Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Self Hosted Renovate with GitHub Actions #73

Open
suzuki-shunsuke opened this issue Nov 21, 2021 · 7 comments
Open

Self Hosted Renovate with GitHub Actions #73

suzuki-shunsuke opened this issue Nov 21, 2021 · 7 comments

Comments

@suzuki-shunsuke
Copy link
Owner

  • https://github.com/renovatebot/github-action
  • 基本は White Source Renovate で良いが、対象の package の数が増えると White Source Renovate で処理しきれなくなる
  • GitHub Actions で Self Hosted Renovate を動かすと White Source Renovate より多くの package を処理できる
  • Self Hosted Renovate の動かし方としては GitHub Actions 以外にもあるが、 GitHub Actions であれば運用コストが減らせる
  • GitHub Actions の場合、 GitHub Actions を動かすリポジトリとは別のリポジトリを更新できるが、そうすると rebase ラベルをつけたり、 checkbox に check をつけたりして rebase するのが難しいはず
    • 同じリポジトリで動かした場合にうまく処理できるか試す
  • Self Hosted Renovate と White Source Renovate を同じリポジトリで動かした場合、競合することがある。 Self Hosted Renovate で作った PR が White Source Renovate によって rebase されたりとか
    • 完全に競合しないようにできたとしても、そうすると同じ PR が両方で作られてしまいそうなので、やはり共存は無理なのか?
@suzuki-shunsuke
Copy link
Owner Author

https://github.com/renovatebot/github-action

The branchPrefix option is important to configure and should be configured to a value other than the default to prevent interference with e.g. the Renovate GitHub App.

ただこの description は、 branchPrefix さえ変えれば共存させられるかのように見える。

@suzuki-shunsuke
Copy link
Owner Author

suzuki-shunsuke commented Nov 21, 2021
edited
Loading

self hosted renovate の gitAuthor の email をどうすればいいか忘れた。

追記

$botname[bot]@users.noreply.github.com でいいみたい。
123456+ みたいな prefix はなくてもよいみたい。

@suzuki-shunsuke
Copy link
Owner Author

suzuki-shunsuke commented Nov 22, 2021
edited
Loading

gitAuthor は必要なんだっけ?要検証

消したら失敗

DEBUG: GitHub failure: Resource not accessible by integration
https://api.github.com/user

https://docs.github.com/en/rest/overview/endpoints-available-for-github-apps

DEBUG: Using default github endpoint: https://api.github.com/
DEBUG: GitHub failure: Resource not accessible by integration
       "err": {
         "name": "HTTPError",
         "timings": {
           "start": 1637540413530,
           "socket": 1637540413532,
           "lookup": 1637540413553,
           "connect": 1637540413557,
           "secureConnect": 1637540413568,
           "upload": 1637540413568,
           "response": 1637540413608,
           "end": 1637540413613,
           "phases": {
             "wait": 2,
             "dns": 21,
             "tcp": 4,
             "tls": 11,
             "request": 0,
             "firstByte": 40,
             "download": 5,
             "total": 83
           }
         },
         "message": "Response code 403 (Forbidden)",
         "stack": "HTTPError: Response code 403 (Forbidden)\n    at Request.<anonymous> (/usr/src/app/node_modules/got/dist/source/as-promise/index.js:117:42)\n    at processTicksAndRejections (internal/process/task_queues.js:95:5)",
         "options": {
           "headers": {
             "user-agent": "RenovateBot/29.3.0 (https://github.com/renovatebot/renovate)",
             "accept": "application/vnd.github.machine-man-preview+json",
             "authorization": "***********",
             "accept-encoding": "gzip, deflate, br"
           },
           "url": "https://api.github.com/user",
           "hostType": "github",
           "username": "",
           "password": "",
           "method": "GET",
           "http2": false
         },
         "response": {
           "statusCode": 403,
           "statusMessage": "Forbidden",
           "body": {
             "message": "Resource not accessible by integration",
             "documentation_url": "https://docs.github.com/rest/reference/users#get-the-authenticated-user"
           },
           "headers": {
             "server": "GitHub.com",
             "date": "Mon, 22 Nov 2021 00:20:13 GMT",
             "content-type": "application/json; charset=utf-8",
             "transfer-encoding": "chunked",
             "x-github-media-type": "github.v3; param=machine-man-preview; format=json",
             "x-ratelimit-limit": "5000",
             "x-ratelimit-remaining": "4965",
             "x-ratelimit-reset": "1637543198",
             "x-ratelimit-used": "35",
             "x-ratelimit-resource": "core",
             "access-control-expose-headers": "ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, Deprecation, Sunset",
             "access-control-allow-origin": "*",
             "strict-transport-security": "max-age=31536000; includeSubdomains; preload",
             "x-frame-options": "deny",
             "x-content-type-options": "nosniff",
             "x-xss-protection": "0",
             "referrer-policy": "origin-when-cross-origin, strict-origin-when-cross-origin",
             "content-security-policy": "default-src 'none'",
             "vary": "Accept-Encoding, Accept, X-Requested-With",
             "content-encoding": "gzip",
             "x-github-request-id": "0680:1DC6:AA4A41:1822209:619AE23D",
             "connection": "close"
           },
           "httpVersion": "1.1"
         }
       }
DEBUG: Error authenticating with GitHub
       "err": {
         "message": "integration-unauthorized",
         "stack": "Error: integration-unauthorized\n    at handleGotError (/usr/src/app/node_modules/renovate/lib/util/http/github.ts:98:11)\n    at GithubHttp.request (/usr/src/app/node_modules/renovate/lib/util/http/github.ts:247:7)\n    at processTicksAndRejections (internal/process/task_queues.js:95:5)\n    at GithubHttp.requestJson (/usr/src/app/node_modules/renovate/lib/util/http/index.ts:239:17)\n    at getUserDetails (/usr/src/app/node_modules/renovate/lib/platform/github/user.ts:22:7)\n    at Proxy.initPlatform (/usr/src/app/node_modules/renovate/lib/platform/github/index.ts:130:19)\n    at initPlatform (/usr/src/app/node_modules/renovate/lib/platform/index.ts:46:24)\n    at globalInitialize (/usr/src/app/node_modules/renovate/lib/workers/global/initialize.ts:41:12)\n    at Object.start (/usr/src/app/node_modules/renovate/lib/workers/global/index.ts:90:14)\n    at /usr/src/app/node_modules/renovate/lib/renovate.ts:16:22"
       }
FATAL: Authentication failure
DEBUG: Renovate exiting
 INFO: Renovate is exiting with a non-zero code due to the following logged errors
       "loggerErrors": [
         {
           "name": "renovate",
           "level": 60,
           "logContext": "40j9q6Xok",
           "msg": "Authentication failure"
         }
       ]

https://github.com/renovatebot/renovate/blob/34d0d9e6dc7749e1561f2ece316f8dc20859b037/lib/util/http/github.ts#L96-L105

@suzuki-shunsuke
Copy link
Owner Author

suzuki-shunsuke commented Nov 22, 2021
edited
Loading

rebase event を handling できるようにする

https://docs.github.com/ja/actions/learn-github-actions/workflow-syntax-for-github-actions

最初は 「cron で実行しているものを pull_request event で実行するようにすれば良い(適切にフィルタした上で)」と思ったが、
そもそも実行するべき job が違う事に気づいた。
新しい PR を open するのではなく、対象の PR を rebase すること。
単に rebase するだけでなく、改めて PR を作り直す感じ。
どうやればいいのか。 Renovate のコードを見てみないとわからない気がする

@suzuki-shunsuke
Copy link
Owner Author

suzuki-shunsuke commented Nov 22, 2021
edited
Loading

もしかして Renovate は label や checkbox のイベントを hook しているわけではなく、単に全リポジトリ, branch を定期的にチェックしているだけなんだろうか?

試しに checkbox に check つけた上で手で action を実行して rebase されるか確認する

=> rebase された

そうなると、定期実行されるのを待つか、 pull_request event を hook するようにするかだが、
pull_request event を hook するとなると過剰に Renovate が実行され、 Rate Limit に引っかかる懸念がある

まぁリアルタイムとは程遠いが、 15 分に一回とか実行していれば許容範囲な気はする。

@suzuki-shunsuke
Copy link
Owner Author

suzuki-shunsuke commented Nov 22, 2021
edited
Loading

Dependency Dashboard の Rate Limited はなんの Rate Limit なのか

Rate Limited
These updates are currently rate limited. Click on a checkbox below to force their creation now.

GitHub API の Rate Limit だと思いこんでいたが、そうじゃない可能性もあるので調べる

https://github.com/renovatebot/renovate/blob/32d397348996ebe580a9eda4a0506f56728a680a/lib/workers/repository/dependency-dashboard.ts#L176-L190

@suzuki-shunsuke
Copy link
Owner Author

suzuki-shunsuke commented Nov 22, 2021
edited
Loading

Self Hosted Renovate のログを見てなんで Rate Limit に引っかかってるか調べる

DEBUG: PR hourly limit remaining: 0 (repository=***)
DEBUG: Calculating prConcurrentLimit (20) (repository=***)

DEBUG: Reached branch limit - skipping branch creation (repository=***, branch=***-aws-3.x)

https://docs.renovatebot.com/presets-config/#configbase

{
  "extends": [
    ":dependencyDashboard",
    ":semanticPrefixFixDepsChoreOthers",
    ":ignoreModulesAndTests",
    ":autodetectPinVersions",
    ":prHourlyLimit2",
    ":prConcurrentLimit20",
    "group:monorepos",
    "group:recommended",
    "workarounds:all"
  ]
}

これだ。

":prHourlyLimit2",
":prConcurrentLimit20",

https://docs.renovatebot.com/configuration-options/#prhourlylimit

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@suzuki-shunsuke