renovate #263
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: renovate | |
| # Self-hosted Renovate against this repo only. | |
| # | |
| # This is the consumer wrapper that runs the template-renovate reusable | |
| # workflow (defined in this same repo at .github/workflows/renovate.yml) | |
| # against github-action-templates itself. Other consumer repos use an | |
| # identical 1-line consumer file. | |
| # | |
| # Lives at renovate-self.yml (not renovate.yml) so it doesn't collide | |
| # with the template file's filename. | |
| on: | |
| schedule: | |
| # Every 4 hours, offset by 17 minutes to avoid the GitHub cron rush. | |
| - cron: '17 */4 * * *' | |
| workflow_dispatch: | |
| inputs: | |
| log-level: | |
| description: Renovate log level | |
| required: false | |
| type: choice | |
| default: info | |
| options: [info, debug, trace] | |
| dry-run: | |
| description: Renovate dry-run mode (normal = real run, others = dry-run levels) | |
| required: false | |
| type: choice | |
| default: normal | |
| options: [normal, full, extract, lookup] | |
| jobs: | |
| renovate: | |
| uses: ./.github/workflows/renovate.yaml | |
| # secrets: inherit passes the org-level INTEGRATION_APP_PRIVATE_KEY | |
| # through to the reusable workflow so it can mint a real App token | |
| # and unblock cross-repo / ghcr.io lookups. Without this the template | |
| # falls back to GITHUB_TOKEN. | |
| secrets: inherit | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| issues: write | |
| with: | |
| log-level: ${{ inputs.log-level || 'info' }} | |
| # Translate the 'normal' sentinel back to empty so the reusable | |
| # workflow runs Renovate without RENOVATE_DRY_RUN. Actionlint | |
| # forbids empty strings in choice options, so we can't use '' | |
| # directly above. Conditional must be `!= 'normal' && val || ''` | |
| # — the `==` form short-circuits to the input value because `''` | |
| # is falsy in GHA expressions, so `'' || inputs.dry-run` yields | |
| # the original value, leaving Renovate stuck in dry-run forever. | |
| dry-run: ${{ inputs.dry-run != 'normal' && inputs.dry-run || '' }} |