Compare commits
1 Commits
1.0.0+41-f
...
secret-tes
| Author | SHA1 | Date | |
|---|---|---|---|
| 0acbde9f48 |
@ -18,8 +18,6 @@ steps:
|
||||
RENOVATE_ENDPOINT: https://git.coopcloud.tech/api/v1/
|
||||
RENOVATE_REPOSITORIES: coop-cloud/renovate
|
||||
RENOVATE_DRY_RUN: "extract"
|
||||
SECRET_RENOVATE_TOKEN_VERSION: v1
|
||||
APP_ENTRYPOINT_VERSION: v1
|
||||
# TODO: Set a valid token so it can execute once against this repo.
|
||||
trigger:
|
||||
branch:
|
||||
|
||||
15
.env.sample
15
.env.sample
@ -10,15 +10,6 @@ RENOVATE_ENDPOINT="https://gitea.example.com/api/v1/"
|
||||
RENOVATE_GIT_AUTHOR="Renovate Bot <renovate@your-domain.example.com>"
|
||||
RENOVATE_PLATFORM="gitea"
|
||||
|
||||
## Secrets - only RENOVATE_TOKEN is required for writing to your git forge.
|
||||
## The github token is recommended to fetch changelogs.
|
||||
## Other secrets may be needed to access private packages: https://docs.renovatebot.com/getting-started/private-packages/
|
||||
SECRET_RENOVATE_TOKEN_VERSION=v1 # generate=false
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.gh-token.yml"
|
||||
# SECRET_GITHUB_COM_TOKEN_VERSION=v1 # generate=false
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.npm-token.yml"
|
||||
# SECRET_RENOVATE_NPM_TOKEN_VERSION=v1 # generate=false
|
||||
|
||||
## This controls the contents of the initial renovate.json file created in onboarding PRs.
|
||||
RENOVATE_ONBOARDING_CONFIG='{"$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": ["config:recommended"] }'
|
||||
|
||||
@ -26,11 +17,11 @@ RENOVATE_ONBOARDING_CONFIG='{"$schema": "https://docs.renovatebot.com/renovate-s
|
||||
#RENOVATE_AUTODISCOVER="true"
|
||||
#RENOVATE_AUTODISCOVER_FILTER="my-org/*,my-org2/*"
|
||||
|
||||
## If not using autodiscover, you can supply a comma-separated list of repos.
|
||||
## Ex: "coop-cloud/renovate,coop-cloud/keycloak"
|
||||
## If not using autodiscover, you can supply a space-separated list of repos.
|
||||
## Ex: "coop-cloud/renovate coop-cloud/keycloak"
|
||||
RENOVATE_REPOSITORIES=""
|
||||
|
||||
## Here's how to set assignees for pull requests. You can also configure this in each repo's renovate.json.
|
||||
#RENOVATE_ASSIGNEES="example-user1,example-user2"
|
||||
#RENOVATE_ASSIGNEES="example-user1 example-user2"
|
||||
## Or you could do this to set different assignees per path:
|
||||
#RENOVATE_ASSIGNEES_FROM_CODE_OWNERS=true
|
||||
|
||||
@ -21,8 +21,8 @@
|
||||
2. Obtain an API token for your target git forge. For example, here are the [docs for Gitea/Forgejo](https://docs.renovatebot.com/modules/platform/forgejo/).
|
||||
3. Renovate also recommends [obtaining a github.com token](https://docs.renovatebot.com/mend-hosted/github-com-token/) to fetch changelogs and to avoid rate limits. If your target git forge is github, this can technically be the same token as in step 1.
|
||||
4. `abra app new renovate`
|
||||
5. `abra app config <app-name>` (point it to your git forge and enable any optional secrets)
|
||||
6. Set the tokens obtained in steps 2 and 3: `abra app secret insert <app-name> renovate_token v1`
|
||||
5. `abra app config <app-name>`
|
||||
6. Set the tokens obtained in steps 2 and 3.
|
||||
7. `abra app deploy <app-name>`
|
||||
|
||||
This recipe runs Renovate as a cronjob every hour (configurable via `CRON_SCHEDULE`) to check for dependency updates in a target set of git repositories. If it discovers a dependency that needs updating, it will create a pull request to update it.
|
||||
|
||||
@ -1,11 +0,0 @@
|
||||
services:
|
||||
app:
|
||||
secrets:
|
||||
- renovate_github_com_token
|
||||
environment:
|
||||
- RENOVATE_GITHUB_COM_TOKEN_FILE=/run/secrets/renovate_github_com_token
|
||||
|
||||
secrets:
|
||||
renovate_github_com_token:
|
||||
name: ${STACK_NAME}_renovate_github_com_token_${SECRET_GITHUB_COM_TOKEN_VERSION}
|
||||
external: true
|
||||
@ -1,11 +0,0 @@
|
||||
services:
|
||||
app:
|
||||
secrets:
|
||||
- renovate_npm_token
|
||||
environment:
|
||||
- RENOVATE_NPM_TOKEN_FILE=/run/secrets/renovate_npm_token
|
||||
|
||||
secrets:
|
||||
renovate_npm_token:
|
||||
name: ${STACK_NAME}_renovate_npm_token_${SECRET_NPM_TOKEN_VERSION}
|
||||
external: true
|
||||
25
compose.yml
25
compose.yml
@ -1,7 +1,10 @@
|
||||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
# Use "full" since the non-full version installs tools at runtime
|
||||
image: "renovate/renovate:41-full"
|
||||
image: "renovate/renovate:full"
|
||||
healthcheck:
|
||||
disable: true
|
||||
deploy:
|
||||
@ -10,26 +13,16 @@ services:
|
||||
labels:
|
||||
- "swarm.cronjob.enable=true"
|
||||
- "swarm.cronjob.schedule=${CRON_SCHEDULE}"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.0.0+41-full"
|
||||
restart_policy:
|
||||
condition: none
|
||||
environment:
|
||||
- RENOVATE_TOKEN_FILE=/run/secrets/renovate_token
|
||||
secrets:
|
||||
- renovate_token
|
||||
configs:
|
||||
- source: app_entrypoint
|
||||
target: /docker-entrypoint.sh
|
||||
mode: 0555
|
||||
entrypoint: /docker-entrypoint.sh
|
||||
- github_token
|
||||
|
||||
secrets:
|
||||
renovate_token:
|
||||
name: ${STACK_NAME}_renovate_token_${SECRET_RENOVATE_TOKEN_VERSION}
|
||||
name: ${STACK_NAME}_renovate_token_${RENOVATE_TOKEN_VERSION}
|
||||
external: true
|
||||
github_token:
|
||||
name: ${STACK_NAME}_github_token_${GITHUB_TOKEN_VERSION}
|
||||
external: true
|
||||
|
||||
configs:
|
||||
app_entrypoint:
|
||||
name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}
|
||||
file: entrypoint.sh.tmpl
|
||||
template_driver: golang
|
||||
|
||||
@ -27,12 +27,8 @@ file_env() {
|
||||
|
||||
file_env "RENOVATE_TOKEN"
|
||||
|
||||
{{ if not (eq (env "SECRET_GITHUB_COM_TOKEN_VERSION") "") }}
|
||||
{{ if eq (env "RENOVATE_GITHUB_COM_TOKEN") "1" }}
|
||||
file_env "RENOVATE_GITHUB_COM_TOKEN"
|
||||
{{ end }}
|
||||
|
||||
{{ if not (eq (env "SECRET_NPM_TOKEN_VERSION") "") }}
|
||||
file_env "RENOVATE_NPM_TOKEN"
|
||||
{{ end }}
|
||||
|
||||
/usr/local/sbin/renovate-entrypoint.sh "$@"
|
||||
|
||||
Reference in New Issue
Block a user