[#1618] Fixed self-hosted Renovate runs without RENOVATE_TOKEN set.

[skipper-vp]

[#1618]: Added renovate token check.

Summary by CodeRabbit

• Chores
  • Updated CI workflows to skip dependency update jobs if the required token is missing, preventing unnecessary executions.
  • Updated the default Renovate bot email address used in CI workflows.
• Documentation
  • Added clarification that missing tokens cause Renovate jobs to be skipped gracefully without build failures.

[coderabbitai]

Walkthrough

Conditional checks were introduced in both CircleCI and GitHub Actions configuration files to ensure that dependency update jobs only run when the RENOVATE_TOKEN environment variable or secret is set and non-empty. If the token is missing, the jobs are skipped, preventing execution of Renovate-related commands. Additionally, the default email address in one GitHub Actions workflow was updated. A note was added to documentation clarifying that skipping Renovate without the token does not cause build failures.

Changes

File(s)	Change Summary
.circleci/config.yml and multiple CircleCI config files in .vortex/installer/tests/Fixtures/install/**/.circleci/config.yml	Added a step in the deps-updates job to check for RENOVATE_TOKEN before running Renovate commands; skips job if unset or empty.
.github/workflows/deps-updates.yml and .vortex/installer/tests/Fixtures/install/**/.github/workflows/deps-updates.yml	Added a step to check for RENOVATE_TOKEN secret and conditionally run Renovate only if token exists; skips job otherwise.
.vortex/installer/tests/Fixtures/install/names/.github/workflows/deps-updates.yml	Updated default fallback email address in RENOVATE_GIT_AUTHOR environment variable.
.vortex/docs/content/tools/renovate.mdx	Added note clarifying that absence of RENOVATE_TOKEN causes Renovate job to be skipped gracefully without build failure.

Sequence Diagram(s)

sequenceDiagram
    participant CI_System as CI System (CircleCI/GitHub Actions)
    participant RenovateJob as Deps-Updates Job

    CI_System->>RenovateJob: Start job
    RenovateJob->>RenovateJob: Check if RENOVATE_TOKEN is set
    alt RENOVATE_TOKEN is set and non-empty
        RenovateJob->>RenovateJob: Run Renovate commands
    else RENOVATE_TOKEN is missing or empty
        RenovateJob->>RenovateJob: Print skip message and exit
    end

Loading

Poem

🐇
In workflows where tokens hide,
We check if they’re set with pride.
If Renovate’s key is gone,
We skip the run and hop along!
No errors here, just gentle cheer—
A smooth update, far and near! 🌿✨

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9dd765e and e6754c3.

📒 Files selected for processing (2)

• .circleci/config.yml (1 hunks)
• .github/workflows/deps-updates.yml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/deps-updates.yml

10-10: context "secrets" is not allowed here. available contexts are "github", "inputs", "needs", "vars". see https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability for more details

(expression)

🪛 GitHub Actions: Vortex - Test installer

.github/workflows/deps-updates.yml

[error] 7-13: PHPUnit test failures due to content differences in '.github/workflows/deps-updates.yml'. The file has an unexpected additional line: 'if: ${{ secrets.RENOVATE_TOKEN != '' }}' in the 'deps-updates' job steps.

⏰ Context from checks skipped due to timeout of 90000ms (6)

• GitHub Check: build (0)
• GitHub Check: build (1)
• GitHub Check: vortex-test-workflow (2)
• GitHub Check: vortex-test-workflow (3)
• GitHub Check: vortex-test-workflow (1)
• GitHub Check: vortex-test-workflow (0)

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 71.56%. Comparing base (1c96ccd) to head (cc12e15).
Report is 2 commits behind head on develop.

Additional details and impacted files

@@           Coverage Diff            @@
##           develop    #1646   +/-   ##
========================================
  Coverage    71.56%   71.56%           
========================================
  Files           76       76           
  Lines         4308     4308           
========================================
  Hits          3083     3083           
  Misses        1225     1225           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 4

♻️ Duplicate comments (1)

.circleci/config.yml (1)

424-431: 🧹 Nitpick (assertive)

Early bypass for missing RENOVATE_TOKEN
This step gracefully halts the deps-updates job when RENOVATE_TOKEN is unset, preventing unnecessary Renovate execution.

• Duplicate: consider moving this check before the checkout step to avoid cloning the repository when the token is missing.
• To reduce duplication, extract this block into a shared YAML anchor that can be reused in all CircleCI configs.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Lite

📥 Commits

Reviewing files that changed from the base of the PR and between d9280d7 and 6ccd30c.

📒 Files selected for processing (8)

• .circleci/config.yml (1 hunks)
• .github/workflows/deps-updates.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/_baseline/.github/workflows/deps-updates.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/ciprovider_circleci/.circleci/config.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/deploy_type_all_circleci/.circleci/config.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/deploy_type_none_circleci/.circleci/config.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/deps_updates_provider_ci_circleci/.circleci/config.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/names/.github/workflows/deps-updates.yml (1 hunks)

🔇 Additional comments (3)

.vortex/installer/tests/Fixtures/install/names/.github/workflows/deps-updates.yml (1)

5-6: Updated default Renovate commit author email
The fallback RENOVATE_GIT_AUTHOR was changed to use renovatebot@the-new-hope-domain.example. This update looks correct. Please verify that this new email is consistently applied across all GitHub Actions workflows that set RENOVATE_GIT_AUTHOR.

.vortex/installer/tests/Fixtures/install/ciprovider_circleci/.circleci/config.yml (1)

398-405: Add pre-check for RENOVATE_TOKEN to skip Renovate job when token is missing

The new run step correctly exits early if RENOVATE_TOKEN is unset or empty, using circleci-agent step halt and exit 0 to prevent subsequent Renovate commands from running. This aligns with the updates in other CircleCI configs.

.github/workflows/deps-updates.yml (1)

18-26: Conditionally skip Renovate step based on token presence

The Check Renovate Token step properly uses a shell guard to set token_exists only when secrets.RENOVATE_TOKEN is non-empty, and the if: steps.check-token.outputs.token_exists == 'true' on the Self-hosted Renovate step cleanly prevents the action from running without a token.

Also applies to: 29-30

[coderabbitai]

🧹 Nitpick (assertive)

Skip Renovate job when RENOVATE_TOKEN is unset
The new guard halts the step with a zero exit code if RENOVATE_TOKEN is empty or missing, which is the desired behavior.
To improve maintainability across multiple fixture configs, consider defining this check as a reusable YAML anchor.

🤖 Prompt for AI Agents

In
.vortex/installer/tests/Fixtures/install/deps_updates_provider_ci_circleci/.circleci/config.yml
around lines 398 to 405, the check for RENOVATE_TOKEN being set is duplicated in
multiple fixture configs. Refactor this by defining the check as a reusable YAML
anchor at a common location in the config file, then reference this anchor
wherever the check is needed. This will improve maintainability by centralizing
the logic and avoiding repetition.

[coderabbitai]

🧹 Nitpick (assertive)

Early exit for missing Renovate token
This addition checks for RENOVATE_TOKEN and halts the step if it's not provided, effectively skipping Renovate steps.
Consider extracting this logic into a common YAML anchor to avoid repeating it in each CircleCI configuration.

🤖 Prompt for AI Agents

In
.vortex/installer/tests/Fixtures/install/deploy_type_none_circleci/.circleci/config.yml
around lines 352 to 359, the check for the RENOVATE_TOKEN environment variable
is duplicated in multiple places. To fix this, extract the if-condition and
related commands into a reusable YAML anchor or command that can be referenced
wherever needed. This will reduce repetition and improve maintainability of the
CircleCI configuration.

[coderabbitai]

🧹 Nitpick (assertive)

Guard against absent RENOVATE_TOKEN
The step correctly halts the job when RENOVATE_TOKEN is unset, preventing further Renovate commands.
As this snippet is duplicated in multiple CircleCI configs, extracting it into an anchor would adhere to DRY principles.

🤖 Prompt for AI Agents

In
.vortex/installer/tests/Fixtures/install/deploy_type_all_circleci/.circleci/config.yml
around lines 398 to 405, the check for the RENOVATE_TOKEN environment variable
is duplicated in multiple places. To follow DRY principles, extract this snippet
into a YAML anchor at a common location in the config file, then reference this
anchor wherever the check is needed. This will centralize the logic and avoid
repetition.

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (4)

.vortex/installer/tests/Fixtures/install/deploy_type_none_circleci/.circleci/config.yml (1)

352-359: 🧹 Nitpick (assertive)

DRY: Extract Renovate token guard into an anchor
This guard block is duplicated across multiple CircleCI configs. Extract it into a YAML anchor to avoid repetition and simplify future updates.

.vortex/installer/tests/Fixtures/install/deploy_type_all_circleci/.circleci/config.yml (1)

398-405: 🧹 Nitpick (assertive)

DRY: Extract Renovate token guard into a shared anchor
Identical guard logic appears in several fixture configs. Centralize this in a YAML anchor for reuse and maintainability.

.vortex/installer/tests/Fixtures/install/ciprovider_circleci/.circleci/config.yml (1)

398-405: 🧹 Nitpick (assertive)

DRY: Extract Renovate token guard into a YAML anchor
The same guard snippet is present in multiple CI configs. Move it into an anchor to adhere to DRY principles and ease future changes.

.vortex/installer/tests/Fixtures/install/deps_updates_provider_ci_circleci/.circleci/config.yml (1)

398-405: 🧹 Nitpick (assertive)

Consolidate repeated token-check logic with YAML anchors
This guard is duplicated across multiple CircleCI fixture configs. Consider defining the check block as a reusable YAML anchor at the top of the config and referencing it in each run step to centralize maintenance.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Lite

📥 Commits

Reviewing files that changed from the base of the PR and between 6ccd30c and cd6eb27.

📒 Files selected for processing (8)

• .circleci/config.yml (1 hunks)
• .github/workflows/deps-updates.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/_baseline/.github/workflows/deps-updates.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/ciprovider_circleci/.circleci/config.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/deploy_type_all_circleci/.circleci/config.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/deploy_type_none_circleci/.circleci/config.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/deps_updates_provider_ci_circleci/.circleci/config.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/names/.github/workflows/deps-updates.yml (1 hunks)

🔇 Additional comments (5)

.github/workflows/deps-updates.yml (2)

18-27: Appropriate token presence check
The step correctly handles both the missing-token case and sets an output flag for downstream steps. This pattern avoids job-level secrets context issues and cleanly gates the Renovate execution.

---

28-30: Conditional execution based on token check
Using if: steps.check-token.outputs.token_exists == 'true' properly gates the Renovate action, ensuring it only runs when the token is present.

.vortex/installer/tests/Fixtures/install/_baseline/.github/workflows/deps-updates.yml (1)

29-29: Correct conditional for Renovate step execution
The if: steps.check-token.outputs.token_exists == 'true' expression ensures the Renovate step only runs when the token exists. This matches best practices for output-based gating in GitHub Actions.

.vortex/installer/tests/Fixtures/install/names/.github/workflows/deps-updates.yml (1)

5-6:

✅ Verification successful

Update fallback email in RENOVATE_GIT_AUTHOR
The default author address has been updated to renovatebot@the-new-hope-domain.example. Ensure that this new placeholder domain is correct and that all other workflows or configurations referencing the old domain have been updated accordingly.

Run this script to verify remaining occurrences of the old domain:

---

🏁 Script executed:

#!/bin/bash
# Search for any references to the old fallback email across the repo
rg -n "star-wars-domain\.example" --glob "*.yml"

Length of output: 50

---

Let’s do a comprehensive scan across all files for the old domain to be sure nothing slipped through:

---

🏁 Script executed:

#!/bin/bash
# Recursively search entire repo for any lingering references to the old fallback domain
rg -n "star-wars-domain\.example"

Length of output: 35

---

Approve domain update – no remaining references found
A global search for star-wars-domain.example returned no matches. The fallback email in .vortex/installer/tests/Fixtures/install/names/.github/workflows/deps-updates.yml has been correctly updated to renovatebot@the-new-hope-domain.example. No further changes are needed.

.vortex/installer/tests/Fixtures/install/deps_updates_provider_ci_circleci/.circleci/config.yml (1)

398-405: CircleCI guard for RENOVATE_TOKEN
The added run step properly halts the Renovate job early when RENOVATE_TOKEN is unset, preventing unnecessary downstream steps. The use of circleci-agent step halt followed by exit 0 ensures the job succeeds gracefully.

[skipper-vp]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (6)

.circleci/config.yml (2)

424-431: 🧹 Nitpick (assertive)

Consider moving the token check before the checkout step
Placing this guard before checkout avoids cloning the repository when the token is missing, saving build time.

---

424-431: 🧹 Nitpick (assertive)

Extract guard logic into a reusable YAML anchor
This snippet is duplicated across several jobs and fixture configs. Defining it once as an anchor and referencing it will reduce repetition and simplify maintenance.

.vortex/installer/tests/Fixtures/install/deploy_type_none_circleci/.circleci/config.yml (1)

352-359: 🧹 Nitpick (assertive)

Extract guard logic into a reusable YAML anchor
Reducing duplication by defining this check as an anchor will improve maintainability across fixture configs.

.vortex/installer/tests/Fixtures/install/deploy_type_all_circleci/.circleci/config.yml (1)

398-405: 🧹 Nitpick (assertive)

Extract guard logic into a reusable YAML anchor
Consolidating this duplicated snippet into an anchor will adhere to DRY principles and ease future updates.

.vortex/installer/tests/Fixtures/install/deps_updates_provider_ci_circleci/.circleci/config.yml (1)

398-405: 🧹 Nitpick (assertive)

Extract guard logic into a reusable YAML anchor
Consider defining this token check as a YAML anchor to avoid repeating it in each fixture config.

.vortex/installer/tests/Fixtures/install/_baseline/.github/workflows/deps-updates.yml (1)

18-26: 🧹 Nitpick (assertive)

Extract token check into a reusable action (duplicate).

The inline script correctly guards against a missing RENOVATE_TOKEN, but this pattern is repeated across workflows and fixtures. Consider refactoring it into a composite action or shared workflow to DRY up your CI configurations.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Lite

📥 Commits

Reviewing files that changed from the base of the PR and between 9dd765e and cd6eb27.

📒 Files selected for processing (8)

• .circleci/config.yml (1 hunks)
• .github/workflows/deps-updates.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/_baseline/.github/workflows/deps-updates.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/ciprovider_circleci/.circleci/config.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/deploy_type_all_circleci/.circleci/config.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/deploy_type_none_circleci/.circleci/config.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/deps_updates_provider_ci_circleci/.circleci/config.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/names/.github/workflows/deps-updates.yml (1 hunks)

🔇 Additional comments (8)

.vortex/installer/tests/Fixtures/install/names/.github/workflows/deps-updates.yml (1)

5-6: Updated fallback email for RENOVATE_GIT_AUTHOR
The new fallback email domain the-new-hope-domain.example aligns with the updated naming convention. No other changes are necessary here.

.circleci/config.yml (1)

424-431: Implement early guard for missing RENOVATE_TOKEN
The new step correctly halts the Renovate job when the RENOVATE_TOKEN is unset, preventing subsequent steps from running.

.vortex/installer/tests/Fixtures/install/deploy_type_none_circleci/.circleci/config.yml (1)

352-359: Implement early guard for missing RENOVATE_TOKEN
The guard correctly skips the Renovate job when the token is not provided.

.vortex/installer/tests/Fixtures/install/deploy_type_all_circleci/.circleci/config.yml (1)

398-405: Implement early guard for missing RENOVATE_TOKEN
This step ensures the job exits gracefully if the token is absent.

.vortex/installer/tests/Fixtures/install/deps_updates_provider_ci_circleci/.circleci/config.yml (1)

398-405: Implement early guard for missing RENOVATE_TOKEN
The new guard correctly skips the Renovate steps when the environment variable is unset.

.vortex/installer/tests/Fixtures/install/ciprovider_circleci/.circleci/config.yml (1)

398-405: Approve CircleCI token presence guard.

The new run step correctly checks for an empty or unset RENOVATE_TOKEN, halts further steps with circleci-agent step halt, and exits cleanly. This aligns with the main CI configuration and prevents unnecessary execution when the token is missing.

.github/workflows/deps-updates.yml (1)

29-30: Approve conditional execution of Renovate.

Using if: steps.check-token.outputs.token_exists == 'true' ensures that the Renovate step only runs when a valid token is present.

.vortex/installer/tests/Fixtures/install/_baseline/.github/workflows/deps-updates.yml (1)

29-30: Approve baseline conditional guard.

The if: steps.check-token.outputs.token_exists == 'true' condition properly prevents the Renovate step from running without a token.

[coderabbitai]

🧹 Nitpick (assertive)

Approve GitHub Actions token check step.

This step properly skips the Renovate action when secrets.RENOVATE_TOKEN is unset or empty, and emits a token_exists output for downstream gating. To reduce duplication across multiple workflows, consider encapsulating this logic in a composite GitHub Action or reusable workflow.

🤖 Prompt for AI Agents

In .github/workflows/deps-updates.yml around lines 18 to 26, the Renovate token
check step works correctly but duplicates logic across workflows. Refactor by
extracting this token check logic into a composite GitHub Action or a reusable
workflow file. Then update this workflow to call that reusable component,
reducing duplication and improving maintainability.

[AlexSkrypnyk]

@coderabbitai could this have used an ‘if:’ check on the step?

[coderabbitai]

@AlexSkrypnyk Yes, this could definitely have used a direct 'if:' condition on the step instead of a separate check. It could be simplified to:

- name: Self-hosted Renovate
  if: secrets.RENOVATE_TOKEN != ''
  uses: renovatebot/github-action@v42.0.2
  # rest of the step configuration...

The current approach with a separate check step does provide explicit logging when the token is missing, which might be helpful for troubleshooting, but the direct 'if:' condition would be more concise.

🐰 thinking

[AlexSkrypnyk]

@skipper-vp please implement this way

[coderabbitai]

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!

[AlexSkrypnyk]

@skipper-vp
please see my comments

[AlexSkrypnyk]

@skipper-vp please implement this way

[AlexSkrypnyk]

@skipper-vp
could you please try without exit 0

[AlexSkrypnyk]

@skipper-vp
Could you please also update the docs around auto updates https://vortex.drevops.com/tools/renovate (please find the page in .vortex/docs). Just need to say that if the token is not present and the job is configured - the job will run but the updates will be skipped.

[AlexSkrypnyk]

this is not needed exit 0

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (6)

.circleci/config.yml (1)

424-431: 🧹 Nitpick (assertive)

Consolidate and reposition RENOVATE_TOKEN guard
The check for RENOVATE_TOKEN is correctly preventing Renovate steps from running when the token is absent. However, this guard is duplicated across multiple jobs and still sits after checkout, causing an unnecessary repo clone when the token is missing. Consider extracting this logic into a reusable YAML anchor to DRY up the config, and moving it before the checkout step to avoid cloning altogether.

.vortex/installer/tests/Fixtures/install/deploy_type_none_circleci/.circleci/config.yml (1)

352-359: 🧹 Nitpick (assertive)

Extract RENOVATE_TOKEN guard into an anchor
This early-exit snippet is duplicated across several fixture configs. To improve maintainability, extract the if [ -z "${RENOVATE_TOKEN}" ] … fi block into a shared YAML anchor (or include a script) and reference it in each deps-updates job.

.vortex/installer/tests/Fixtures/install/deploy_type_all_circleci/.circleci/config.yml (1)

398-405: DRY principle: Consolidate Renovate token check
The Check if RENOVATE_TOKEN is set step correctly halts the job when the token is missing. Since this logic is duplicated across multiple CircleCI fixture configs, consider extracting it into a shared YAML anchor (e.g., &renovate_token_check) and referencing it in each job to centralize maintenance.

.vortex/installer/tests/Fixtures/install/deps_updates_provider_ci_circleci/.circleci/config.yml (1)

398-405: DRY principle: Consolidate Renovate token check
The guard step properly exits the Renovate job when RENOVATE_TOKEN is unset. To reduce repetition across fixture configs, extract this snippet into a YAML anchor (e.g., &renovate_token_check) and reuse it in each deps-updates job.

.github/workflows/deps-updates.yml (1)

18-27: DRY & Simplification: Token check step
The "Check Renovate Token" step effectively skips the Renovate action when the secret is missing. To avoid duplicating this logic across workflows, consider extracting it into a composite GitHub Action or reusable workflow. Alternatively, you could simplify by adding if: secrets.RENOVATE_TOKEN != '' directly on the "Self-hosted Renovate" step and removing the separate guard step.

.vortex/installer/tests/Fixtures/install/_baseline/.github/workflows/deps-updates.yml (1)

18-26: DRY principle: Reusable token check
This pre-check correctly skips Renovate when RENOVATE_TOKEN is absent. To DRY up across multiple workflows, refactor the logic into a composite Action or reusable workflow step, then invoke it here and in other workflows for consistency and easier maintenance.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Lite

📥 Commits

Reviewing files that changed from the base of the PR and between cd6eb27 and 648df5b.

📒 Files selected for processing (9)

• .circleci/config.yml (1 hunks)
• .github/workflows/deps-updates.yml (1 hunks)
• .vortex/docs/content/tools/renovate.mdx (1 hunks)
• .vortex/installer/tests/Fixtures/install/_baseline/.github/workflows/deps-updates.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/ciprovider_circleci/.circleci/config.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/deploy_type_all_circleci/.circleci/config.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/deploy_type_none_circleci/.circleci/config.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/deps_updates_provider_ci_circleci/.circleci/config.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/names/.github/workflows/deps-updates.yml (1 hunks)

🔇 Additional comments (2)

.vortex/docs/content/tools/renovate.mdx (1)

34-35: Good clarification on graceful skip
The added note accurately reflects the CI behavior: if RENOVATE_TOKEN is absent, the job is skipped without failure. This aligns the documentation with the updated workflows.

.vortex/installer/tests/Fixtures/install/names/.github/workflows/deps-updates.yml (1)

5-6:

✅ Verification successful

Rename fallback author email
The default RENOVATE_GIT_AUTHOR address has been updated to renovatebot@the-new-hope-domain.example. Please ensure this change is mirrored in any other workflows or docs using the old star-wars-domain.example address.

Run this script to locate any remaining instances of the old email:

---

🏁 Script executed:

#!/bin/bash
# Find leftover occurrences of the old fallback author email
rg -l 'renovatebot@star-wars-domain\.example'

Length of output: 47

---

All occurrences of the old fallback author email have been replaced
Ran rg -l 'renovatebot@star-wars-domain\.example' with no matches. No further action required.

[coderabbitai]

🧹 Nitpick (assertive)

Centralize Renovate token check
The pre-check for RENOVATE_TOKEN repeats here as well. For consistency and easier future updates, factor this guard into a YAML anchor or common snippet, and consider running it before checkout to skip cloning when the token is unset.

🤖 Prompt for AI Agents

In
.vortex/installer/tests/Fixtures/install/ciprovider_circleci/.circleci/config.yml
around lines 398 to 405, the check for RENOVATE_TOKEN is duplicated. Refactor
this by creating a YAML anchor or reusable snippet for the RENOVATE_TOKEN guard
and reference it where needed. Move this check to run before the checkout step
to avoid unnecessary cloning when the token is not set, improving efficiency and
maintainability.

[coderabbitai]

Actionable comments posted: 3

♻️ Duplicate comments (5)

.vortex/installer/tests/Fixtures/install/_baseline/.github/workflows/deps-updates.yml (1)

18-26: Extract token check into reusable component
The inline token presence check is duplicated across multiple workflows. Consider refactoring this logic into a composite GitHub Action or reusable workflow to DRY up and maintain consistency across all deps-updates workflows.

.vortex/installer/tests/Fixtures/install/deploy_type_none_circleci/.circleci/config.yml (1)

352-359: DRY up Renovate token guard across CircleCI fixtures
The run: Check if RENOVATE_TOKEN is set step is duplicated in multiple fixture configs. Extract this pre-check into a reusable YAML anchor (or single command definition) and reference it in each deps-updates job to adhere to DRY principles and simplify future updates.

.vortex/installer/tests/Fixtures/install/deploy_type_all_circleci/.circleci/config.yml (1)

398-405: Consolidate Renovate token check into a shared anchor
The early exit guard for RENOVATE_TOKEN repeats here as well. Define this step in one place (e.g., a YAML anchor under aliases:) and reference it in each deps-updates job to avoid duplication and ease maintenance.

.vortex/installer/tests/Fixtures/install/deps_updates_provider_ci_circleci/.circleci/config.yml (1)

398-405: Centralize the Renovate token guard for maintainability
This Check if RENOVATE_TOKEN is set run step is identical to other fixtures. Consider moving the logic into a single YAML anchor or reusable command and then referencing it here, so updates to the guard only need to be made in one location.

.vortex/installer/tests/Fixtures/install/ciprovider_circleci/.circleci/config.yml (1)

398-405: 🧹 Nitpick (assertive)

Optimize and DRY the Renovate token guard

1. To avoid cloning the repo when the token is missing, move this Check if RENOVATE_TOKEN is set step to run before the checkout step.
2. This guard is duplicated across fixtures—extract it into a YAML anchor under aliases: (or a common command) and reference it in each deps-updates job for easier maintenance.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Lite

📥 Commits

Reviewing files that changed from the base of the PR and between 648df5b and 629767e.

📒 Files selected for processing (9)

• .circleci/config.yml (1 hunks)
• .github/workflows/deps-updates.yml (1 hunks)
• .vortex/docs/content/tools/renovate.mdx (1 hunks)
• .vortex/installer/tests/Fixtures/install/_baseline/.github/workflows/deps-updates.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/ciprovider_circleci/.circleci/config.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/deploy_type_all_circleci/.circleci/config.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/deploy_type_none_circleci/.circleci/config.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/deps_updates_provider_ci_circleci/.circleci/config.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/names/.github/workflows/deps-updates.yml (1 hunks)

🔇 Additional comments (4)

.circleci/config.yml (1)

424-431: Early exit guard is correct
The newly added Check if RENOVATE_TOKEN is set step properly halts the Renovate job when the token is missing, preventing downstream steps from running without authentication and avoiding failures.

.github/workflows/deps-updates.yml (1)

18-26: Check step correctly skips Renovate
The Check Renovate Token step ensures that the workflow outputs a friendly message and exits successfully when RENOVATE_TOKEN is not set, preventing any further Renovate actions without causing failures.

.vortex/docs/content/tools/renovate.mdx (1)

34-35: Clarify missing token behavior in documentation
This note accurately reflects the CI/CD updates by stating that the Renovate job will still run but skip update steps when RENOVATE_TOKEN is not provided, preventing build failures and matching the implemented behavior.

.vortex/installer/tests/Fixtures/install/names/.github/workflows/deps-updates.yml (1)

5-6: Update default Git author email
The fallback RENOVATE_GIT_AUTHOR email has been updated to renovatebot@the-new-hope-domain.example. Ensure this new domain is correct for commit attribution in self-hosted workflows.

[coderabbitai]

🧹 Nitpick (assertive)

Consolidate conditional into step-level if
You can eliminate the separate check step and instead use a single if: secrets.RENOVATE_TOKEN != '' on the uses: renovatebot/github-action step. This reduces verbosity while still safely skipping the action when the token is absent.

🤖 Prompt for AI Agents

In .github/workflows/deps-updates.yml at lines 29 to 30, the current workflow
uses a separate step to check if the token exists before running the renovatebot
action. Remove the separate token check step and instead add an `if:
secrets.RENOVATE_TOKEN != ''` condition directly on the
renovatebot/github-action step to simplify the workflow and skip the action
safely when the token is missing.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Lite

📥 Commits

Reviewing files that changed from the base of the PR and between 629767e and cc12e15.

📒 Files selected for processing (3)

• .github/workflows/deps-updates.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/_baseline/.github/workflows/deps-updates.yml (1 hunks)
• .vortex/installer/tests/Fixtures/install/names/.github/workflows/deps-updates.yml (1 hunks)

🔇 Additional comments (1)

.vortex/installer/tests/Fixtures/install/names/.github/workflows/deps-updates.yml (1)

5-6: Approve update to the default Renovate Git author email in the names fixture
Changing the placeholder from star-wars-domain.example to the-new-hope-domain.example aligns with the new naming convention in this test fixture without impacting production workflows.

[coderabbitai]

🧹 Nitpick (assertive)

Extract baseline token-check into a reusable component
The baseline fixture correctly implements the token-presence check and output quoting. To keep your test fixtures in sync and reduce duplication, consider moving this script into a shared composite action or workflow and invoking it here:

-      - name: Check Renovate Token
-        id: check-token
-        run: |
-          if [ -z "${{ secrets.RENOVATE_TOKEN }}" ]; then
-            echo "Renovate token is not set. Skipping Renovate step."
-          else
-            echo "token_exists=true" >> "$GITHUB_OUTPUT"
-          fi
+      - uses: ./.github/actions/check-renovate-token@v1

Also applies to: 28-29

🤖 Prompt for AI Agents

In
.vortex/installer/tests/Fixtures/install/_baseline/.github/workflows/deps-updates.yml
around lines 18 to 26 and also lines 28-29, the Renovate token check script is
duplicated. Refactor by extracting this token-presence check into a reusable
composite action or workflow. Then replace the inline script here with a call to
that shared component to reduce duplication and keep test fixtures consistent.

[skipper-vp]

@AlexSkrypnyk Redundant exit 0 was removed.
I don't see the point in moving the check in a reusable component, for sake of readability, I'd keep it as is.