sm-renovate/actions/renovate/action.yaml at 27c07eca8eebdb19d015e2dd20d062536da43ee0 · grafana/sm-renovate · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
name: Self-hosted Renovate
description: Run renovate

inputs:
  use-current-branch:
    description: |-
      Run renovate off the branch for which this GitHub Action was invoked, instead of the default branch.
      Must be used with dry-run.
    required: false
    default: "false"
  dry-run:
    description: "Run Renovate in dry-run mode."
    required: false
    default: "false"
  renovate-version:
    description: >-
      Renovate version to use (image tag).
      Leave empty to use the version specified in this repo, which is updated in sync with that of the renovate action.
      Alternatively, specify it and include the `renovate-version.json5` preset to have it updated.
    required: false
    # Renovate updates the line below. Please keep its formatting as it is.
    default: 43.46.6@sha256:a1ff495aa301e5bdea0de234dfa2acf6283f1969f35f8d4340004c7491ae20f9 # renovate-version
runs:
  using: composite
  steps:
    - name: Check options
      shell: bash
      env:
        GITHUB_EVENT_NAME: ${{ github.event_name }}
        INPUTS_DRY_RUN: ${{ inputs.dry-run }}
        INPUTS_USE_CURRENT_BRANCH: ${{ inputs.use-current-branch }}
      run: |-
        if [[ "${INPUTS_USE_CURRENT_BRANCH}" = "true" ]] && [[ "${INPUTS_DRY_RUN}" != "true" ]]; then
          echo "::error title=Renovate action misconfigured::Refusing to run off the current branch without dry-run"
          exit 1
        fi

        if [[ "${INPUTS_USE_CURRENT_BRANCH}" = "true" ]] && [[ "${GITHUB_EVENT_NAME}" != "pull_request" ]]; then
          echo "::error title=Renovate action misconfigured::use-current-branch should only be used in pull_request events."
          exit 1
        fi

    - name: retrieve secrets
      id: get-secrets
      uses: grafana/shared-workflows/actions/get-vault-secrets@f1614b210386ac420af6807a997ac7f6d96e477a # get-vault-secrets/v1.3.1
      with:
        common_secrets: |
          GRAFANA_RENOVATE_APP_ID=grafana-renovate-app:app-id
          GRAFANA_RENOVATE_PRIVATE_KEY=grafana-renovate-app:private-key

    - name: create GitHub app token
      id: app-token
      uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3
      with:
        app-id: ${{ env.GRAFANA_RENOVATE_APP_ID }}
        private-key: ${{ env.GRAFANA_RENOVATE_PRIVATE_KEY }}
        owner: ${{ github.repository_owner }}

    - name: Self-hosted Renovate
      uses: renovatebot/github-action@7b4b65bf31e07d4e3e51708d07700fb41bc03166 # v46.1.3
      with:
        renovate-version: ${{ inputs.renovate-version }}
        token: ${{ steps.app-token.outputs.token }}
        # Default filter, plus GOPRIVATE.
        env-regex: "^(?:RENOVATE_\\w+|LOG_LEVEL|GITHUB_COM_TOKEN|NODE_OPTIONS|AWS_TOKEN|GOPRIVATE)$"
      env:
        LOG_LEVEL: debug
        RENOVATE_DRY_RUN: ${{ inputs.dry-run }}
        RENOVATE_PLATFORM: github
        RENOVATE_REPOSITORIES: ${{ github.repository }}
        RENOVATE_USERNAME: GrafanaRenovateBot
        # https://docs.renovatebot.com/configuration-options/#usebasebranchconfig
        RENOVATE_USE_BASE_BRANCH_CONFIG: ${{ inputs.use-current-branch && 'merge' || 'none' }}
        # If dry-run is set and this is a PR event, run renovate off the branch being PR'd.
        # https://docs.renovatebot.com/configuration-options/#basebranches
        # https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/accessing-contextual-information-about-workflow-runs#github-context
        RENOVATE_BASE_BRANCHES: ${{ inputs.use-current-branch && github.head_ref || '' }}
        GOPRIVATE: github.com/grafana # Allows fetching private dependencies.