Migrate from self-hosted Renovate GitHub Action to official Renovate GitHub App

[harryswift01]

Description

Currently we are using a self-hosted GitHub Actions workflow to run Renovate, but this approach can cause potential headaches down the line, especially as we scale Renovate usage across additional repositories in the CCPBioSim organisation. Using the workflow also means PRs are authored by a personal or machine-user PAT, which frequently needs to be rotated and maintained.

To avoid these issues, we should migrate to the official Renovate GitHub App, which provides a more reliable, maintainable, and scalable solution.

Why we should switch to the Renovate GitHub App

• Better scalability across the organisation
  Install once at the organisation level and manage Renovate consistently across all repositories without duplicating workflow files.

• Official renovate[bot] PR authorship
  PRs come from the trusted renovate[bot], improving clarity and aligning with Renovate’s intended usage.

• No more PAT management
  The GitHub Action requires a PAT that must be stored and rotated. The GitHub App eliminates the need for any personal or machine-user credentials.

• Simpler repository maintenance
  No GitHub Actions workflow means fewer files to maintain, no runner usage, and no version pinning for the Renovate Action.

Required changes

To complete the migration, we should remove the now-unnecessary self-hosted workflow.

Tasks

• Remove the workflow file: .github/workflows/renovate.yml
• Remove any unused Renovate-related secrets (e.g., RENOVATE_TOKEN)
• Ensure .github/renovate.json remains the active configuration file