[skip-release] Automerge apk updates and provide better renovate test…

…ing (#385)
Islandora-Devops · Feb 15, 2025 · 7694abe · 7694abe
1 parent f22ba74
commit 7694abe
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 4 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -10,21 +10,23 @@ permissions:
   actions: write
 jobs:
   release:
-    if: github.event.pull_request.merged == true
+    if: github.event.pull_request.merged == true && !contains(github.event.pull_request.title, '[skip-release]')
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout
         uses: 'actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683' # v4
         with:
           fetch-depth: 0
+
       - name: install autotag binary
         run: curl -sL https://git.io/autotag-install | sudo sh -s -- -b /usr/bin
+
       - name: create release
         run: |-
           TAG=$(autotag)
           git tag $TAG
           git push origin $TAG
-          gh release create $TAG
+          gh release create $TAG --title "$TAG" --generate-notes
           gh workflow run push.yml -f tag=$TAG --ref $TAG
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml
@@ -1,6 +1,14 @@
 name: run renovate
 
 on:
+  push:
+    branches:
+      - main
+  pull_request_target:
+    branches:
+      - main
+    types:
+      - closed
   workflow_dispatch:
   # every morning
   schedule:
@@ -23,10 +31,14 @@ jobs:
           node-version: 20
 
       - name: run renovate
+        env:
+          BASE_BRANCH: ${{ github.event_name == 'schedule' && 'main' || github.ref_name }}
         run: |
           # fetch GitHub App token for this repo
           echo "${{ secrets.GH_APP_PRIV_KEY }}" | base64 -d > private-key.pem
           export RENOVATE_TOKEN=$(./ci/fetch-app-token.sh ${{ secrets.GH_APP_ID }} ${{ secrets.GH_APP_INSTALLATION_ID }} private-key.pem)
 
           # run renovate with our token
-          npx renovate --platform=github
+          # using branch set in workflow dispatch to allow testing PRs
+          echo "Running renovate against ${BASE_BRANCH}"
+          npx renovate --platform=github --base-branch "$BASE_BRANCH"
diff --git a/README.md b/README.md
@@ -524,6 +524,7 @@ shasum -a 256 ${ALPACA_FILE}
 Many dependencies in this repo are automatically updated using [renovate](https://www.mend.io/renovate/). Most dependencies are managed using [advanced capture](https://docs.renovatebot.com/modules/manager/regex/#advanced-capture) in the Dockerfile. We utilize the following datasources to receive automatic updates:
 
 - [repology](https://docs.renovatebot.com/modules/datasource/repology/) to update pinned OS packages installed via `apk`
+  - these dependencies are automatically merged when our CI tests pass using [automerge](https://docs.renovatebot.com/key-concepts/automerge/#automerging-and-scheduling)
 - [github-releases](https://docs.renovatebot.com/modules/datasource/github-releases/) and [github-tags](https://docs.renovatebot.com/modules/datasource/github-tags/) for software we install manually
 - [git-refs](https://docs.renovatebot.com/modules/datasource/git-refs/) when we pin to a specific commit on a branch
 
@@ -563,6 +564,11 @@ export RENOVATE_ALLOWED_POST_UPGRADE_COMMANDS='["bash ci/update-sha.sh \"{{{depN
 renovate --platform=github
 ```
 
+##### Testing renovate changes in GitHub
+
+If you want to test changes to renovate, doing so can be difficult since renovate typically only reads the `main` branch of a repository to define its rules.
+
+However, we have a workflow dispatch rule in our renovate bot that allows setting which branch to run renovate against as the base branch. So if you have a change to renovate you want to understand how it will work, you can make the changes in a PR, then visit the [run renovate](https://github.com/Islandora-Devops/isle-buildkit/actions/workflows/renovate.yml) GitHub UI and click "Run workflow" **being sure to select your PR branch**. This will run renovate as if your PR is in the main branch. This will likely result in PRs being made against your test PR, but you can just manually update the PR to use the main branch instead - though it likely will get cleared up after you merge your renovate testing PR.
 
 #### Updating Composer
 

diff --git a/renovate.json b/renovate.json
@@ -33,7 +33,9 @@
         "minor",
         "patch",
         "digest"
-      ]
+      ],
+      "automerge": true,
+      "automergeType": "pr"
     },
     {
       "matchPackageNames": [