Update README.md

Co-authored-by: Cursor <cursoragent@cursor.com>

.gitea/workflows/renovate.yml

@@ -0,0 +1,42 @@
+name: Renovate
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 * * * *"
+
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: '24'
+
+      - name: Cache npm and Renovate
+        uses: actions/cache@v5
+        with:
+          path: |
+            ~/.npm
+            ~/.cache/renovate
+          key: renovate-${{ runner.os }}-${{ hashFiles('renovate.json') }}
+          restore-keys: |
+            renovate-${{ runner.os }}-
+
+      - name: Install Renovate
+        run: npm i -g renovate
+
+      - name: Run Renovate
+        env:
+          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
+          RENOVATE_PLATFORM: gitea
+          RENOVATE_ENDPOINT: https://git.keligrubb.com
+          RENOVATE_AUTODISCOVER: "true"
+          RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }}
+          RENOVATE_CONFIG_FILE: renovate.json
+        run: renovate

.woodpecker/ci.yml

@@ -1,13 +0,0 @@
-steps:
-  - name: renovate
-    image: renovate/renovate@sha256:99198d61d3c837085bdc94e0eafb1d57de3ecbfdc2e5e994817e589f71eacd16
-    when:
-      - event: cron
-      - event: manual
-    environment:
-      RENOVATE_TOKEN:
-        from_secret: renovate_token
-      RENOVATE_PLATFORM: gitea
-      RENOVATE_ENDPOINT: https://git.keligrubb.com
-      RENOVATE_AUTODISCOVER: "true"
-      RENOVATE_CONFIG_FILE: renovate.json

README.md

@@ -1,50 +1,55 @@
-# Renovate + Woodpecker CI for Gitea
+# Renovate + Gitea Actions for Gitea
 
-This repo runs [Renovate](https://docs.renovatebot.com/) via [Woodpecker CI](https://woodpecker-ci.org/) on a weekly schedule. Renovate autodiscovers all repositories your Gitea bot can access and opens pull requests for dependency updates.
+This repo runs [Renovate](https://docs.renovatebot.com/) via **Gitea Actions**, currently every hour. Renovate autodiscovers all Gitea repositories the bot user can access and opens PRs for dependency updates.
 
 ## How it works
 
-- **Woodpecker** runs a single pipeline step on the `cron` event (weekly).
+- **Gitea Actions** runs a single job from `.gitea/workflows/renovate.yml` on a **cron schedule** and on **manual dispatch**.
-- The step uses the official `renovate/renovate` Docker image and loads config from **renovate.json** in this repo.
+- The job uses the official `renovatebot/github-action` and reads config from **renovate.json** in this repo.
-- Renovate finds every Gitea repo the bot token can access (push/pull, PRs enabled, non-mirror) and creates/updates PRs there. Minor and patch updates are grouped into one PR per repo; major updates stay in separate PRs.
+- Renovate processes every non-mirror Gitea repo the bot token can access (push/pull, PRs enabled), opening and updating PRs. Minor and patch updates are grouped into one PR per repo; major updates use separate PRs.
 
 ## Setup
 
-### 1. Woodpecker cron job
+### 1. Gitea Actions workflow & schedule
 
-Woodpecker does not define cron schedules in YAML. You must create the schedule in the UI:
+The workflow lives in `.gitea/workflows/renovate.yml` and currently runs every 6 hours:
 
-1. Open **repository settings** for this repo in Woodpecker.
+```yaml
-2. Add a **cron job** (e.g. name: `renovate-weekly`).
+on:
-3. Set the schedule to **weekly**, e.g. `@weekly` or `0 0 * * 0` (Sunday 00:00).
+  workflow_dispatch:
+  schedule:
+    - cron: "0 */6 * * *"
+```
 
-### 2. Woodpecker secrets
+To change the schedule (e.g. daily or weekly), edit the cron expression there and push a commit.
 
-Configure this secret at repository or organization level:
+### 2. Gitea Actions secrets
 
-| Secret | Description |
+Configure these **repository** or **organization** secrets in Gitea:
-|--------|-------------|
-| `renovate_token` | Gitea Personal Access Token (PAT) for the bot account |
 
-The Gitea endpoint (`RENOVATE_ENDPOINT`) is set in [.woodpecker/ci.yml](.woodpecker/ci.yml); change it there if your instance has a different URL.
+| Secret | Required | Description |
+|--------|----------|-------------|
+| `RENOVATE_TOKEN` | Yes | Gitea Personal Access Token (PAT) for the bot account |
+| `RENOVATE_GITHUB_COM_TOKEN` | No | **Recommended.** Read-only GitHub PAT so Renovate can fetch changelogs and release notes without hitting anonymous rate limits. Create at [GitHub → Settings → Developer settings → Personal access tokens](https://github.com/settings/tokens) with scope `read:packages` (or no scopes for public data). If you don’t want GitHub integration, remove the `RENOVATE_GITHUB_COM_TOKEN` lines from [.gitea/workflows/renovate.yml](.gitea/workflows/renovate.yml). |
 
-Optional: `RENOVATE_GITHUB_COM_TOKEN` — read-only GitHub PAT if any dependencies or changelogs come from GitHub (reduces rate limit issues).
+The Gitea endpoint (`RENOVATE_ENDPOINT`) is set in [.gitea/workflows/renovate.yml](.gitea/workflows/renovate.yml); change it there if your instance has a different URL. The workflow passes `RENOVATE_GITHUB_COM_TOKEN` to Renovate when the secret is set.
 
 ### 3. Gitea Personal Access Token (PAT)
 
-Create a bot user for Renovate in Gitea (or your identity provider) so PRs and commits show as the bot; ensure it has access to all repos you want updated. Then create a PAT for that user:
+Create a dedicated Renovate bot user in Gitea (or your IdP) so PRs and commits are attributed correctly, and give it access to all repos you want updated. Then:
 
-1. Log in to Gitea as the bot user.
+1. Log in to Gitea as the bot user and open **Settings → Applications** (or `https://your-gitea/user/settings/applications`).
-2. Go to **Settings** → **Applications** (or `https://your-gitea/user/settings/applications`).
+2. Under **Manage Access Tokens**, generate a token (e.g. `renovate-bot`) with: **repository** (read/write), **user** (read), **issue** (read/write), **organization** (read), and **package** (read) if you use packages.
-3. **Manage Access Tokens** / **Generate New Token**. Name it (e.g. `renovate-woodpecker`).
+3. Copy the token (shown only once) and store it as the `RENOVATE_TOKEN` secret for this repo (or org) in Gitea Actions.
-4. Set permissions: **repository** (Read and write), **user** (Read), **issue** (Read and write), **organization** (Read). Add **package** (Read) if you use Gitea packages.
+4. In **renovate.json**, set `gitAuthor` to match the bot (e.g. `"Renovate Bot <renovate-bot@your-domain>"`).
-5. Create the token and **copy it immediately** (it is shown only once).
-6. Store that value as the `renovate_token` secret in Woodpecker.
-7. In **renovate.json**, set `gitAuthor` to match the bot (e.g. `"Renovate Bot <renovate-bot@your-domain>"`).
 
 ## Configuration
 
-Renovate is configured in **renovate.json** in this repo. That file sets platform, autodiscover, grouping (`group:allNonMajor`), best-practices presets, and disables the Dependency Dashboard (not supported on Gitea). Token and endpoint are provided only via pipeline environment (secrets). Individual target repos can override behavior with their own `renovate.json`.
+Renovate is configured in **renovate.json**. It sets the platform, autodiscovery, grouping (`group:allNonMajor`), best-practices presets, and disables the Dependency Dashboard via the `:disableDependencyDashboard` preset (so it stays off even if other presets enable it). Token and endpoint are provided only via environment (secrets).
+
+**Target repos:** If a repo has its own **renovate.json**, it is merged on top of this global config. A repo that sets its own `extends` (e.g. `"extends": ["config:recommended"]`) can effectively replace the global presets, lose grouping, or re-enable the dashboard. To keep bundled PRs and no dashboard, either omit per-repo configs or ensure they do not override `extends` / dashboard settings.
+
+The workflow uses the official **renovatebot/github-action**, which runs the Renovate CLI with a full feature set, suitable for lock file updates (e.g. `package-lock.json`) and common package managers.
 
 ## Narrowing scope
 

renovate.json

@@ -1,7 +1,19 @@
 {
-  "platform": "gitea",
+  "extends": [
-  "autodiscover": true,
+    "config:recommended",
-  "extends": ["config:best-practices", "group:allNonMajor"],
+    ":preserveSemverRanges",
+    ":configMigration",
+    "group:allNonMajor",
+    ":disableDependencyDashboard"
+  ],
   "gitAuthor": "Renovate Bot <renovate@keligrubb.com>",
-  "dependencyDashboard": false
+  "rangeStrategy": "replace",
+  "dockerfile": {
+    "digest": { "enabled": false }
+  },
+  "packageRules": [
+    { "matchDatasources": ["docker"], "pinDigests": false },
+    { "matchManagers": ["dockerfile"], "pinDigests": false },
+    { "matchUpdateTypes": ["pin"], "enabled": false }
+  ]
 }