Skip to content

Renovate

Renovate #217

Workflow file for this run

name: Renovate
on:
workflow_dispatch:
schedule:
- cron: "0 3 * * *"
permissions:
contents: read
jobs:
renovate:
name: Renovate
runs-on: ubuntu-latest
permissions:
id-token: write # required for federation
contents: write
steps:
- uses: chainguard-dev/setup-chainctl@2cddd35a2f120d9973e58094dc6878c93cf58c28 # v0.5.1
with:
identity: 45a0c61ea6fd977f050c5fb9ac06a69eed764595/3827402530de6dbf
- uses: octo-sts/action@f603d3be9d8dd9871a265776e625a27b00effe05 # v1.1.1
id: octo-sts
with:
scope: ${{ github.repository }}
identity: renovate
- shell: bash
run: |
RENOVATE_DOCKER_CGR_DEV_PASSWORD=$(chainctl auth token --audience=cgr.dev)
echo "::add-mask::$RENOVATE_DOCKER_CGR_DEV_PASSWORD"
echo "RENOVATE_DOCKER_CGR_DEV_PASSWORD=$RENOVATE_DOCKER_CGR_DEV_PASSWORD" >> $GITHUB_ENV
- name: Run Renovate
uses: renovatebot/github-action@dd5302ec17783b2fc721b19ae7209b57b1587765 # v46.1.17
env:
# LOG_LEVEL: "debug"
RENOVATE_TOKEN: ${{ steps.octo-sts.outputs.token }}
RENOVATE_REPOSITORIES: ${{ github.repository }}
RENOVATE_DETECT_HOST_RULES_FROM_ENV: "true"
RENOVATE_DOCKER_CGR_DEV_USERNAME: "_token"