Skip to content

[#1618] Fixed self-hosted Renovate runs without RENOVATE_TOKEN set. #1646

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
AlexSkrypnyk merged 2 commits into from
May 16, 2025
Merged

[#1618] Fixed self-hosted Renovate runs without RENOVATE_TOKEN set. #1646

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
629767e
[#1618]: Added renovate token check.
skipper-vp May 15, 2025
cc12e15
Merge branch 'develop' into feature/1618-renovate-token-check
AlexSkrypnyk May 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .circleci/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -421,6 +421,13 @@ jobs:
RENOVATE_GIT_AUTHOR: *renovatebot_git_author
steps:
- checkout
- run:
name: Check if RENOVATE_TOKEN is set
command: |
if [ -z "${RENOVATE_TOKEN}" ]; then
echo "RENOVATE_TOKEN is not set. Skipping Renovate job."
circleci-agent step halt
fi
- run: renovate-config-validator
- run: renovate
#;> DEPS_UPDATE_PROVIDER_CI
Expand Down
10 changes: 10 additions & 0 deletions .github/workflows/deps-updates.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,17 @@ jobs:
with:
node-version: 22.13.1

- name: Check Renovate Token
id: check-token
run: |
if [ -z "${{ secrets.RENOVATE_TOKEN }}" ]; then
echo "Renovate token is not set. Skipping Renovate step."
else
echo "token_exists=true" >> "$GITHUB_OUTPUT"
fi

- name: Self-hosted Renovate
if: steps.check-token.outputs.token_exists == 'true'
uses: renovatebot/github-action@v42.0.2
Comment on lines +28 to 29
Copy link

@coderabbitai coderabbitai bot May 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick (assertive)

Consolidate conditional into step-level if
You can eliminate the separate check step and instead use a single if: secrets.RENOVATE_TOKEN != '' on the uses: renovatebot/github-action step. This reduces verbosity while still safely skipping the action when the token is absent.

🤖 Prompt for AI Agents 
In .github/workflows/deps-updates.yml at lines 29 to 30, the current workflow
uses a separate step to check if the token exists before running the renovatebot
action. Remove the separate token check step and instead add an `if:
secrets.RENOVATE_TOKEN != ''` condition directly on the
renovatebot/github-action step to simplify the workflow and skip the action
safely when the token is missing.

with:
configurationFile: renovate.json
Expand Down
3 changes: 3 additions & 0 deletions .vortex/docs/content/tools/renovate.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,9 @@ in CircleCI or GitHub Actions.
A self-hosted service can be beneficial when your project is restricted in terms
of third-party access.

**Note**: If the `RENOVATE_TOKEN` is not provided and the job is configured, the job will still run but the Renovate
update steps will be skipped gracefully without causing a build failure.

### Setting up Renovate self-hosted in CircleCI

Create a GitHub token with a permission to write to a repository and add it to
Expand Down
10 changes: 10 additions & 0 deletions .vortex/installer/tests/Fixtures/install/_baseline/.github/workflows/deps-updates.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,17 @@ jobs:
with:
node-version: 22.13.1

- name: Check Renovate Token
id: check-token
run: |
if [ -z "${{ secrets.RENOVATE_TOKEN }}" ]; then
echo "Renovate token is not set. Skipping Renovate step."
else
echo "token_exists=true" >> "$GITHUB_OUTPUT"
fi

Comment on lines +18 to +26
Copy link

@coderabbitai coderabbitai bot May 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick (assertive)

Extract baseline token-check into a reusable component
The baseline fixture correctly implements the token-presence check and output quoting. To keep your test fixtures in sync and reduce duplication, consider moving this script into a shared composite action or workflow and invoking it here:

-      - name: Check Renovate Token
-        id: check-token
-        run: |
-          if [ -z "${{ secrets.RENOVATE_TOKEN }}" ]; then
-            echo "Renovate token is not set. Skipping Renovate step."
-          else
-            echo "token_exists=true" >> "$GITHUB_OUTPUT"
-          fi
+      - uses: ./.github/actions/check-renovate-token@v1

Also applies to: 28-29

🤖 Prompt for AI Agents 
In
.vortex/installer/tests/Fixtures/install/_baseline/.github/workflows/deps-updates.yml
around lines 18 to 26 and also lines 28-29, the Renovate token check script is
duplicated. Refactor by extracting this token-presence check into a reusable
composite action or workflow. Then replace the inline script here with a call to
that shared component to reduce duplication and keep test fixtures consistent.

- name: Self-hosted Renovate
if: steps.check-token.outputs.token_exists == 'true'
uses: renovatebot/github-action@__VERSION__
with:
configurationFile: renovate.json
Expand Down
7 changes: 7 additions & 0 deletions .vortex/installer/tests/Fixtures/install/ciprovider_circleci/.circleci/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -395,6 +395,13 @@ jobs:
RENOVATE_GIT_AUTHOR: *renovatebot_git_author
steps:
- checkout
- run:
name: Check if RENOVATE_TOKEN is set
command: |
if [ -z "${RENOVATE_TOKEN}" ]; then
echo "RENOVATE_TOKEN is not set. Skipping Renovate job."
circleci-agent step halt
fi
- run: renovate-config-validator
- run: renovate

Expand Down
7 changes: 7 additions & 0 deletions .vortex/installer/tests/Fixtures/install/deploy_type_all_circleci/.circleci/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -395,6 +395,13 @@ jobs:
RENOVATE_GIT_AUTHOR: *renovatebot_git_author
steps:
- checkout
- run:
name: Check if RENOVATE_TOKEN is set
command: |
if [ -z "${RENOVATE_TOKEN}" ]; then
echo "RENOVATE_TOKEN is not set. Skipping Renovate job."
circleci-agent step halt
fi
- run: renovate-config-validator
- run: renovate

Expand Down
7 changes: 7 additions & 0 deletions .vortex/installer/tests/Fixtures/install/deploy_type_none_circleci/.circleci/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -349,6 +349,13 @@ jobs:
RENOVATE_GIT_AUTHOR: *renovatebot_git_author
steps:
- checkout
- run:
name: Check if RENOVATE_TOKEN is set
command: |
if [ -z "${RENOVATE_TOKEN}" ]; then
echo "RENOVATE_TOKEN is not set. Skipping Renovate job."
circleci-agent step halt
fi
- run: renovate-config-validator
- run: renovate

Expand Down
7 changes: 7 additions & 0 deletions ...x/installer/tests/Fixtures/install/deps_updates_provider_ci_circleci/.circleci/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -395,6 +395,13 @@ jobs:
RENOVATE_GIT_AUTHOR: *renovatebot_git_author
steps:
- checkout
- run:
name: Check if RENOVATE_TOKEN is set
command: |
if [ -z "${RENOVATE_TOKEN}" ]; then
echo "RENOVATE_TOKEN is not set. Skipping Renovate job."
circleci-agent step halt
fi
- run: renovate-config-validator
- run: renovate

Expand Down
2 changes: 1 addition & 1 deletion .vortex/installer/tests/Fixtures/install/names/.github/workflows/deps-updates.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
@@ -27,4 +27,4 @@
@@ -37,4 +37,4 @@
RENOVATE_DEPENDENCY_DASHBOARD_TITLE: 'Renovate Dependency Dashboard (self-hosted) by GitHub Actions'
RENOVATE_DEPENDENCY_DASHBOARD: ${{ vars.RENOVATE_DEPENDENCY_DASHBOARD || 'false' }}
RENOVATE_DRY_RUN: ${{ vars.RENOVATE_DRY_RUN || 'false' }}
Expand Down