diff --git a/.github/renovate.json b/.github/renovate.json index 23ba6b20..ec51463e 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -1,30 +1,17 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": [ - "github>renovatebot/.github", - ":pinDependencies" - ], + "extends": ["github>renovatebot/.github", ":pinDependencies"], "packageRules": [ { "description": "Automerge Renovate updates", "semanticCommitType": "fix", - "matchPackageNames": [ - "renovate/renovate" - ], - "matchUpdateTypes": [ - "major", - "minor", - "patch" - ] + "matchPackageNames": ["renovate/renovate"], + "matchUpdateTypes": ["major", "minor", "patch"] }, { "description": "Update references in markdown files weekly", - "matchPaths": [ - "**/*.md" - ], - "extends": [ - "schedule:weekly" - ], + "matchPaths": ["**/*.md"], + "extends": ["schedule:weekly"], "automerge": true, "stabilityDays": 0, "separateMajorMinor": false, @@ -36,18 +23,14 @@ ], "regexManagers": [ { - "fileMatch": [ - "^src/docker\\.ts$" - ], + "fileMatch": ["^src/docker\\.ts$"], "matchStrings": [ - "// renovate: datasource=(?[a-z-]+?) depName=(?.+?)(?: versioning=(?[a-z-]+?))?\\s+readonly\\s+tag\\s+=\\s+'(?.+?)';" + "// renovate: datasource=(?[a-z-]+?) depName=(?.+?)(?: versioning=(?[a-z-]+?))?\\s+const\\s+tag\\s+=\\s+'(?.+?)';" ], "versioningTemplate": "{{#if versioning}}{{versioning}}{{else}}semver{{/if}}" }, { - "fileMatch": [ - "^README\\.md$" - ], + "fileMatch": ["^README\\.md$"], "matchStrings": [ "uses: renovatebot/github-action@(?[^\\s]+)" ], diff --git a/README.md b/README.md index aa496b68..67d0ab99 100644 --- a/README.md +++ b/README.md @@ -86,15 +86,11 @@ jobs: Instead of using a Personal Access Token (PAT) that is tied to a particular user you can use a [GitHub App](https://docs.github.com/en/developers/apps/building-github-apps) where permissions can be even better tuned. [Create a new app](https://docs.github.com/en/developers/apps/creating-a-github-app) and configure the app permissions and your `config.js` as described in the [Renovate documentation](https://docs.renovatebot.com/modules/platform/github/#running-as-a-github-app). -Store the app ID as a secret with name `APP_ID` and generate a new private key for the app and add it as a secret to the repository as `APP_PEM` in the repository where the action will run from. Note that `APP_PEM` needs to be base64 encoded. You can encode your private key file like this from the terminal on Linux (omit the `-w 0` if you're on a Mac): - -```bash -cat your_app_key.pem | base64 -w 0 -``` +Generate and download a new private key for the app, adding the contents of the downloaded `.pem` file to _Secrets_ (repository settings) with the name `private_key` and app ID as a secret with name `app_id`. Adjust your Renovate configuration file to specify the username of your bot. -Going forward we will be using the [machine-learning-apps/actions-app-token](https://github.com/machine-learning-apps/actions-app-token) action in order to exchange the GitHub App certificate for an access token that renovate can use. +Going forward we will be using the [tibdex/github-app-token](https://github.com/tibdex/github-app-token) action in order to exchange the GitHub App certificate for an access token that renovate can use. The final workflow will look like this: @@ -111,10 +107,10 @@ jobs: steps: - name: Get token id: get_token - uses: machine-learning-apps/actions-app-token@master + uses: tibdex/github-app-token@v1 with: - APP_PEM: ${{ secrets.APP_PEM }} - APP_ID: ${{ secrets.APP_ID }} + private_key: ${{ secrets.private_key }} + app_id: ${{ secrets.app_id }} - name: Checkout uses: actions/checkout@v3.3.0 @@ -123,7 +119,7 @@ jobs: uses: renovatebot/github-action@v34.82.0 with: configurationFile: example/renovate-config.js - token: 'x-access-token:${{ steps.get_token.outputs.app_token }}' + token: '${{ steps.get_token.outputs.token }}' ``` ## Environment Variables diff --git a/action.yml b/action.yml index 774e8d74..82829b50 100644 --- a/action.yml +++ b/action.yml @@ -16,6 +16,11 @@ inputs: configured using a Secret. Either use this input or the 'RENOVATE_TOKEN' environment variable. required: false + useSlim: + description: | + Use a lightweight renovate container without any third-party binaries. + Defaults to true if not set. + required: false runs: using: node16 main: dist/index.js diff --git a/example/renovate-config.js b/example/renovate-config.js index 574d01a9..cc50a6c7 100644 --- a/example/renovate-config.js +++ b/example/renovate-config.js @@ -1,13 +1,12 @@ module.exports = { branchPrefix: 'test-renovate/', - dryRun: true, username: 'renovate-release', gitAuthor: 'Renovate Bot ', onboarding: false, platform: 'github', includeForks: true, + dryRun: 'full', repositories: [ - 'renovatebot/github-action', 'renovate-tests/cocoapods1', 'renovate-tests/gomod1', ], diff --git a/package.json b/package.json index 9689bc52..9a3da8a3 100644 --- a/package.json +++ b/package.json @@ -43,9 +43,9 @@ "@commitlint/cli": "17.4.2", "@commitlint/config-conventional": "17.4.2", "@types/node": "16.18.11", - "@typescript-eslint/eslint-plugin": "5.48.1", - "@typescript-eslint/parser": "5.48.1", - "@vercel/ncc": "0.36.0", + "@typescript-eslint/eslint-plugin": "5.49.0", + "@typescript-eslint/parser": "5.49.0", + "@vercel/ncc": "0.36.1", "eslint": "8.32.0", "eslint-config-prettier": "8.6.0", "eslint-plugin-json": "3.1.0", diff --git a/src/docker.ts b/src/docker.ts index 449befe4..f39ba574 100644 --- a/src/docker.ts +++ b/src/docker.ts @@ -1,15 +1,23 @@ -class Docker { - readonly repository = 'renovate/renovate'; - // renovate: datasource=docker depName=renovate/renovate versioning=docker - readonly tag = '34.109.1-slim'; - readonly tagSuffix = '-slim'; +import type { Input } from './input'; - image(): string { - return `${this.repository}:${this.tag}`; +// renovate: datasource=docker depName=renovate/renovate versioning=docker +const tag = '34.122.0-slim'; + +class Docker { + private static readonly repository = 'renovate/renovate'; + private static readonly tagSuffix = '-slim'; + private readonly fullTag: string; + + constructor(input: Input) { + this.fullTag = input.useSlim() ? tag : tag.replace(Docker.tagSuffix, ''); } - version(): string { - return this.tag.replace(this.tagSuffix, ''); + image(): string { + return `${Docker.repository}:${this.fullTag}`; + } + + static version(): string { + return tag.replace(Docker.tagSuffix, ''); } } diff --git a/src/get-version.ts b/src/get-version.ts index 7cbd86a5..e6b3732f 100644 --- a/src/get-version.ts +++ b/src/get-version.ts @@ -1,5 +1,4 @@ import * as core from '@actions/core'; import Docker from './docker'; -const docker = new Docker(); -core.setOutput('version', docker.version()); +core.setOutput('version', Docker.version()); diff --git a/src/input.ts b/src/input.ts index ea123d54..8fd36ad5 100644 --- a/src/input.ts +++ b/src/input.ts @@ -55,6 +55,10 @@ class Input { return null; } + useSlim(): boolean { + return core.getInput(`useSlim`) !== 'false'; + } + /** * Convert to environment variables. * diff --git a/src/renovate.ts b/src/renovate.ts index 28146162..8bf7a22b 100644 --- a/src/renovate.ts +++ b/src/renovate.ts @@ -13,7 +13,7 @@ class Renovate { constructor(private input: Input) { this.validateArguments(); - this.docker = new Docker(); + this.docker = new Docker(input); } async runDockerContainer(): Promise { diff --git a/yarn.lock b/yarn.lock index c0e7a8f3..346f0a4e 100644 --- a/yarn.lock +++ b/yarn.lock @@ -346,14 +346,14 @@ resolved "https://registry.yarnpkg.com/@types/semver/-/semver-7.3.12.tgz#920447fdd78d76b19de0438b7f60df3c4a80bf1c" integrity sha512-WwA1MW0++RfXmCr12xeYOOC5baSC9mSb0ZqCquFzKhcoF4TvHu5MKOuXsncgZcpVFhB1pXd5hZmM0ryAoCp12A== -"@typescript-eslint/eslint-plugin@5.48.1": - version "5.48.1" - resolved "https://registry.yarnpkg.com/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.48.1.tgz#deee67e399f2cb6b4608c935777110e509d8018c" - integrity sha512-9nY5K1Rp2ppmpb9s9S2aBiF3xo5uExCehMDmYmmFqqyxgenbHJ3qbarcLt4ITgaD6r/2ypdlcFRdcuVPnks+fQ== +"@typescript-eslint/eslint-plugin@5.49.0": + version "5.49.0" + resolved "https://registry.yarnpkg.com/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.49.0.tgz#d0b4556f0792194bf0c2fb297897efa321492389" + integrity sha512-IhxabIpcf++TBaBa1h7jtOWyon80SXPRLDq0dVz5SLFC/eW6tofkw/O7Ar3lkx5z5U6wzbKDrl2larprp5kk5Q== dependencies: - "@typescript-eslint/scope-manager" "5.48.1" - "@typescript-eslint/type-utils" "5.48.1" - "@typescript-eslint/utils" "5.48.1" + "@typescript-eslint/scope-manager" "5.49.0" + "@typescript-eslint/type-utils" "5.49.0" + "@typescript-eslint/utils" "5.49.0" debug "^4.3.4" ignore "^5.2.0" natural-compare-lite "^1.4.0" @@ -361,78 +361,78 @@ semver "^7.3.7" tsutils "^3.21.0" -"@typescript-eslint/parser@5.48.1": - version "5.48.1" - resolved "https://registry.yarnpkg.com/@typescript-eslint/parser/-/parser-5.48.1.tgz#d0125792dab7e232035434ab8ef0658154db2f10" - integrity sha512-4yg+FJR/V1M9Xoq56SF9Iygqm+r5LMXvheo6DQ7/yUWynQ4YfCRnsKuRgqH4EQ5Ya76rVwlEpw4Xu+TgWQUcdA== +"@typescript-eslint/parser@5.49.0": + version "5.49.0" + resolved "https://registry.yarnpkg.com/@typescript-eslint/parser/-/parser-5.49.0.tgz#d699734b2f20e16351e117417d34a2bc9d7c4b90" + integrity sha512-veDlZN9mUhGqU31Qiv2qEp+XrJj5fgZpJ8PW30sHU+j/8/e5ruAhLaVDAeznS7A7i4ucb/s8IozpDtt9NqCkZg== dependencies: - "@typescript-eslint/scope-manager" "5.48.1" - "@typescript-eslint/types" "5.48.1" - "@typescript-eslint/typescript-estree" "5.48.1" + "@typescript-eslint/scope-manager" "5.49.0" + "@typescript-eslint/types" "5.49.0" + "@typescript-eslint/typescript-estree" "5.49.0" debug "^4.3.4" -"@typescript-eslint/scope-manager@5.48.1": - version "5.48.1" - resolved "https://registry.yarnpkg.com/@typescript-eslint/scope-manager/-/scope-manager-5.48.1.tgz#39c71e4de639f5fe08b988005beaaf6d79f9d64d" - integrity sha512-S035ueRrbxRMKvSTv9vJKIWgr86BD8s3RqoRZmsSh/s8HhIs90g6UlK8ZabUSjUZQkhVxt7nmZ63VJ9dcZhtDQ== +"@typescript-eslint/scope-manager@5.49.0": + version "5.49.0" + resolved "https://registry.yarnpkg.com/@typescript-eslint/scope-manager/-/scope-manager-5.49.0.tgz#81b5d899cdae446c26ddf18bd47a2f5484a8af3e" + integrity sha512-clpROBOiMIzpbWNxCe1xDK14uPZh35u4QaZO1GddilEzoCLAEz4szb51rBpdgurs5k2YzPtJeTEN3qVbG+LRUQ== dependencies: - "@typescript-eslint/types" "5.48.1" - "@typescript-eslint/visitor-keys" "5.48.1" + "@typescript-eslint/types" "5.49.0" + "@typescript-eslint/visitor-keys" "5.49.0" -"@typescript-eslint/type-utils@5.48.1": - version "5.48.1" - resolved "https://registry.yarnpkg.com/@typescript-eslint/type-utils/-/type-utils-5.48.1.tgz#5d94ac0c269a81a91ad77c03407cea2caf481412" - integrity sha512-Hyr8HU8Alcuva1ppmqSYtM/Gp0q4JOp1F+/JH5D1IZm/bUBrV0edoewQZiEc1r6I8L4JL21broddxK8HAcZiqQ== +"@typescript-eslint/type-utils@5.49.0": + version "5.49.0" + resolved "https://registry.yarnpkg.com/@typescript-eslint/type-utils/-/type-utils-5.49.0.tgz#8d5dcc8d422881e2ccf4ebdc6b1d4cc61aa64125" + integrity sha512-eUgLTYq0tR0FGU5g1YHm4rt5H/+V2IPVkP0cBmbhRyEmyGe4XvJ2YJ6sYTmONfjmdMqyMLad7SB8GvblbeESZA== dependencies: - "@typescript-eslint/typescript-estree" "5.48.1" - "@typescript-eslint/utils" "5.48.1" + "@typescript-eslint/typescript-estree" "5.49.0" + "@typescript-eslint/utils" "5.49.0" debug "^4.3.4" tsutils "^3.21.0" -"@typescript-eslint/types@5.48.1": - version "5.48.1" - resolved "https://registry.yarnpkg.com/@typescript-eslint/types/-/types-5.48.1.tgz#efd1913a9aaf67caf8a6e6779fd53e14e8587e14" - integrity sha512-xHyDLU6MSuEEdIlzrrAerCGS3T7AA/L8Hggd0RCYBi0w3JMvGYxlLlXHeg50JI9Tfg5MrtsfuNxbS/3zF1/ATg== +"@typescript-eslint/types@5.49.0": + version "5.49.0" + resolved "https://registry.yarnpkg.com/@typescript-eslint/types/-/types-5.49.0.tgz#ad66766cb36ca1c89fcb6ac8b87ec2e6dac435c3" + integrity sha512-7If46kusG+sSnEpu0yOz2xFv5nRz158nzEXnJFCGVEHWnuzolXKwrH5Bsf9zsNlOQkyZuk0BZKKoJQI+1JPBBg== -"@typescript-eslint/typescript-estree@5.48.1": - version "5.48.1" - resolved "https://registry.yarnpkg.com/@typescript-eslint/typescript-estree/-/typescript-estree-5.48.1.tgz#9efa8ee2aa471c6ab62e649f6e64d8d121bc2056" - integrity sha512-Hut+Osk5FYr+sgFh8J/FHjqX6HFcDzTlWLrFqGoK5kVUN3VBHF/QzZmAsIXCQ8T/W9nQNBTqalxi1P3LSqWnRA== +"@typescript-eslint/typescript-estree@5.49.0": + version "5.49.0" + resolved "https://registry.yarnpkg.com/@typescript-eslint/typescript-estree/-/typescript-estree-5.49.0.tgz#ebd6294c0ea97891fce6af536048181e23d729c8" + integrity sha512-PBdx+V7deZT/3GjNYPVQv1Nc0U46dAHbIuOG8AZ3on3vuEKiPDwFE/lG1snN2eUB9IhF7EyF7K1hmTcLztNIsA== dependencies: - "@typescript-eslint/types" "5.48.1" - "@typescript-eslint/visitor-keys" "5.48.1" + "@typescript-eslint/types" "5.49.0" + "@typescript-eslint/visitor-keys" "5.49.0" debug "^4.3.4" globby "^11.1.0" is-glob "^4.0.3" semver "^7.3.7" tsutils "^3.21.0" -"@typescript-eslint/utils@5.48.1": - version "5.48.1" - resolved "https://registry.yarnpkg.com/@typescript-eslint/utils/-/utils-5.48.1.tgz#20f2f4e88e9e2a0961cbebcb47a1f0f7da7ba7f9" - integrity sha512-SmQuSrCGUOdmGMwivW14Z0Lj8dxG1mOFZ7soeJ0TQZEJcs3n5Ndgkg0A4bcMFzBELqLJ6GTHnEU+iIoaD6hFGA== +"@typescript-eslint/utils@5.49.0": + version "5.49.0" + resolved "https://registry.yarnpkg.com/@typescript-eslint/utils/-/utils-5.49.0.tgz#1c07923bc55ff7834dfcde487fff8d8624a87b32" + integrity sha512-cPJue/4Si25FViIb74sHCLtM4nTSBXtLx1d3/QT6mirQ/c65bV8arBEebBJJizfq8W2YyMoPI/WWPFWitmNqnQ== dependencies: "@types/json-schema" "^7.0.9" "@types/semver" "^7.3.12" - "@typescript-eslint/scope-manager" "5.48.1" - "@typescript-eslint/types" "5.48.1" - "@typescript-eslint/typescript-estree" "5.48.1" + "@typescript-eslint/scope-manager" "5.49.0" + "@typescript-eslint/types" "5.49.0" + "@typescript-eslint/typescript-estree" "5.49.0" eslint-scope "^5.1.1" eslint-utils "^3.0.0" semver "^7.3.7" -"@typescript-eslint/visitor-keys@5.48.1": - version "5.48.1" - resolved "https://registry.yarnpkg.com/@typescript-eslint/visitor-keys/-/visitor-keys-5.48.1.tgz#79fd4fb9996023ef86849bf6f904f33eb6c8fccb" - integrity sha512-Ns0XBwmfuX7ZknznfXozgnydyR8F6ev/KEGePP4i74uL3ArsKbEhJ7raeKr1JSa997DBDwol/4a0Y+At82c9dA== +"@typescript-eslint/visitor-keys@5.49.0": + version "5.49.0" + resolved "https://registry.yarnpkg.com/@typescript-eslint/visitor-keys/-/visitor-keys-5.49.0.tgz#2561c4da3f235f5c852759bf6c5faec7524f90fe" + integrity sha512-v9jBMjpNWyn8B6k/Mjt6VbUS4J1GvUlR4x3Y+ibnP1z7y7V4n0WRz+50DY6+Myj0UaXVSuUlHohO+eZ8IJEnkg== dependencies: - "@typescript-eslint/types" "5.48.1" + "@typescript-eslint/types" "5.49.0" eslint-visitor-keys "^3.3.0" -"@vercel/ncc@0.36.0": - version "0.36.0" - resolved "https://registry.yarnpkg.com/@vercel/ncc/-/ncc-0.36.0.tgz#1f262b86fc4f0770bbc0fc1d331d5aaa1bd47334" - integrity sha512-/ZTUJ/ZkRt694k7KJNimgmHjtQcRuVwsST2Z6XfYveQIuBbHR+EqkTc1jfgPkQmMyk/vtpxo3nVxe8CNuau86A== +"@vercel/ncc@0.36.1": + version "0.36.1" + resolved "https://registry.yarnpkg.com/@vercel/ncc/-/ncc-0.36.1.tgz#d4c01fdbbe909d128d1bf11c7f8b5431654c5b95" + integrity sha512-S4cL7Taa9yb5qbv+6wLgiKVZ03Qfkc4jGRuiUQMQ8HGBD5pcNRnHeYM33zBvJE4/zJGjJJ8GScB+WmTsn9mORw== JSONStream@^1.0.4: version "1.3.5"