From 13aba258a1d0ed4be75369e6ea139e6d92cc4c31 Mon Sep 17 00:00:00 2001
From: Tomas Coufal <tcoufal@redhat.com>
Date: Mon, 3 Apr 2023 17:19:36 +0200
Subject: [PATCH] chore(ci): tune renovate setup

Signed-off-by: Tomas Coufal <tcoufal@redhat.com>
---
 .github/dependabot.yml                 |  6 ------
 renovate.json => .github/renovate.json |  3 ++-
 .github/workflows/release.yml          |  8 ++++----
 .github/workflows/test.yml             | 18 +++++++++---------
 4 files changed, 15 insertions(+), 20 deletions(-)
 delete mode 100644 .github/dependabot.yml
 rename renovate.json => .github/renovate.json (61%)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
deleted file mode 100644
index 5ace4600..00000000
--- a/.github/dependabot.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"
diff --git a/renovate.json b/.github/renovate.json
similarity index 61%
rename from renovate.json
rename to .github/renovate.json
index 39a2b6e9..818842f2 100644
--- a/renovate.json
+++ b/.github/renovate.json
@@ -1,6 +1,7 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "extends": [
-    "config:base"
+    "config:base",
+    "helpers:pinGitHubActionDigests"
   ]
 }
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 6c9c9fb6..3cd04022 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # pin@v3
+        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # renovate: tag=v3
         with:
           fetch-depth: 0
 
@@ -33,21 +33,21 @@ jobs:
           helm repo add backstage https://backstage.github.io/charts
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # pin@v1.5.0
+        uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # renovate: tag=v1.5.0
         with:
           config: cr.yaml
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a #pin@v2.1.0
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # renovate: tag=v2.1.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Install Cosign
-        uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 #pin@v3.0.1
+        uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # renovate: tag=v3.0.1
 
       - name: Publish and Sign OCI Charts
         run: |
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 5f3c0701..03c2e4b8 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -12,13 +12,13 @@ jobs:
       GO111MODULE: on
     steps:
       - name: Checkout
-        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # pin@v3
+        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # renovate: tag=v3
 
-      - uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # pin@v4
+      - uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # renovate: tag=v4
         with:
           python-version: 3.7
 
-      - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # pin@v3
+      - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # renovate: tag=v3
         with:
           go-version: ^1
 
@@ -26,27 +26,27 @@ jobs:
         run: go install github.com/norwoodj/helm-docs/cmd/helm-docs@latest
 
       - name: Run pre-commit
-        uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 # pin@v3.0.0
+        uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 # renovate: tag=v3.0.0
 
   test:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # pin@v3
+        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # renovate: tag=v3
         with:
           fetch-depth: 0
 
       - name: Set up Helm
-        uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # pin@v3.5
+        uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # renovate: tag=v3.5
         with:
           version: v3.10.0
 
-      - uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # pin@v4
+      - uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # renovate: tag=v4
         with:
           python-version: 3.7
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # pin@v2.3.0
+        uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # renovate: tag=v2.4.0
 
       - name: "Add NGINX Ingress and Bitnami Repository"
         run: |
@@ -59,7 +59,7 @@ jobs:
         run: ct lint --config ct.yaml
 
       - name: Create KIND Cluster
-        uses: helm/kind-action@d8ccf8fb623ce1bb360ae2f45f323d9d5c5e9f00 # pin@v1.5.0
+        uses: helm/kind-action@d8ccf8fb623ce1bb360ae2f45f323d9d5c5e9f00 # renovate: tag=v1.5.0
 
       - name: Install Ingress Controller
         run: "helm install ingress-nginx/ingress-nginx --generate-name --set controller.service.type='NodePort' --set controller.admissionWebhooks.enabled=false"