first commit

2026-02-21 21:23:43 -05:00
commit d9e0ef5991
3 changed files with 71 additions and 0 deletions
--- a/.woodpecker/ci.yml
+++ b/.woodpecker/ci.yml
@@ -0,0 +1,13 @@
+steps:
+  - name: renovate
+    image: renovate/renovate
+    when:
+      - event: cron
+      - event: manual
+    environment:
+      RENOVATE_TOKEN:
+        from_secret: renovate_token
+      RENOVATE_PLATFORM: gitea
+      RENOVATE_ENDPOINT: https://git.keligrubb.com
+      RENOVATE_AUTODISCOVER: "true"
+      RENOVATE_CONFIG_FILE: renovate.json
--- a/README.md
+++ b/README.md
@@ -0,0 +1,51 @@
+# Renovate + Woodpecker CI for Gitea
+
+This repo runs [Renovate](https://docs.renovatebot.com/) via [Woodpecker CI](https://woodpecker-ci.org/) on a weekly schedule. Renovate autodiscovers all repositories your Gitea bot can access and opens pull requests for dependency updates.
+
+## How it works
+
+- **Woodpecker** runs a single pipeline step on the `cron` event (weekly).
+- The step uses the official `renovate/renovate` Docker image and loads config from **renovate.json** in this repo.
+- Renovate finds every Gitea repo the bot token can access (push/pull, PRs enabled, non-mirror) and creates/updates PRs there. Minor and patch updates are grouped into one PR per repo; major updates stay in separate PRs.
+
+## Setup
+
+### 1. Woodpecker cron job
+
+Woodpecker does not define cron schedules in YAML. You must create the schedule in the UI:
+
+1. Open **repository settings** for this repo in Woodpecker.
+2. Add a **cron job** (e.g. name: `renovate-weekly`).
+3. Set the schedule to **weekly**, e.g. `@weekly` or `0 0 * * 0` (Sunday 00:00).
+
+### 2. Woodpecker secrets
+
+Configure this secret at repository or organization level:
+
+| Secret | Description |
+|--------|-------------|
+| `renovate_token` | Gitea Personal Access Token (PAT) for the bot account |
+
+The Gitea endpoint (`RENOVATE_ENDPOINT`) is set in [.woodpecker/ci.yml](.woodpecker/ci.yml); change it there if your instance has a different URL.
+
+Optional: `RENOVATE_GITHUB_COM_TOKEN` — read-only GitHub PAT if any dependencies or changelogs come from GitHub (reduces rate limit issues).
+
+### 3. Gitea Personal Access Token (PAT)
+
+Create a bot user for Renovate in Gitea (or your identity provider) so PRs and commits show as the bot; ensure it has access to all repos you want updated. Then create a PAT for that user:
+
+1. Log in to Gitea as the bot user.
+2. Go to **Settings** → **Applications** (or `https://your-gitea/user/settings/applications`).
+3. **Manage Access Tokens** / **Generate New Token**. Name it (e.g. `renovate-woodpecker`).
+4. Set permissions: **repository** (Read and write), **user** (Read), **issue** (Read and write), **organization** (Read). Add **package** (Read) if you use Gitea packages.
+5. Create the token and **copy it immediately** (it is shown only once).
+6. Store that value as the `renovate_token` secret in Woodpecker.
+7. In **renovate.json**, set `gitAuthor` to match the bot (e.g. `"Renovate Bot <renovate-bot@your-domain>"`).
+
+## Configuration
+
+Renovate is configured in **renovate.json** in this repo. That file sets platform, autodiscover, grouping (`group:allNonMajor`), best-practices presets, and disables the Dependency Dashboard (not supported on Gitea). Token and endpoint are provided only via pipeline environment (secrets). Individual target repos can override behavior with their own `renovate.json`.
+
+## Narrowing scope
+
+To limit which repos Renovate processes, add `autodiscoverFilter` (e.g. `["my-org/*"]`) or `autodiscoverNamespaces` in **renovate.json**, or set `RENOVATE_AUTODISCOVER_FILTER` in the pipeline environment.
--- a/renovate.json
+++ b/renovate.json
@@ -0,0 +1,7 @@
+{
+  "platform": "gitea",
+  "autodiscover": true,
+  "extends": ["config:best-practices", "group:allNonMajor"],
+  "gitAuthor": "Renovate Bot <renovate@keligrubb.com>",
+  "dependencyDashboard": false
+}