate-app:private-key
- name: create GitHub app token
id: app-token
# Beware that the token generated here has elevated permissions wrt to
# the ones set in the action. In particular, it will be able to write
# to the repository (e.g. create branches) and create pull requests.
uses: actions/create-github-app-token@v1
with:
app-id: ${{ env.GRAFANA_RENOVATE_APP_ID }}
private-key: ${{ env.GRAFANA_RENOVATE_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Self-hosted Renovate
uses: renovatebot/github-action@dd4d265eb8646cd04fc5f86ff8bc8d496d75a251 # v40.2.8
with:
renovate-version: 37.420.1@sha256:528f003c9aa77f6e916e3f9f5cc2fb9ae16fcf285af66f412a34325124f4a00e
configurationFile: .github/renovate-app.json
token: '${{ steps.app-token.outputs.token }}'
env:
LOG_LEVEL: debug
RENOVATE_PLATFORM: github
RENOVATE_REPOSITORIES: ${{ github.repository }}
RENOVATE_USERNAME: GrafanaRenovateBot