commit d9e0ef599155d94a57dbb7fa4f62e158305d4075 Author: keligrubb Date: Sat Feb 21 21:23:43 2026 -0500 first commit diff --git a/.woodpecker/ci.yml b/.woodpecker/ci.yml new file mode 100644 index 0000000..c13b0e7 --- /dev/null +++ b/.woodpecker/ci.yml @@ -0,0 +1,13 @@ +steps: + - name: renovate + image: renovate/renovate + when: + - event: cron + - event: manual + environment: + RENOVATE_TOKEN: + from_secret: renovate_token + RENOVATE_PLATFORM: gitea + RENOVATE_ENDPOINT: https://git.keligrubb.com + RENOVATE_AUTODISCOVER: "true" + RENOVATE_CONFIG_FILE: renovate.json diff --git a/README.md b/README.md new file mode 100644 index 0000000..0bfdb8a --- /dev/null +++ b/README.md @@ -0,0 +1,51 @@ +# Renovate + Woodpecker CI for Gitea + +This repo runs [Renovate](https://docs.renovatebot.com/) via [Woodpecker CI](https://woodpecker-ci.org/) on a weekly schedule. Renovate autodiscovers all repositories your Gitea bot can access and opens pull requests for dependency updates. + +## How it works + +- **Woodpecker** runs a single pipeline step on the `cron` event (weekly). +- The step uses the official `renovate/renovate` Docker image and loads config from **renovate.json** in this repo. +- Renovate finds every Gitea repo the bot token can access (push/pull, PRs enabled, non-mirror) and creates/updates PRs there. Minor and patch updates are grouped into one PR per repo; major updates stay in separate PRs. + +## Setup + +### 1. Woodpecker cron job + +Woodpecker does not define cron schedules in YAML. You must create the schedule in the UI: + +1. Open **repository settings** for this repo in Woodpecker. +2. Add a **cron job** (e.g. name: `renovate-weekly`). +3. Set the schedule to **weekly**, e.g. `@weekly` or `0 0 * * 0` (Sunday 00:00). + +### 2. Woodpecker secrets + +Configure this secret at repository or organization level: + +| Secret | Description | +|--------|-------------| +| `renovate_token` | Gitea Personal Access Token (PAT) for the bot account | + +The Gitea endpoint (`RENOVATE_ENDPOINT`) is set in [.woodpecker/ci.yml](.woodpecker/ci.yml); change it there if your instance has a different URL. + +Optional: `RENOVATE_GITHUB_COM_TOKEN` — read-only GitHub PAT if any dependencies or changelogs come from GitHub (reduces rate limit issues). + +### 3. Gitea Personal Access Token (PAT) + +Create a bot user for Renovate in Gitea (or your identity provider) so PRs and commits show as the bot; ensure it has access to all repos you want updated. Then create a PAT for that user: + +1. Log in to Gitea as the bot user. +2. Go to **Settings** → **Applications** (or `https://your-gitea/user/settings/applications`). +3. **Manage Access Tokens** / **Generate New Token**. Name it (e.g. `renovate-woodpecker`). +4. Set permissions: **repository** (Read and write), **user** (Read), **issue** (Read and write), **organization** (Read). Add **package** (Read) if you use Gitea packages. +5. Create the token and **copy it immediately** (it is shown only once). +6. Store that value as the `renovate_token` secret in Woodpecker. +7. In **renovate.json**, set `gitAuthor` to match the bot (e.g. `"Renovate Bot "`). + +## Configuration + +Renovate is configured in **renovate.json** in this repo. That file sets platform, autodiscover, grouping (`group:allNonMajor`), best-practices presets, and disables the Dependency Dashboard (not supported on Gitea). Token and endpoint are provided only via pipeline environment (secrets). Individual target repos can override behavior with their own `renovate.json`. + +## Narrowing scope + +To limit which repos Renovate processes, add `autodiscoverFilter` (e.g. `["my-org/*"]`) or `autodiscoverNamespaces` in **renovate.json**, or set `RENOVATE_AUTODISCOVER_FILTER` in the pipeline environment. diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..1e6df02 --- /dev/null +++ b/renovate.json @@ -0,0 +1,7 @@ +{ + "platform": "gitea", + "autodiscover": true, + "extends": ["config:best-practices", "group:allNonMajor"], + "gitAuthor": "Renovate Bot ", + "dependencyDashboard": false +}