deps: add renovate to replace dependabot #1036
Conversation
mtardy
added
kind/enhancement
I could split by files since we have workflows and renovate config but since this is the initial config it feels a bit weird to split down the process of creating this configuration in multiple commits. If you have a specific idea in mind, we can do anything :) |
Sorry, I meant whether the generated PRs will have a single commit. |
Ah 😅. Yes generated PR are mono commit, even for grouping ones. But we can choose which one should be grouped and I chose:
|
Once we merge this and see this working I guess 😄! Let's delay the merging by a day since I'm traveling today and won't be available if there's an issue. |
- use docker to run kubeval instead of local install - make the script cd into its current directory so that we can run it from anywhere - add `set -o pipefail` bash option Signed-off-by: Mahe Tardy <[email protected]>
- run renovate self-hosted on GitHub action with a workflow in order to use PostUpgradeCommands to commit generated files in deps update PRs. - install docker CLI plugin buildx in the renovate container in order for our PostUpgradeCommands to work. - use 'cilium-renovate' GitHub application in order to generate a fine grain permissions token. - group some deps update together in a single PR. - add a workflow to validate configuration change in PRs. Signed-off-by: Mahe Tardy <[email protected]>
I had to merge renovatebot/github-action#749 to make our commands work in the renovate container.
This will provide us a lot more control over our deps update bot, and a lot more configuration settings (since we are running it ourselves on top of changing from dependabot to renovate).
When the renovate deployment works, we can disable Dependabot.