Skip to content

Renovate

Renovate #6

Workflow file for this run

name: Renovate
on:
workflow_dispatch:
schedule:
- cron: "0 3 * * *"
permissions:
contents: read
jobs:
renovate:
name: Renovate
runs-on: ubuntu-latest
permissions:
id-token: write # required for federation
contents: write
steps:
- uses: chainguard-dev/setup-chainctl@be0acd273acf04bfdf91f51198327e719f6af978 # v0.4.0
with:
identity: 45a0c61ea6fd977f050c5fb9ac06a69eed764595/3827402530de6dbf
- uses: octo-sts/action@8d6ac62df8bd60823d047d41679ba4a179ff57cc # v1.1.0
id: octo-sts
with:
scope: ${{ github.repository }}
identity: renovate
- shell: bash
run: |
RENOVATE_DOCKER_CGR_DEV_PASSWORD=$(chainctl auth token --audience=cgr.dev)
echo "::add-mask::$RENOVATE_DOCKER_CGR_DEV_PASSWORD"
echo "RENOVATE_DOCKER_CGR_DEV_PASSWORD=$RENOVATE_DOCKER_CGR_DEV_PASSWORD" >> $GITHUB_ENV
- name: Run Renovate
uses: renovatebot/github-action@5712c6a41dea6cdf32c72d92a763bd417e6606aa # v44.0.5
env:
# LOG_LEVEL: "debug"
RENOVATE_TOKEN: ${{ steps.octo-sts.outputs.token }}
RENOVATE_REPOSITORIES: ${{ github.repository }}
RENOVATE_DETECT_HOST_RULES_FROM_ENV: "true"
RENOVATE_DOCKER_CGR_DEV_USERNAME: "_token"