infra: added Renovate bot

fix: downgraded upload-artifact action to v3 from v4
2025-12-22 12:50:59 +01:00 · 2025-12-22 12:13:50 +01:00
4 changed files with 52 additions and 1 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -81,7 +81,7 @@ jobs:
          args: image --format table --output trivy-report.txt --exit-code 0 --ignore-unfixed --severity CRITICAL,HIGH gitea.iswearihadsomethingforthis.net/francwa/${{ steps.config.outputs.image_name }}:latest

      - name: 📤 Upload Security Report
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
        with:
          name: security-report
          path: trivy-report.txt
--- a/.gitea/workflows/renovate.yaml
+++ b/.gitea/workflows/renovate.yaml
@@ -0,0 +1,22 @@
+name: Renovate Bot
+
+on:
+  schedule:
+    # Every Monday 4AM
+    - cron: '0 4 * * 1'
+  workflow_dispatch:
+
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Run Renovate
+        uses: docker://renovate/renovate:latest
+        env:
+          RENOVATE_PLATFORM: "gitea"
+          RENOVATE_ENDPOINT: "https://gitea.iswearihadsomethingforthis.net/api/v1"
+          RENOVATE_TOKEN: "${{ secrets.G1T34_TOKEN }}"
+          RENOVATE_REPOSITORIES: '["${{ gitea.repository }}"]'
+          RENOVATE_GIT_AUTHOR: "Renovate Bot <renovate@bot.local>"
+          # Might need a free github token if lots of depencies
+          # RENOVATE_GITHUB_TOKEN: "${{ secrets.GITHUB_COM_TOKEN }}"
--- a/1
+++ b/1
@@ -5,6 +5,7 @@
 # --- SETTINGS ---
 CORE_DIR = brain
 IMAGE_NAME = agent_media
+# renovate: datasource=docker depName=python
 PYTHON_VERSION = 3.12.7
 PYTHON_VERSION_SHORT = $(shell echo $(PYTHON_VERSION) | cut -d. -f1,2)
 # Change to 'uv' when ready.
--- a/renovate.json
+++ b/renovate.json
@@ -0,0 +1,28 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:base",
+    ":disableRateLimiting",
+    ":semanticCommits"
+  ],
+  "labels": ["dependencies", "renovate"],
+
+  "packageRules": [
+    {
+      "matchLanguages": ["python"],
+      "matchUpdateTypes": ["minor", "patch"],
+      "groupName": "all non-major python dependencies",
+      "groupSlug": "all-minor-patch-python"
+    }
+  ],
+
+  "regexManagers": [
+    {
+      "description": "Update Docker variables in the Makefile",
+      "fileMatch": ["^Makefile$"],
+      "matchStrings": [
+        "# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\s[A-Z_]+_VERSION [?:]?= (?<currentValue>.*)"
+      ]
+    }
+  ]
+}
Author	SHA1	Message	Date
Francwa	6701a4b392	infra: added Renovate bot	2025-12-22 12:50:59 +01:00
Francwa	68372405d6	fix: downgraded upload-artifact action to v3 from v4	2025-12-22 12:13:50 +01:00