39 lines
1.3 KiB
YAML
39 lines
1.3 KiB
YAML
when:
|
|
- event: cron
|
|
cron: renovate # schedule on 0 2 * * *, set in ui
|
|
|
|
skip_clone: true
|
|
|
|
steps:
|
|
- name: Get renovate token from OpenBao
|
|
image: quay.io/openbao/openbao:2.5.2
|
|
environment:
|
|
VAULT_ADDR: https://openbao.lumpiasty.xyz:8200
|
|
ROLE_ID:
|
|
from_secret: renovate_role_id
|
|
SECRET_ID:
|
|
from_secret: renovate_secret_id
|
|
commands:
|
|
- bao write -field token auth/approle/login
|
|
role_id=$ROLE_ID
|
|
secret_id=$SECRET_ID > /woodpecker/.vault_id
|
|
- export VAULT_TOKEN=$(cat /woodpecker/.vault_id)
|
|
- bao kv get -mount secret -field RENOVATE_TOKEN renovate > /woodpecker/renovate_token
|
|
- name: Run Renovate
|
|
image: renovate/renovate:43.109.0-full
|
|
environment:
|
|
RENOVATE_AUTODISCOVER: "true"
|
|
RENOVATE_ENDPOINT: https://gitea.lumpiasty.xyz/api/v1
|
|
RENOVATE_PLATFORM: gitea
|
|
RENOVATE_GIT_AUTHOR: Renovate Bot <renovate@lumpiasty.xyz>
|
|
commands:
|
|
- export RENOVATE_TOKEN=$(cat /woodpecker/renovate_token)
|
|
- /usr/local/sbin/renovate-entrypoint.sh renovate
|
|
- name: Invalidate OpenBao token
|
|
image: quay.io/openbao/openbao:2.5.2
|
|
environment:
|
|
VAULT_ADDR: https://openbao.lumpiasty.xyz:8200
|
|
commands:
|
|
- export VAULT_TOKEN=$(cat /woodpecker/.vault_id)
|
|
- bao write -f auth/token/revoke-self
|