From ae2bf1dfa0f84a1b673da85a0d15a4c71b94a129 Mon Sep 17 00:00:00 2001 From: Geoff Lamrock Date: Tue, 12 Dec 2023 15:16:05 +1100 Subject: [PATCH] Add renovate for dependency management (#26) --- .../renovate-pull-request-automation.yml | 26 +++++++++++++++ .github/workflows/update-dependencies.yml | 28 ++++++++++++++++ renovate-config.js | 33 +++++++++++++++++++ tsconfig.eslint.json | 6 +++- 4 files changed, 92 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/renovate-pull-request-automation.yml create mode 100644 .github/workflows/update-dependencies.yml create mode 100644 renovate-config.js diff --git a/.github/workflows/renovate-pull-request-automation.yml b/.github/workflows/renovate-pull-request-automation.yml new file mode 100644 index 00000000..86c33e20 --- /dev/null +++ b/.github/workflows/renovate-pull-request-automation.yml @@ -0,0 +1,26 @@ +name: Renovate Pull Request Approval + +on: + pull_request: + branches: [main] + +# Increase the access for the GITHUB_TOKEN +permissions: + # This Allows the GITHUB_TOKEN to approve pull requests + pull-requests: write + # This Allows the GITHUB_TOKEN to auto merge pull requests + contents: write + +env: + PR_URL: ${{github.event.pull_request.html_url}} + # By default, GitHub Actions workflows triggered by renovate get a GITHUB_TOKEN with read-only permissions. + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + +jobs: + approve_renovate_pull_requests: + runs-on: ubuntu-latest + name: Approve renovate pull request + if: ${{ (github.actor == 'Octobob') && (contains(github.head_ref, 'renovate')) }} + steps: + - name: Approve a renovate created PR + run: gh pr review --approve "$PR_URL" diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml new file mode 100644 index 00000000..4a1c2e0f --- /dev/null +++ b/.github/workflows/update-dependencies.yml @@ -0,0 +1,28 @@ +name: Renovate +on: + schedule: + - cron: "0 1 * * *" + + workflow_dispatch: + inputs: + dryRun: + type: boolean + required: false + default: false + description: Dry run (don't create PRs) + +jobs: + renovate: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Self-hosted Renovate + uses: renovatebot/github-action@0dbf03d3f50da30b8e523f51b628d2743c4934dc # v39.0.6 + with: + configurationFile: renovate-config.js + token: ${{ secrets.RENOVATE_GITHUB_TOKEN }} + env: + LOG_LEVEL: debug + RENOVATE_DRY_RUN: ${{ inputs.dryRun && 'full' || null }} diff --git a/renovate-config.js b/renovate-config.js new file mode 100644 index 00000000..f36355aa --- /dev/null +++ b/renovate-config.js @@ -0,0 +1,33 @@ +// eslint-disable-next-line import/no-commonjs +module.exports = { + extends: [ + 'config:base', + ':disableMajorUpdates', + ':ignoreModulesAndTests', + ':pinVersions', + ':rebaseStalePrs', + ':automergeDigest', + ':automergePatch', + ':automergePr', + ':automergeRequireAllStatusChecks', + ':automergeLinters', + ':automergeTesters', + ':automergeTypes', + 'packages:eslint', + 'workarounds:typesNodeVersioning', + 'github>whitesource/merge-confidence:beta' + ], + branchPrefix: 'renovate/', + platform: 'github', + repositories: ['OctopusDeploy/deploy-release-tenanted-action'], + packageRules: [], + timezone: 'Australia/Brisbane', + onboarding: false, + requireConfig: false, + allowedPostUpgradeCommands: ['.*'], + postUpgradeTasks: { + commands: ['npm install && npm run build'], + fileFilters: ['**/index.js'], + executionMode: 'update' + } +} diff --git a/tsconfig.eslint.json b/tsconfig.eslint.json index 0cb6892e..75012ab7 100644 --- a/tsconfig.eslint.json +++ b/tsconfig.eslint.json @@ -3,5 +3,9 @@ "include": [ "src", "__tests__", - ] + "renovate-config.js" + ], + "compilerOptions": { + "allowJs": true + } } \ No newline at end of file