diff --git a/.woodpecker/ci.yml b/.woodpecker/ci.yml index c13b0e7..a7a45c8 100644 --- a/.woodpecker/ci.yml +++ b/.woodpecker/ci.yml @@ -1,6 +1,6 @@ steps: - name: renovate - image: renovate/renovate + image: renovate/renovate:full when: - event: cron - event: manual @@ -11,3 +11,5 @@ steps: RENOVATE_ENDPOINT: https://git.keligrubb.com RENOVATE_AUTODISCOVER: "true" RENOVATE_CONFIG_FILE: renovate.json + RENOVATE_GITHUB_COM_TOKEN: + from_secret: renovate_github_com_token diff --git a/README.md b/README.md index 0bfdb8a..8c2f8a3 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,10 @@ # Renovate + Woodpecker CI for Gitea -This repo runs [Renovate](https://docs.renovatebot.com/) via [Woodpecker CI](https://woodpecker-ci.org/) on a weekly schedule. Renovate autodiscovers all repositories your Gitea bot can access and opens pull requests for dependency updates. +This repo runs [Renovate](https://docs.renovatebot.com/) via [Woodpecker CI](https://woodpecker-ci.org/) on a schedule you define (e.g. every 12 hours). Renovate autodiscovers all repositories your Gitea bot can access and opens pull requests for dependency updates. ## How it works -- **Woodpecker** runs a single pipeline step on the `cron` event (weekly). +- **Woodpecker** runs a single pipeline step on the `cron` event whenever the cron job triggers. - The step uses the official `renovate/renovate` Docker image and loads config from **renovate.json** in this repo. - Renovate finds every Gitea repo the bot token can access (push/pull, PRs enabled, non-mirror) and creates/updates PRs there. Minor and patch updates are grouped into one PR per repo; major updates stay in separate PRs. @@ -15,20 +15,22 @@ This repo runs [Renovate](https://docs.renovatebot.com/) via [Woodpecker CI](htt Woodpecker does not define cron schedules in YAML. You must create the schedule in the UI: 1. Open **repository settings** for this repo in Woodpecker. -2. Add a **cron job** (e.g. name: `renovate-weekly`). -3. Set the schedule to **weekly**, e.g. `@weekly` or `0 0 * * 0` (Sunday 00:00). +2. Add a **cron job** (e.g. name: `renovate`). +3. Set the schedule. Examples: + - **Every 12 hours**: `0 */12 * * *` (00:00 and 12:00) + - **Daily**: `@daily` or `0 0 * * *` (midnight) + - **Weekly**: `@weekly` or `0 0 * * 0` (Sunday 00:00) ### 2. Woodpecker secrets -Configure this secret at repository or organization level: +Configure these secrets at repository or organization level: -| Secret | Description | -|--------|-------------| -| `renovate_token` | Gitea Personal Access Token (PAT) for the bot account | +| Secret | Required | Description | +|--------|----------|-------------| +| `renovate_token` | Yes | Gitea Personal Access Token (PAT) for the bot account | +| `renovate_github_com_token` | No | **Recommended.** Read-only GitHub PAT so Renovate can fetch changelogs and release notes without hitting anonymous rate limits. Create at [GitHub → Settings → Developer settings → Personal access tokens](https://github.com/settings/tokens) with scope `read:packages` (or no scopes for public data). If your Woodpecker setup fails when this secret is missing, remove the `RENOVATE_GITHUB_COM_TOKEN` / `renovate_github_com_token` lines from [.woodpecker/ci.yml](.woodpecker/ci.yml). | -The Gitea endpoint (`RENOVATE_ENDPOINT`) is set in [.woodpecker/ci.yml](.woodpecker/ci.yml); change it there if your instance has a different URL. - -Optional: `RENOVATE_GITHUB_COM_TOKEN` — read-only GitHub PAT if any dependencies or changelogs come from GitHub (reduces rate limit issues). +The Gitea endpoint (`RENOVATE_ENDPOINT`) is set in [.woodpecker/ci.yml](.woodpecker/ci.yml); change it there if your instance has a different URL. The pipeline passes `renovate_github_com_token` as `RENOVATE_GITHUB_COM_TOKEN` when the secret is set. ### 3. Gitea Personal Access Token (PAT) @@ -44,7 +46,11 @@ Create a bot user for Renovate in Gitea (or your identity provider) so PRs and c ## Configuration -Renovate is configured in **renovate.json** in this repo. That file sets platform, autodiscover, grouping (`group:allNonMajor`), best-practices presets, and disables the Dependency Dashboard (not supported on Gitea). Token and endpoint are provided only via pipeline environment (secrets). Individual target repos can override behavior with their own `renovate.json`. +Renovate is configured in **renovate.json** in this repo. That file sets platform, autodiscover, grouping (`group:allNonMajor`), best-practices presets, and disables the Dependency Dashboard via the `:disableDependencyDashboard` preset (so it stays off even when presets enable it). Token and endpoint are provided only via pipeline environment (secrets). + +**Target repos:** If a repo has its own **renovate.json**, it is merged on top of this global config. A repo that sets its own `extends` (e.g. `"extends": ["config:recommended"]`) can effectively replace the global extends and lose grouping or re-enable the dashboard. To keep bundled PRs and no dashboard, either leave that repo without a renovate config file or ensure its config does not override `extends` / dashboard settings. + +The pipeline uses the **renovate/renovate:full** image so lock file updates (e.g. `package-lock.json`) have npm and other package managers available; the default slim image installs them at runtime and can sometimes produce artifact update failures in CI. ## Narrowing scope diff --git a/renovate.json b/renovate.json index 1e6df02..5543eee 100644 --- a/renovate.json +++ b/renovate.json @@ -1,7 +1,10 @@ { "platform": "gitea", "autodiscover": true, - "extends": ["config:best-practices", "group:allNonMajor"], - "gitAuthor": "Renovate Bot ", - "dependencyDashboard": false + "extends": [ + "config:best-practices", + "group:allNonMajor", + ":disableDependencyDashboard" + ], + "gitAuthor": "Renovate Bot " }