Skip to content

Renovate

Renovate #648

Workflow file for this run

---
name: Renovate
on:
schedule:
- cron: "26 */4 * * *"
workflow_dispatch:
jobs:
renovate:
permissions:
contents: read # needed to read the contents of the repository
id-token: write # needed to create a GitHub App token
runs-on: ubuntu-24.04
timeout-minutes: 10
steps:
- name: Checkout Code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: retrieve secrets
id: get-secrets
uses: grafana/shared-workflows/actions/get-vault-secrets@7d18a46aafb8b875ed76a0bc98852d74b91e7f91 # v1.0.0
with:
common_secrets: |
GRAFANA_RENOVATE_APP_ID=grafana-renovate-app:app-id
GRAFANA_RENOVATE_PRIVATE_KEY=grafana-renovate-app:private-key
- name: create GitHub app token
id: app-token
# Beware that the token generated here has elevated permissions wrt to
# the ones set in the action. In particular, it will be able to write
# to the repository (e.g. create branches) and create pull requests.
uses: actions/create-github-app-token@v1
with:
app-id: ${{ env.GRAFANA_RENOVATE_APP_ID }}
private-key: ${{ env.GRAFANA_RENOVATE_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Self-hosted Renovate
uses: renovatebot/github-action@e3a862510f27d57a380efb11f0b52ad7e8dbf213 # v41.0.6
with:
renovate-version: 39.82.1@sha256:76113a0448a0ef3fc86dc69496e7ccd9e3e76cfefa07058fd4f40bc7a8f7b6bf
token: "${{ steps.app-token.outputs.token }}"
env:
LOG_LEVEL: debug
RENOVATE_PLATFORM: github
RENOVATE_REPOSITORIES: ${{ github.repository }}
RENOVATE_USERNAME: GrafanaRenovateBot