From c15f40f5c288f2187fca5bc3e54bec83cd241e55 Mon Sep 17 00:00:00 2001 From: Terje Larsen Date: Tue, 10 Sep 2024 00:23:47 +0200 Subject: [PATCH] ci: replace dependabot with renovate --- .github/dependabot.yml | 10 ---- .github/renovate.json5 | 32 +++++++++++++ .github/workflows/flake-lock-update.yml | 63 ------------------------- 3 files changed, 32 insertions(+), 73 deletions(-) delete mode 100644 .github/dependabot.yml create mode 100644 .github/renovate.json5 delete mode 100644 .github/workflows/flake-lock-update.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 37b7a512..00000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -version: 2 -updates: - - package-ecosystem: "github-actions" - directory: "/" - target-branch: "main" - schedule: - interval: "weekly" - commit-message: - prefix: "chore(github):" diff --git a/.github/renovate.json5 b/.github/renovate.json5 new file mode 100644 index 00000000..93774e90 --- /dev/null +++ b/.github/renovate.json5 @@ -0,0 +1,32 @@ +{ + $schema: "https://docs.renovatebot.com/renovate-schema.json", + extends: [ + "config:recommended", + "helpers:pinGitHubActionDigests", + ":semanticCommits", + ], + labels: [ + "automated", + "dependencies", + "chore", + ], + vulnerabilityAlerts: { + enabled: true, + }, + packageRules: [ + { + groupName: "all dependencies", + groupSlug: "all", + matchPackageNames: ["*"], + separateMajorMinor: false, + extends: ["schedule:weekly"], + }, + ], + lockFileMaintenance: { + enabled: true, + extends: ["schedule:weekly"], + }, + nix: { + enabled: true, + }, +} diff --git a/.github/workflows/flake-lock-update.yml b/.github/workflows/flake-lock-update.yml deleted file mode 100644 index 8fba4356..00000000 --- a/.github/workflows/flake-lock-update.yml +++ /dev/null @@ -1,63 +0,0 @@ ---- -name: Update flake.lock - -on: - schedule: - - cron: '0 8 * * 0' - workflow_dispatch: - -jobs: - flake-lock-update: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: DeterminateSystems/nix-installer-action@v13 - with: - nix-package-url: https://releases.nixos.org/nix/nix-2.18.2/nix-2.18.2-x86_64-linux.tar.xz - diagnostic-endpoint: '' - - - uses: tibdex/github-app-token@v2.1.0 - id: generate-app-token - with: - app_id: ${{ secrets.APP_ID }} - private_key: ${{ secrets.APP_PRIVATE_KEY }} - - - name: Update flake.lock - uses: DeterminateSystems/update-flake-lock@v23 - with: - token: ${{ steps.generate-app-token.outputs.token }} - branch: update-flake-lock - commit-msg: "chore(flake): update flake.lock" - pr-title: "chore(flake): update flake.lock" - pr-labels: | - chore - flake - automation - - dev-flake-lock-update: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: DeterminateSystems/nix-installer-action@v13 - with: - nix-package-url: https://releases.nixos.org/nix/nix-2.18.2/nix-2.18.2-x86_64-linux.tar.xz - diagnostic-endpoint: '' - - - uses: tibdex/github-app-token@v2.1.0 - id: generate-app-token - with: - app_id: ${{ secrets.APP_ID }} - private_key: ${{ secrets.APP_PRIVATE_KEY }} - - - name: Update dev/flake.lock - uses: DeterminateSystems/update-flake-lock@v23 - with: - path-to-flake-dir: dev/ - token: ${{ steps.generate-app-token.outputs.token }} - branch: update-dev-flake-lock - commit-msg: "chore(flake): update dev/flake.lock" - pr-title: "chore(flake): update dev/flake.lock" - pr-labels: | - chore - flake - automation