ci: adopt org-wide self-hosted Renovate workflow#36
Merged
Conversation
Adds a thin Renovate trigger that delegates to the org-wide reusable workflow at plugwerk/.github/.github/workflows/renovate.yml. The reusable workflow holds the SHA-pinned renovatebot/github-action call; this stub keeps only the per-repo schedule, permissions, and workflow_dispatch input. Adopting the self-hosted trigger here gives this repo the same observable Actions-tab cadence that plugwerk/plugwerk has had since PR #462, instead of relying purely on Mend-Hosted Renovate (which runs in parallel and is not affected by this change). Token model is single-repo: GITHUB_TOKEN in workflow_call resolves to the caller's repo-scoped token. No PAT, no GitHub App. See plugwerk/plugwerk ADR-0032 for the architecture rationale. Refs plugwerk/.github#3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a thin Renovate trigger workflow that delegates to the new org-wide reusable workflow at
plugwerk/.github/.github/workflows/renovate.yml. This givesexamplesthe same observable Actions-tab cadence thatplugwerk/plugwerkhas had since PR #462, instead of relying purely on Mend-Hosted Renovate (which runs in parallel and is not affected by this change).This repo currently has no self-hosted Renovate. The trigger added here is brand-new, not a refactor.
Blocked by
mainofplugwerk/.githubbeforeuses: plugwerk/.github/.github/workflows/renovate.yml@maincan resolve.What's in this PR
A single new file:
.github/workflows/renovate.yml. 25 lines of stub. Defines the schedule (Mon-Fri 04:00 UTC), theworkflow_dispatchinput, and the per-repo permissions (contents,pull-requests,issues— allwrite, all scoped to this repo via the caller-sideGITHUB_TOKEN).Token model
Single-repo.
${{ secrets.GITHUB_TOKEN }}in the reusable workflow resolves to this repo'sGITHUB_TOKEN, scoped to this repo. Adopting the workflow does not add cross-repo write access — the workflow can only branch and PR againstplugwerk/examples.What does NOT change
.github/renovate.jsonadopted in chore: adopt org-wide Renovate config #34 is unchanged. The trigger fires Renovate against that config.Verification after merge (and after plugwerk/.github#3 merge)
gh workflow run renovate.yml --repo plugwerk/examples— the run should appear in the Actions tab and complete cleanly.dependencyDashboard: truesetting comes from the inherited org default).Type of Change
AI Agent Disclosure