Skip to content

chore: update Renovate configuration to require RENOVATE_TOKEN for im… #97

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
chiragmak10 merged 2 commits into from
Mar 1, 2026
Merged

chore: update Renovate configuration to require RENOVATE_TOKEN for im… #97

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
dfe3631
chore: update Renovate configuration to require RENOVATE_TOKEN for im…
chiragmak10 Mar 1, 2026
b53ac60
fix renovata
chiragmak10 Mar 1, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 10 additions & 1 deletion .github/workflows/renovate.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,16 +14,25 @@ jobs:
renovate:
name: Run Renovate Bot
runs-on: ubuntu-latest
env:
RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}

steps:
- name: Validate Renovate token
if: ${{ env.RENOVATE_TOKEN == '' }}
run: |
echo "RENOVATE_TOKEN is not configured."
echo "Set repository secret RENOVATE_TOKEN (fine-grained token with Contents: Read/Write and Pull requests: Read/Write)."
exit 1

- name: Checkout repository
uses: actions/checkout@v4

- name: Run Renovate
uses: renovatebot/github-action@v44.0.3
with:
configurationFile: renovate.json
token: ${{ secrets.RENOVATE_TOKEN || github.token }}
token: ${{ env.RENOVATE_TOKEN }}
env:
LOG_LEVEL: debug
RENOVATE_REPOSITORIES: ${{ github.repository }}
280 changes: 0 additions & 280 deletions IMPLEMENTATION_SUMMARY.md
View file
Open in desktop

This file was deleted.

16 changes: 12 additions & 4 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,16 +120,24 @@ This repo now uses Renovate to auto-update dependencies (including template mani

### One-time setup

1. No additional token is required. Renovate uses the default `secrets.GITHUB_TOKEN`.
2. Enable repository auto-merge in GitHub settings.
3. Protect `master` and require CI checks before merge.
1. Create a repository secret named `RENOVATE_TOKEN`.
2. Use a fine-grained GitHub token scoped to this repository with:
- Contents: Read and write
- Pull requests: Read and write
3. Enable repository auto-merge in GitHub settings.
4. Protect `master`, require CI checks before merge, and enable merge queue.

Why: PRs created with `GITHUB_TOKEN` do not trigger downstream `pull_request` workflows. Using `RENOVATE_TOKEN` ensures CI checks run and automerge can complete.

Workflow file: `.github/workflows/renovate.yml`
Config file: `renovate.json`

Behavior:

- All dependency updates (major, minor, patch) auto-merge after checks pass.
- Renovate runs with controlled concurrency (`prConcurrentLimit` and `branchConcurrentLimit` set to `3`) to reduce conflicts.
- Major updates are never auto-merged and require manual review.
- Minor, patch, pin, and digest updates are grouped into fewer PRs and auto-merge after checks pass.
- Renovate automatically rebases dependency PRs when they fall behind `master`.
- Custom regex managers keep template manifests, the resolver registry, and README dependency rows in sync.

## Screenshot
Expand Down
Loading
Loading