Skip to content

ci: adopt org-wide self-hosted Renovate workflow#86

Merged
bigpuritz merged 2 commits into
mainfrom
ci/self-hosted-renovate
May 9, 2026
Merged

ci: adopt org-wide self-hosted Renovate workflow#86
bigpuritz merged 2 commits into
mainfrom
ci/self-hosted-renovate

Conversation

@bigpuritz
Copy link
Copy Markdown
Contributor

@bigpuritz bigpuritz commented May 9, 2026

Summary

Adds a thin Renovate trigger workflow that delegates to the new org-wide reusable workflow at plugwerk/.github/.github/workflows/renovate.yml.

This repo has been Renovate-silent until #85 wired up the org-wide config. Adopting the self-hosted trigger here gives it the same observable Actions-tab cadence that plugwerk/plugwerk has used since PR #462, instead of relying solely on Mend-Hosted Renovate.

Blocked by

What's in this PR

A single new file: .github/workflows/renovate.yml. 25 lines of stub. Defines the schedule (Mon-Fri 04:00 UTC), the workflow_dispatch input, and the per-repo permissions (contents, pull-requests, issues — all write, all scoped to this repo via the caller-side GITHUB_TOKEN).

Token model

Single-repo. ${{ secrets.GITHUB_TOKEN }} in the reusable workflow resolves to this repo's GITHUB_TOKEN, scoped to this repo. Adopting the workflow does not add cross-repo write access — the workflow can only branch and PR against plugwerk/website.

What does NOT change

  • Mend-Hosted Renovate continues to run against this repo in parallel. This trigger is additive, not a replacement.
  • The .github/renovate.json adopted in chore: adopt org-wide Renovate config #85 is unchanged. The trigger fires Renovate against that config.
  • No new secrets, no GitHub App.

Verification after merge (and after plugwerk/.github#3 merge)

  1. gh workflow run renovate.yml --repo plugwerk/website — the run should appear in the Actions tab and complete cleanly.
  2. Because this repo had zero Renovate activity before chore: adopt org-wide Renovate config #85, expect a one-time burst of update PRs on the first run — the org default's grouping and prConcurrentLimit: 5 cap will keep this manageable.

Type of Change

  • CI/Build

AI Agent Disclosure

  • This PR was authored by an AI agent (Claude Opus 4.7)

bigpuritz added 2 commits May 9, 2026 12:53
@bigpuritz
ci: adopt org-wide self-hosted Renovate workflow
2569374 
Adds a thin Renovate trigger that delegates to the org-wide reusable
workflow at plugwerk/.github/.github/workflows/renovate.yml. The
reusable workflow holds the SHA-pinned renovatebot/github-action
call; this stub keeps only the per-repo schedule, permissions, and
workflow_dispatch input.

This repo has been Renovate-silent (zero PRs ever) — adopting the
self-hosted trigger gives it the same observable Actions-tab cadence
plugwerk/plugwerk has used since PR #462, instead of relying solely
on Mend-Hosted Renovate.

Token model is single-repo: GITHUB_TOKEN in workflow_call resolves
to the caller's repo-scoped token. No PAT, no GitHub App.

See plugwerk/plugwerk ADR-0032 for the architecture rationale.

Refs plugwerk/.github#3
@bigpuritz
style: prettier-format renovate workflow stub
2fa8c7c
@bigpuritz bigpuritz merged commit 4eee2f4 into main May 9, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bigpuritz