|
| 1 | +name: Renovate |
| 2 | +on: |
| 3 | + push: |
| 4 | + branches: ["main"] |
| 5 | + # This lets you dispatch a renovate job with different cache options if you want to reset or disable the cache manually. |
| 6 | + workflow_dispatch: |
| 7 | + inputs: |
| 8 | + repoCache: |
| 9 | + description: "Reset or disable the cache?" |
| 10 | + type: choice |
| 11 | + default: enabled |
| 12 | + options: |
| 13 | + - enabled |
| 14 | + - disabled |
| 15 | + - reset |
| 16 | + schedule: |
| 17 | + # Run every 30 minutes: |
| 18 | + - cron: "0,30 * * * *" |
| 19 | + |
| 20 | +# Adding these as env variables makes it easy to re-use them in different steps and in bash. |
| 21 | +env: |
| 22 | + cache_archive: renovate_cache.tar.gz |
| 23 | + # This is the dir renovate provides -- if we set our own directory via cacheDir, we can run into permissions issues. |
| 24 | + # It is also possible to cache a higher level of the directory, but it has minimal benefit. While renovate execution |
| 25 | + # time gets faster, it also takes longer to upload the cache as it grows bigger. |
| 26 | + cache_dir: /tmp/renovate/cache/renovate/repository |
| 27 | + # This can be manually changed to bust the cache if neccessary. |
| 28 | + cache_key: renovate-cache |
| 29 | + # tool versions |
| 30 | + RENOVATE_VERSION: 37.233.1 # renovate: datasource=docker depName=renovate packageName=ghcr.io/renovatebot/renovate |
| 31 | + |
| 32 | +jobs: |
| 33 | + renovate: |
| 34 | + name: Renovate |
| 35 | + runs-on: ubuntu-latest |
| 36 | + steps: |
| 37 | + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 |
| 38 | + |
| 39 | + # This third party action allows you to download the cache artifact from different workflow runs |
| 40 | + # Note that actions/cache doesn't work well because the cache key would need to be computed from |
| 41 | + # a file within the cache, meaning there would never be any data to restore. With other keys, the |
| 42 | + # cache wouldn't necessarily upload when it changes. actions/download-artifact also doesn't work |
| 43 | + # because it only handles artifacts uploaded in the same run, and we want to restore from the |
| 44 | + # previous successful run. |
| 45 | + - uses: dawidd6/action-download-artifact@v2 |
| 46 | + if: github.event.inputs.repoCache != 'disabled' |
| 47 | + continue-on-error: true |
| 48 | + with: |
| 49 | + name: ${{ env.cache_key }} |
| 50 | + path: cache-download |
| 51 | + |
| 52 | + # Using tar to compress and extract the archive isn't strictly necessary, but it can improve |
| 53 | + # performance significantly when uploading artifacts with lots of files. |
| 54 | + - name: Extract renovate cache |
| 55 | + run: | |
| 56 | + set -x |
| 57 | + # Skip if no cache is set, such as the first time it runs. |
| 58 | + if [ ! -d cache-download ] ; then |
| 59 | + echo "No cache found." |
| 60 | + exit 0 |
| 61 | + fi |
| 62 | +
|
| 63 | + # Make sure the directory exists, and extract it there. Note that it's nested in the download directory. |
| 64 | + mkdir -p $cache_dir |
| 65 | + tar -xzf cache-download/$cache_archive -C $cache_dir |
| 66 | +
|
| 67 | + sudo chown -R runneradmin:root /tmp/renovate/ |
| 68 | + ls -R $cache_dir |
| 69 | +
|
| 70 | + - name: Generate a token |
| 71 | + id: generate_token |
| 72 | + uses: actions/create-github-app-token@v1 |
| 73 | + with: |
| 74 | + app-id: ${{ vars.MAZI_RENOVATE_APP_ID }} |
| 75 | + private-key: ${{ secrets.MAZI_RENOVATE_PRIVATE_KEY }} |
| 76 | + |
| 77 | + - uses: renovatebot/github-action@78bdcb3bffa5e95e646183ca0a2ac2895abd6a20 # v40.1.3 |
| 78 | + with: |
| 79 | + configurationFile: .github/renovate.json |
| 80 | + token: ${{ steps.generate_token.outputs.token }} |
| 81 | + renovate-version: ${{ env.RENOVATE_VERSION }} |
| 82 | + env: |
| 83 | + # This enables the cache -- if this is set, it's not necessary to add it to renovate.json. |
| 84 | + RENOVATE_REPOSITORY_CACHE: ${{ github.event.inputs.repoCache || 'enabled' }} |
| 85 | + LOG_LEVEL: ${{ vars.LOG_LEVEL }} |
| 86 | + RENOVATE_AUTODISCOVER: true |
| 87 | + RENOVATE_AUTODISCOVER_FILTER: "${{ github.repository }}" |
| 88 | + |
| 89 | + # Compression helps performance in the upload step! |
| 90 | + - name: Compress renovate cache |
| 91 | + run: | |
| 92 | + ls $cache_dir |
| 93 | + # The -C is important -- otherwise we end up extracting the files with |
| 94 | + # their full path, ultimately leading to a nested directory situation. |
| 95 | + # To solve *that*, we'd have to extract to root (/), which isn't safe. |
| 96 | + tar -czvf $cache_archive -C $cache_dir . |
| 97 | +
|
| 98 | + - uses: actions/upload-artifact@v3 |
| 99 | + if: github.event.inputs.repoCache != 'disabled' |
| 100 | + with: |
| 101 | + name: ${{ env.cache_key }} |
| 102 | + path: ${{ env.cache_archive }} |
| 103 | + # Since this is updated and restored on every run, we don't need to keep it |
| 104 | + # for long. Just make sure this value is large enough that multiple renovate |
| 105 | + # runs can happen before older cache archives are deleted. |
| 106 | + retention-days: 1 |
0 commit comments