Initial Commit

.gitea/workflows/renovate-cron.yaml

@@ -0,0 +1,26 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/github-workflow.json
+name: renovate
+
+on:
+  schedule:
+    - cron: "@weekly"
+  push:
+    branches:
+      - main
+  workflow_dispatch: {}
+
+jobs:
+  renovate:
+    runs-on: nix
+    steps:
+      - uses: actions/checkout@v6
+      - name: Run Renovate via Nix
+        run: |
+          nix run nixpkgs#renovate
+        env:
+          RENOVATE_CONFIG_FILE: "config.js"
+          LOG_LEVEL: "debug"
+          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
+          # RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }}
+          # DOCKER_HUB_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }}
+          # DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}

config.js

@@ -0,0 +1,23 @@
+// https://docs.renovatebot.com/self-hosted-configuration/#onboarding
+module.exports = {
+  "endpoint": "https://git.svc.hel1.obx/api/v1",
+  "gitAuthor": "Renovate Bot <renovate-bot@oceanbox.io>",
+  "platform": "gitea",
+  "onboardingConfigFileName": "renovate.json",
+  "autodiscover": true, // automatically go over all repos on this server
+  "onboarding": false, // need to manually create renovate.json
+  "requireConfig": "required", // do not run on repos which don't have a config file
+  "optimizeForDisabled": true,
+  "osvVulnerabilityAlerts": true,
+  "vulnerabilityAlerts": {
+    "enabled": true
+  }
+  // https://docs.renovatebot.com/docker/#registry-authentication
+  // "hostRules": [
+    // {
+      // "matchHost": "https://docker.io",
+      // "username": process.env.DOCKER_HUB_USERNAME,
+      // "password": process.env.DOCKER_HUB_PASSWORD,
+    // },
+  // ],
+};

renovate.json

@@ -0,0 +1,3 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json"
+}