renovatebot / github-action

GitHub Action Renovate GitHub Action to run Renovate self-hosted. Table of contents • Badges • Options • - • - • - • - • - • • Example • Environment Variables • Passing other environment variables • Persisting the Repository Cache • Troubleshooting • Debug Logging • Special token requirements when using the manager Badges | Badge | Description | Service | | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------- | | | Code style | Prettier | | | Commit style | Conventional Commits | | | Dependencies | Renovate | | | Build | GitHub Actions | Options Options can be passed using the inputs of this action or the corresponding environment variables. When both are passed, the input takes precedence over the environment variable. For the available environment variables, see the Renovate Self-Hosted Configuration docs. Configuration file to configure Renovate ("global" config) in JavaScript or JSON format. It is recommended to not name it one of the repository configuration filenames listed in the Renovate Docs for Configuration Options. Config examples can be found in the example directory. The configurations that can be done in this file consists of two parts, as listed below. Refer to the links to the Renovate Docs for all options. • Self-Hosted Configuration Options • Configuration Options The option is important to configure and should be configured to a value other than the default to prevent interference with e.g. the Renovate GitHub App. If you want to use this with just the single configuration file, make sure to include the following two configuration lines. This disables the requirement of a configuration file for the repository and disables onboarding. Specify a command to run when the image start. By default the image run . This option is useful to customize the image before running . It must be an existing executable file on the local system. It will be mounted to the docker container. For example you can create a simple script like this one (let's call it ). Now use this action Specify a network to run container in. You can use to run renovate container in the same network as other containers for this job, or set it to to run in the same network as github runner, or specify any custom network. Allows the overriding of the host path for the Docker socket that is mounted into the container. Useful on systems where the host Docker socket is located somewhere other than (the default). Only applicable when is true. Specify a user (or user-id) to run docker command. You can use it with in order to start the image as root, do some customization and switch back to a unprivileged user. Specify volume mounts. Defaults to . The volume mounts are separated through . This sample will mount and . Allows to configure the regex to define which environment variables are passed to the renovate container. See Passing other environment variables section for more details. Default to . If set to the action will mount the Docker socket inside the renovate container so that the commands can use Docker. Can be useful for 's commands. Also add the user inside the renovate container to the docker group for socket permissions. Generate a Personal Access Token (classic), with the scope for only public repositories or the scope for public and private repositories, and add it to _Secrets_ (repository settings) as . You can also create a token without a specific scope, which gives read-only access to public repositories, for testing. This token is only used by Renovate, see the token configuration, and gives it access to the repositories. The name of the secret can be anything as long as it matches the argument given to the option. Fine-grained Personal Access Tokens can work for Renovate, but they still have some permission gaps (for example, missing access), so a classic token is still the safer default if you run into authentication or automerge limitations. Note that the secret can't be used for authenticating Renovate because it has too restrictive permissions. In particular, using the to create a new from more types of Github Workflows results in that do not trigger your and CI events. If you want to use the manager, you must setup a special token with some requirements. The Renovate Docker image name to use. If omitted the action will use the Docker image name otherwise. If a Docker image name is defined, the action will use that name to pull the image. This sample will use image. This sample will use image. The Renovate version to use. If omitted the action will use the Docker tag. Check the available tags on Docker Hub. This sample will use image. This sample will use image. We recommend you pin the version of Renovate to a full version or a full checksum, and use Renovate's regex manager to create PRs to update the pinned version. See for an example of how to do this. Example This example uses a Personal Access Token and will run every 15 minutes. The Personal Access token is configured as a GitHub secret named . This example uses the file as configuration. Live examples with more advanced configurations of this action can be found in the following repositories: • vidavidorra/renovate • jenkinsci/helm-charts **Remark** Update the action version to the most current, see here for latest release. Example for GitHub Enterprise If you want to use the Renovate Action on a GitHub Enterprise instance you have to add the following environment variable: Example with GitHub App Instead of using a Personal Access Token (PAT) that is tied to a particular user you can use a GitHub App where permissions can be even better tuned. Create a new app and configure the app permissions and your as described in the Renovate documentation. Generate and download a new private key for the a…