From 7da98256bf2e3a03905cc2813d6b5b2eeb54f760 Mon Sep 17 00:00:00 2001 From: Geoff Lamrock Date: Wed, 9 Aug 2023 13:42:14 +1000 Subject: [PATCH] Adds dependency management using renovate (#2) --- .eslintignore | 3 +- .../renovate-pull-request-automation.yml | 26 +++++++++++++++ .github/workflows/update-dependencies.yml | 28 ++++++++++++++++ renovate-config.js | 32 +++++++++++++++++++ 4 files changed, 88 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/renovate-pull-request-automation.yml create mode 100644 .github/workflows/update-dependencies.yml create mode 100644 renovate-config.js diff --git a/.eslintignore b/.eslintignore index d0ce010a..2228158d 100644 --- a/.eslintignore +++ b/.eslintignore @@ -1,4 +1,5 @@ node_modules/* **/package.json **/dist/**/* -**/coverage/* \ No newline at end of file +**/coverage/* +renovate-config.js \ No newline at end of file diff --git a/.github/workflows/renovate-pull-request-automation.yml b/.github/workflows/renovate-pull-request-automation.yml new file mode 100644 index 00000000..86c33e20 --- /dev/null +++ b/.github/workflows/renovate-pull-request-automation.yml @@ -0,0 +1,26 @@ +name: Renovate Pull Request Approval + +on: + pull_request: + branches: [main] + +# Increase the access for the GITHUB_TOKEN +permissions: + # This Allows the GITHUB_TOKEN to approve pull requests + pull-requests: write + # This Allows the GITHUB_TOKEN to auto merge pull requests + contents: write + +env: + PR_URL: ${{github.event.pull_request.html_url}} + # By default, GitHub Actions workflows triggered by renovate get a GITHUB_TOKEN with read-only permissions. + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + +jobs: + approve_renovate_pull_requests: + runs-on: ubuntu-latest + name: Approve renovate pull request + if: ${{ (github.actor == 'Octobob') && (contains(github.head_ref, 'renovate')) }} + steps: + - name: Approve a renovate created PR + run: gh pr review --approve "$PR_URL" diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml new file mode 100644 index 00000000..ebd38acd --- /dev/null +++ b/.github/workflows/update-dependencies.yml @@ -0,0 +1,28 @@ +name: Renovate +on: + schedule: + - cron: "0 0 * * *" + + workflow_dispatch: + inputs: + dryRun: + type: boolean + required: false + default: false + description: Dry run (don't create PRs) + +jobs: + renovate: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Self-hosted Renovate + uses: renovatebot/github-action@v39.0.1 + with: + configurationFile: renovate-config.js + token: ${{ secrets.RENOVATE_GITHUB_TOKEN }} + env: + LOG_LEVEL: debug + RENOVATE_DRY_RUN: ${{ inputs.dryRun && 'full' || null }} diff --git a/renovate-config.js b/renovate-config.js new file mode 100644 index 00000000..9cdc46c3 --- /dev/null +++ b/renovate-config.js @@ -0,0 +1,32 @@ +module.exports = { + extends: [ + "config:base", + ":disableMajorUpdates", + ":ignoreModulesAndTests", + ":pinVersions", + ":rebaseStalePrs", + ":automergeDigest", + ":automergePatch", + ":automergePr", + ":automergeRequireAllStatusChecks", + ":automergeLinters", + ":automergeTesters", + ":automergeTypes", + "packages:eslint", + "workarounds:typesNodeVersioning", + "github>whitesource/merge-confidence:beta", + ], + branchPrefix: "renovate/", + platform: "github", + repositories: ["OctopusDeploy/login"], + packageRules: [], + timezone: "Australia/Brisbane", + onboarding: false, + requireConfig: false, + allowedPostUpgradeCommands: [".*"], + postUpgradeTasks: { + commands: ["npm install && npm run build"], + fileFilters: ["**/index.js"], + executionMode: "update", + }, +};