From 45ebec493dc1fd4f58faee8cff0cf747e7c131f6 Mon Sep 17 00:00:00 2001 From: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com> Date: Fri, 21 Apr 2023 08:17:49 +0000 Subject: [PATCH 1/7] docs: rewrite readme --- README.md | 53 +++++++++++++++++++++++++++++++++++------------------ 1 file changed, 35 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index ba3fa33ebf0..475f611879c 100644 --- a/README.md +++ b/README.md @@ -31,20 +31,30 @@ GitHub Action to run Renovate self-hosted. ## Options -Options can be passed using the inputs of this action or the corresponding environment variables. When both are passed, the input takes precedence over the environment variable. For the available environment variables see the Renovate [Self-Hosted Configuration](https://docs.renovatebot.com/self-hosted-configuration/) docs. +Options can be passed using the inputs of this action or the corresponding environment variables. +When both are passed, the input takes precedence over the environment variable. +For the available environment variables, see the Renovate [Self-Hosted Configuration](https://docs.renovatebot.com/self-hosted-configuration/) docs. ## `configurationFile` -Configuration file to configure Renovate. The supported configurations files can be one of the configuration files listed in the Renovate Docs for [Configuration Options](https://docs.renovatebot.com/configuration-options/) or a JavaScript file that exports a configuration object. For both of these options, an example can be found in the [example](./example) directory. +Configuration file to configure Renovate. +The supported configurations files: -The configurations that can be done in this file consists of two parts, as listed below. Refer to the links to the [Renovate Docs](https://docs.renovatebot.com/) for all options. +- one of the configuration files listed in the Renovate Docs for [Configuration Options](https://docs.renovatebot.com/configuration-options/) +- or a JavaScript file that exports a configuration object + +For both of these options, an example can be found in the [example](./example) directory. + +The configurations that can be done in this file consists of two parts, as listed below. +Refer to the links to the [Renovate Docs](https://docs.renovatebot.com/) for all options. 1. [Self-Hosted Configuration Options](https://docs.renovatebot.com/self-hosted-configuration/) 2. [Configuration Options](https://docs.renovatebot.com/configuration-options/) The [`branchPrefix`](https://docs.renovatebot.com/configuration-options/#branchprefix) option is important to configure and should be configured to a value other than the default to prevent interference with e.g. the Renovate GitHub App. -If you want to use this with just the single configuration file, make sure to include the following two configuration lines. This disables the requirement of a configuration file for the repository and disables onboarding. +If you want to use this with just the single configuration file, make sure to include the following two configuration lines. +This disables the requirement of a configuration file for the repository and disables onboarding. ```js onboarding: false, @@ -53,20 +63,24 @@ If you want to use this with just the single configuration file, make sure to in ## `token` -[Generate a personal access token](https://github.com/settings/tokens), with the `repo:public_repo` scope for only public repositories or the `repo` scope for public and private repositories, and add it to _Secrets_ (repository settings) as `RENOVATE_TOKEN`. You can also create a token without a specific scope, which gives read-only access to public repositories, for testing. This token is only used by Renovate, see the [token configuration](https://docs.renovatebot.com/self-hosted-configuration/#token), and gives it access to the repositories. The name of the secret can be anything as long as it matches the argument given to the `token` option. +[Generate a Personal Access Token](https://github.com/settings/tokens), with the `repo:public_repo` scope for only public repositories or the `repo` scope for public and private repositories, and add it to _Secrets_ (repository settings) as `RENOVATE_TOKEN`. +You can also create a token without a specific scope, which gives read-only access to public repositories, for testing. +This token is only used by Renovate, see the [token configuration](https://docs.renovatebot.com/self-hosted-configuration/#token), and gives it access to the repositories. +The name of the secret can be anything as long as it matches the argument given to the `token` option. -Note that the [`GITHUB_TOKEN`](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token#permissions-for-the-github_token) secret can't be used for authenticating Renovate because it has too restrictive permissions. In particular, using the `GITHUB_TOKEN` to create a new `Pull Request` from more types of Github Workflows results in `Pull Requests` that [do not trigger your `Pull Request` and `Push` CI events](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow). +Note that the [`GITHUB_TOKEN`](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token#permissions-for-the-github_token) secret can't be used for authenticating Renovate because it has too restrictive permissions. +In particular, using the `GITHUB_TOKEN` to create a new `Pull Request` from more types of Github Workflows results in `Pull Requests` that [do not trigger your `Pull Request` and `Push` CI events](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow). If you want to use the `github-actions` manager, you must setup a [special token](#special-token-requirements-when-using-the-github-actions-manager) with some requirements. ## `renovate-version` The Renovate version to use. -If omited and `useSlim !== false` the action will use the `slim` docker tag and the `latest` tag otherwise. -If a version is definded, the action will add `-slim` suffix to the tag if `useSlim !== false`. -Checkout docker hub for available [tag](https://hub.docker.com/r/renovate/renovate/tags). +If omitted and `useSlim !== false` the action will use the `slim` Docker tag and the `latest` tag otherwise. +If a version is defined, the action will add `-slim` suffix to the tag if `useSlim !== false`. +Checkout Docker Hub for available [tags](https://hub.docker.com/r/renovate/renovate/tags). -This sample will use `renovate/renovate:35.0.0-slim` image. +This sample will use `renovate/renovate:35.0.0-slim` image: ```yml .... @@ -83,7 +97,7 @@ jobs: token: ${{ secrets.RENOVATE_TOKEN }} ``` -This sample will use `renovate/renovate:latest` image. +This sample will use `renovate/renovate:latest` image: ```yml .... @@ -102,11 +116,13 @@ jobs: ## `useSlim` -If set to `false` the action will use the full renovate image instead of the slim image. +If set to `false` the action will use the full Renovate image instead of the slim image. ## Example -This example uses a personal access token and will run every 15 minutes. The personal access token is configured as a GitHub secret named `RENOVATE_TOKEN`. This example uses the [`example/renovate-config.js`](./example/renovate-config.js) file as configuration. +This example uses a Personal Access Token and will run every 15 minutes. +The Personal Access token is configured as a GitHub secret named `RENOVATE_TOKEN`. +This example uses the [`example/renovate-config.js`](./example/renovate-config.js) file as configuration. You can also see a live example of this action in my [github-renovate](https://github.com/vidavidorra/github-renovate) repository, which also includes a more [advanced configuration](https://github.com/vidavidorra/github-renovate/blob/master/src/renovate-config.ts) for updating GitHub Action workflows. **Remark** Update the action version to the most current, see [here](https://github.com/renovatebot/github-action/releases/latest) for latest release. @@ -133,13 +149,14 @@ jobs: ### Example with GitHub App -Instead of using a Personal Access Token (PAT) that is tied to a particular user you can use a [GitHub App](https://docs.github.com/en/developers/apps/building-github-apps) where permissions can be even better tuned. [Create a new app](https://docs.github.com/en/developers/apps/creating-a-github-app) and configure the app permissions and your `config.js` as described in the [Renovate documentation](https://docs.renovatebot.com/modules/platform/github/#running-as-a-github-app). +Instead of using a Personal Access Token (PAT) that is tied to a particular user you can use a [GitHub App](https://docs.github.com/en/developers/apps/building-github-apps) where permissions can be even better tuned. +[Create a new app](https://docs.github.com/en/developers/apps/creating-a-github-app) and configure the app permissions and your `config.js` as described in the [Renovate documentation](https://docs.renovatebot.com/modules/platform/github/#running-as-a-github-app). Generate and download a new private key for the app, adding the contents of the downloaded `.pem` file to _Secrets_ (repository settings) with the name `private_key` and app ID as a secret with name `app_id`. Adjust your Renovate configuration file to specify the username of your bot. -Going forward we will be using the [tibdex/github-app-token](https://github.com/tibdex/github-app-token) action in order to exchange the GitHub App certificate for an access token that renovate can use. +Going forward we will be using the [tibdex/github-app-token](https://github.com/tibdex/github-app-token) action in order to exchange the GitHub App certificate for an access token that Renovate can use. The final workflow will look like this: @@ -173,7 +190,7 @@ jobs: ## Environment Variables -If you wish to pass through environment variables through to the Docker Run that powers this action you need to prefix the environment variable with `RENOVATE_`. +If you wish to pass through environment variables through to the Docker run (OR SHOULD IT BE CONTAINER?) that powers this action you need to prefix the environment variable with `RENOVATE_`. For example if you wish to pass through some credentials for a [host rule](https://docs.renovatebot.com/configuration-options/#hostrules) to the `config.js` then you should do so like this. @@ -196,7 +213,7 @@ jobs: RENOVATE_TFE_TOKEN: ${{ secrets.MY_TFE_TOKEN }} ``` -2. In `example/renovate-config.js` include the hostRules block +2. In `example/renovate-config.js` include the `hostRules` block ```js module.exports = { @@ -254,4 +271,4 @@ To enable debug logging, add the environment variable `LOG_LEVEL: 'debug'` to th ### Special token requirements when using the `github-actions` manager If you want to use the `github-actions` [manager](https://docs.renovatebot.com/modules/manager/github-actions/) in Renovate, ensure that the `token` you provide contains the `workflow` scope. -Otherwise, GitHub does not allow Renovate to update worklow files and therefore it will be unable to create update PRs for affected packages (like `actions/checkout` or `renovatebot/github-action` itself). +Otherwise, GitHub does not allow Renovate to update workflow files and therefore it will be unable to create update PRs for affected packages (like `actions/checkout` or `renovatebot/github-action` itself). From 0e1c75340f0dc31f0ba5bb37f53b6ef5ab1b8fea Mon Sep 17 00:00:00 2001 From: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com> Date: Mon, 24 Apr 2023 14:33:21 +0200 Subject: [PATCH 2/7] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 475f611879c..bf932f8fd85 100644 --- a/README.md +++ b/README.md @@ -190,7 +190,7 @@ jobs: ## Environment Variables -If you wish to pass through environment variables through to the Docker run (OR SHOULD IT BE CONTAINER?) that powers this action you need to prefix the environment variable with `RENOVATE_`. +If you wish to pass through environment variables through to the Docker container that powers this action you need to prefix the environment variable with `RENOVATE_`. For example if you wish to pass through some credentials for a [host rule](https://docs.renovatebot.com/configuration-options/#hostrules) to the `config.js` then you should do so like this. From 7235a2ac8ba7d664f10f6c7e976d1d013fda8da6 Mon Sep 17 00:00:00 2001 From: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com> Date: Thu, 25 May 2023 11:35:58 +0000 Subject: [PATCH 3/7] docs: capitalize proper nouns, improve link, draft regex config --- README.md | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 5ac6e00468d..1d68d5f5d23 100644 --- a/README.md +++ b/README.md @@ -83,9 +83,9 @@ If you want to use the `github-actions` manager, you must setup a [special token ### `renovate-image` -The Renovate docker image name to use. -If omited or `renovate-image === ''` the action will use the `ghcr.io/renovatebot/renovate` docker image name otherwise. -If a docker image name is defined, the action will use that name to pull the image. +The Renovate Docker image name to use. +If omited or `renovate-image === ''` the action will use the `ghcr.io/renovatebot/renovate` Docker image name otherwise. +If a Docker image name is defined, the action will use that name to pull the image. This sample will use `myproxyhub.domain.com/renovate/renovate:slim` image. @@ -125,7 +125,7 @@ jobs: The Renovate version to use. If omitted and `useSlim !== false` the action will use the `slim` Docker tag and the `latest` tag otherwise. If a version is defined, the action will add `-slim` suffix to the tag if `useSlim !== false`. -Checkout Docker Hub for available [tags](https://hub.docker.com/r/renovate/renovate/tags). +Check [the available tags on Docker Hub](https://hub.docker.com/r/renovate/renovate/tags). This sample will use `ghcr.io/renovatebot/renovate:35.0.0-slim` image. @@ -161,6 +161,15 @@ jobs: token: ${{ secrets.RENOVATE_TOKEN }} ``` +We recommend you pin the version of Renovate to a full version or a full checksum, and use Renovate's regex manager to create PRs to update the pinned version. +We created a [Regex Manager Preset, UPDATE TEXT AND LINK TO POINT TO CORRECT LOCATION](https://docs.renovatebot.com/presets-regexManagers/) to help you. + +```json +{ + "extends": ["regexManagers:AAAAAAAAA"] +} +``` + ### `useSlim` If set to `false` the action will use the full Renovate image instead of the slim image. From 851989c37a4c7aed6f7a5220a235ff6f7feba84b Mon Sep 17 00:00:00 2001 From: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com> Date: Fri, 26 May 2023 13:56:05 +0200 Subject: [PATCH 4/7] Drop mention of regex preset, and drop placeholder config example --- README.md | 7 ------- 1 file changed, 7 deletions(-) diff --git a/README.md b/README.md index 1d68d5f5d23..a545b87a429 100644 --- a/README.md +++ b/README.md @@ -162,13 +162,6 @@ jobs: ``` We recommend you pin the version of Renovate to a full version or a full checksum, and use Renovate's regex manager to create PRs to update the pinned version. -We created a [Regex Manager Preset, UPDATE TEXT AND LINK TO POINT TO CORRECT LOCATION](https://docs.renovatebot.com/presets-regexManagers/) to help you. - -```json -{ - "extends": ["regexManagers:AAAAAAAAA"] -} -``` ### `useSlim` From 6d8081ea9c32ac55b86040ff8e27aa56e72b1e23 Mon Sep 17 00:00:00 2001 From: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com> Date: Fri, 26 May 2023 13:58:09 +0200 Subject: [PATCH 5/7] Fix typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a545b87a429..37df41251e2 100644 --- a/README.md +++ b/README.md @@ -84,7 +84,7 @@ If you want to use the `github-actions` manager, you must setup a [special token ### `renovate-image` The Renovate Docker image name to use. -If omited or `renovate-image === ''` the action will use the `ghcr.io/renovatebot/renovate` Docker image name otherwise. +If omitted or `renovate-image === ''` the action will use the `ghcr.io/renovatebot/renovate` Docker image name otherwise. If a Docker image name is defined, the action will use that name to pull the image. This sample will use `myproxyhub.domain.com/renovate/renovate:slim` image. From cbe0f54972ddbc462136b6207e10fe0581a6e3a0 Mon Sep 17 00:00:00 2001 From: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com> Date: Fri, 26 May 2023 13:59:35 +0200 Subject: [PATCH 6/7] Improve link name --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 37df41251e2..cc73a63fb5d 100644 --- a/README.md +++ b/README.md @@ -172,7 +172,7 @@ If set to `false` the action will use the full Renovate image instead of the sli This example uses a Personal Access Token and will run every 15 minutes. The Personal Access token is configured as a GitHub secret named `RENOVATE_TOKEN`. This example uses the [`example/renovate-config.js`](./example/renovate-config.js) file as configuration. -You can also see a live example of this action in my [github-renovate](https://github.com/vidavidorra/github-renovate) repository, which also includes a more [advanced configuration](https://github.com/vidavidorra/github-renovate/blob/master/src/renovate-config.ts) for updating GitHub Action workflows. +You can also see a live example of this action in the [`vidavidorra/github-renovate` repository](https://github.com/vidavidorra/github-renovate) repository, which also includes a more [advanced configuration](https://github.com/vidavidorra/github-renovate/blob/master/src/renovate-config.ts) for updating GitHub Action workflows. **Remark** Update the action version to the most current, see [here](https://github.com/renovatebot/github-action/releases/latest) for latest release. From 54603859ef1b096f0fd765aafb7ee27a8b35e404 Mon Sep 17 00:00:00 2001 From: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com> Date: Fri, 26 May 2023 14:00:22 +0200 Subject: [PATCH 7/7] Improve link name again --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index cc73a63fb5d..be3cad6c6c3 100644 --- a/README.md +++ b/README.md @@ -220,7 +220,7 @@ Generate and download a new private key for the app, adding the contents of the Adjust your Renovate configuration file to specify the username of your bot. -Going forward we will be using the [tibdex/github-app-token](https://github.com/tibdex/github-app-token) action in order to exchange the GitHub App certificate for an access token that Renovate can use. +Going forward we will be using the [`tibdex/github-app-token` action](https://github.com/tibdex/github-app-token) in order to exchange the GitHub App certificate for an access token that Renovate can use. The final workflow will look like this: