diff --git a/.changeset/shiny-fishes-bake.md b/.changeset/shiny-fishes-bake.md new file mode 100644 index 0000000..16de579 --- /dev/null +++ b/.changeset/shiny-fishes-bake.md @@ -0,0 +1,6 @@ +--- +"@bfra.me/.github": major +--- + +Update to @bfra-me/renovate-action v5 + \ No newline at end of file diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 50914f0..5b0bfea 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -12,21 +12,22 @@ allowedVersions: '<=3.12', }, { - description: 'Enable SemVer digest pinning of @bfra-me GitHub actions, reusable workflows, and Renovate config presets.', - matchDatasources: ['github-tags'], - matchPackageNames: ['@bfra.me/**', 'bfra-me/**'], + description: 'Enable SemVer pinning of @bfra-me GitHub actions, reusable workflows, and Renovate config presets.', + matchPackageNames: ['@bfra.me/{/,}**', 'bfra-me/{/,}**'], + pinDigests: false, updatePinnedDependencies: false, }, { - description: 'Enable SemVer digest pinning of @bfra-me GitHub actions, reusable workflows, and Renovate config presets.', - matchDatasources: ['github-tags'], - matchPackageNames: ['@bfra.me/**', 'bfra-me/**'], + description: 'Enable SemVer pinning of @bfra-me GitHub actions, reusable workflows, and Renovate config presets.', + matchPackageNames: ['@bfra.me/{/,}**', 'bfra-me/{/,}**'], matchUpdateTypes: ['major'], + pinDigests: false, + rangeStrategy: 'bump', updatePinnedDependencies: true, }, ], postUpgradeTasks: { - commands: ['pnpm install --frozen-lockfile --ignore-scripts', 'pnpm run format'], + commands: ['pnpm run bootstrap', 'pnpm run format'], executionMode: 'branch', }, prCreation: 'not-pending', diff --git a/.github/settings.yml b/.github/settings.yml index 32a1bfa..18aea2e 100644 --- a/.github/settings.yml +++ b/.github/settings.yml @@ -11,8 +11,8 @@ branches: - name: main protection: required_status_checks: - strict: false - contexts: ['Lint', 'Release', 'Renovate'] + strict: true + contexts: ['Create Renovate Changeset', 'Lint', 'Release', 'Renovate'] enforce_admins: true required_pull_request_reviews: null restrictions: null diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 758c612..9eae0d3 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -56,7 +56,6 @@ jobs: with: app-id: ${{ secrets.APPLICATION_ID }} private-key: ${{ secrets.APPLICATION_PRIVATE_KEY }} - owner: ${{ github.repository_owner }} - name: Setup Git user run: | git config --global user.email '118100583+bfra-me[bot]@users.noreply.github.com' diff --git a/.github/workflows/renovate-changeset.yaml b/.github/workflows/renovate-changeset.yaml index 1605dea..cb7d0bf 100644 --- a/.github/workflows/renovate-changeset.yaml +++ b/.github/workflows/renovate-changeset.yaml @@ -5,6 +5,9 @@ name: Create Renovate Changeset merge_group: pull_request_target: +permissions: + contents: read + jobs: create-changeset: name: Create Renovate Changeset diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index e5aa9a1..d834163 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -101,7 +101,7 @@ jobs: dry_run: ${{ github.event_name == 'push' && github.ref != 'refs/heads/main' }} if: >- ${{ !contains('["push", "workflow_run"]', github.event_name) || github.event.workflow_run.conclusion == 'success' || steps.filter.outputs.changes == 'true' }} - uses: bfra-me/renovate-action@v4 + uses: bfra-me/renovate-action@v5 with: autodiscover: ${{ env.autodiscover }} branch: ${{ (github.ref_name != github.event.repository.default_branch || env.dry_run == 'true') && ( github.head_ref || github.ref_name ) || '' }} diff --git a/.github/workflows/update-repo-settings.yaml b/.github/workflows/update-repo-settings.yaml index cfecb9d..f2bb5e3 100644 --- a/.github/workflows/update-repo-settings.yaml +++ b/.github/workflows/update-repo-settings.yaml @@ -49,7 +49,6 @@ jobs: with: app-id: ${{ secrets.APPLICATION_ID }} private-key: ${{ secrets.APPLICATION_PRIVATE_KEY }} - owner: ${{ github.repository_owner }} - env: GITHUB_TOKEN: ${{ steps.get-workflow-access-token.outputs.token }}