Skip to content

Renovate

Renovate #2268

Workflow file for this run

name: Renovate
on:
schedule:
- cron: '13 */8 * * *'
workflow_dispatch:
inputs:
dry-run:
description: 'Dry run'
required: false
default: 'false'
concurrency:
group: renovate
jobs:
rest:
runs-on: ubuntu-24.04
outputs:
limit: ${{ steps.rate-limit.outputs.limit }}
remaining: ${{ steps.rate-limit.outputs.remaining }}
renovate: ${{ steps.rate-limit.outputs.renovate }}
env:
GITHUB_TOKEN: ${{ secrets.BOT_RENOVATE }}
steps:
- name: Check rate limit
id: rate-limit
run: |
JSON="$(curl --silent --header "Authorization: token ${GITHUB_TOKEN}" https://api.github.com/rate_limit)"
LIMIT="$(echo ${JSON} | jq --raw-output '.resources.graphql.limit')"
REMAINING="$(echo ${JSON} | jq --raw-output '.resources.graphql.remaining')"
RESET="$(echo ${JSON} | jq --raw-output '.resources.graphql.reset')"
echo "Rate limit: ${REMAINING}/${LIMIT} (reset: $(date --date=@${RESET}))"
echo "limit=${LIMIT}" >>"${GITHUB_OUTPUT}"
echo "remaining=${REMAINING}" >>"${GITHUB_OUTPUT}"
echo "reset=${RESET}" >>"${GITHUB_OUTPUT}"
if [ "${REMAINING}" -lt 1000 ]; then
echo "Rate limit exceeded"
echo "renovate=false" >>"${GITHUB_OUTPUT}"
else
echo "Rate limit sufficient"
echo "renovate=true" >>"${GITHUB_OUTPUT}"
fi
renovate:
runs-on: ubuntu-24.04
needs:
- rest
if: ${{ needs.rest.outputs.renovate == 'true' }}
permissions: write-all
steps:
- name: Restore cache
id: cache-restore
uses: actions/cache/restore@v4
with:
path: renovate/cache
key: renovate-cache
restore-keys: |
renovate-cache-${{ github.sha }}
renovate-cache-
- name: Prepare permissions
run: |
mkdir -p renovate/cache
docker run --rm \
--volume $PWD/renovate:/tmp/renovate \
ubuntu:22.04 \
chown -R 1000:0 /tmp/renovate
- name: Self-hosted Renovate
env:
LOG_LEVEL: debug
RENOVATE_TOKEN: ${{ secrets.BOT_RENOVATE }}
run: |
docker run --interactive --rm \
--env LOG_LEVEL \
--env RENOVATE_TOKEN="${RENOVATE_TOKEN}" \
--volume $PWD/renovate:/tmp/renovate \
renovate/renovate:slim \
--dry-run=${{ inputs.dry-run }} \
"${GITHUB_REPOSITORY}"
- name: Save cache
id: cache-save
uses: actions/cache/save@v4
with:
path: renovate/cache
key: ${{ steps.cache-restore.outputs.cache-primary-key }}-${{ github.sha }}
check-log:
runs-on: ubuntu-24.04
needs:
- renovate
if: always()
env:
GITHUB_TOKEN: ${{ secrets.BOT_RENOVATE }}
steps:
- name: Fetch log
run: |
echo "### Processing run id ${{ github.run_id }}"
JOB_ID="$(
curl --url https://api.github.com/repos/uniget-org/tools/actions/runs/${{ github.run_id }}/jobs \
--silent \
--location \
--fail \
--header "Authorization: Bearer ${{ secrets.BOT_RENOVATE }}" \
| jq '.jobs[] | select(.name == "renovate") | .id'
)"
echo "### Fetching log for job id ${JOB_ID}"
curl --url https://api.github.com/repos/uniget-org/tools/actions/jobs/${JOB_ID}/logs \
--silent \
--location \
--fail \
--header "Authorization: Bearer ${{ secrets.BOT_RENOVATE }}" \
>job.log
- name: Store logs
uses: actions/upload-artifact@v4
with:
name: logs.zip
path: "job.log"
- name: Check log
run: |
if grep secondary job.log; then
exit 1
fi
check-post-rest:
runs-on: ubuntu-24.04
needs:
- renovate
if: always()
env:
GITHUB_TOKEN: ${{ secrets.BOT_RENOVATE }}
steps:
- name: Check rate limit
id: rate-limit
run: |
curl \
--url https://api.github.com/rate_limit \
--silent \
--header "Authorization: token ${GITHUB_TOKEN}" \
| jq .