mirror of
https://github.com/argoproj/argo-cd
synced 2026-04-21 08:57:17 +00:00
a7853eb7b6
Some checks are pending
Integration tests / changes (push) Waiting to run
Integration tests / Ensure Go modules synchronicity (push) Blocked by required conditions
Integration tests / Build & cache Go code (push) Blocked by required conditions
Integration tests / Lint Go code (push) Blocked by required conditions
Integration tests / Run unit tests for Go packages (push) Blocked by required conditions
Integration tests / Run unit tests with -race for Go packages (push) Blocked by required conditions
Integration tests / Check changes to generated code (push) Blocked by required conditions
Integration tests / Build, test & lint UI code (push) Blocked by required conditions
Integration tests / shellcheck (push) Waiting to run
Integration tests / Process & analyze test artifacts (push) Blocked by required conditions
Integration tests / Run end-to-end tests (push) Blocked by required conditions
Integration tests / E2E Tests - Composite result (push) Blocked by required conditions
Code scanning - action / CodeQL-Build (push) Waiting to run
Image / set-vars (push) Waiting to run
Image / build-only (push) Blocked by required conditions
Image / build-and-publish (push) Blocked by required conditions
Image / build-and-publish-provenance (push) Blocked by required conditions
Image / Deploy (push) Blocked by required conditions
Scorecards supply-chain security / Scorecards analysis (push) Waiting to run
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
62 lines
2.2 KiB
YAML
62 lines
2.2 KiB
YAML
name: Renovate
|
|
on:
|
|
schedule:
|
|
- cron: '0 * * * *'
|
|
workflow_dispatch: {}
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
env:
|
|
# a workaround to disable harden runner
|
|
STEP_SECURITY_HARDEN_RUNNER: ${{ vars.disable_harden_runner }}
|
|
|
|
jobs:
|
|
renovate:
|
|
runs-on: ubuntu-24.04
|
|
if: github.repository == 'argoproj/argo-cd'
|
|
steps:
|
|
- name: Harden the runner (Block unknown outbound calls)
|
|
if: ${{ vars.disable_harden_runner != 'true' }}
|
|
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
|
|
with:
|
|
egress-policy: block
|
|
disable-sudo-and-containers: "false" # renovatebot runs in `docker run`
|
|
allowed-endpoints: >
|
|
github.com:443
|
|
api.github.com:443
|
|
raw.githubusercontent.com:443
|
|
release-assets.githubusercontent.com:443
|
|
ghcr.io:443
|
|
pkg-containers.githubusercontent.com:443
|
|
hub.docker.com:443
|
|
proxy.golang.org:443
|
|
nodejs.org:443
|
|
pypi.org:443
|
|
get.helm.sh
|
|
registry.npmjs.org
|
|
|
|
- name: Get token
|
|
id: get_token
|
|
uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3
|
|
with:
|
|
app-id: ${{ vars.RENOVATE_APP_ID }}
|
|
private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }}
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
|
|
|
|
# Renovate do not pin their docker image versions to SHA, so
|
|
# when bumping renovate action version please check if renovate image
|
|
# has been updated (see it's numeric version in action.yaml)
|
|
# and update `renovate-version` parameter accordingly
|
|
- name: Self-hosted Renovate
|
|
uses: renovatebot/github-action@83ec54fee49ab67d9cd201084c1ff325b4b462e4 #46.1.10
|
|
with:
|
|
configurationFile: .github/configs/renovate-config.js
|
|
token: '${{ steps.get_token.outputs.token }}'
|
|
renovate-image: "ghcr.io/renovatebot/renovate@sha256"
|
|
renovate-version: "5dfeab680f40edd2713b8fcae574824e60d2c831b8d89cc965e51621894c7084" #43
|
|
env:
|
|
LOG_LEVEL: 'debug'
|
|
RENOVATE_REPOSITORIES: '${{ github.repository }}'
|