From b1a751082a99ffde46e44686e10e04516714b58a Mon Sep 17 00:00:00 2001 From: silverwind Date: Tue, 31 Mar 2026 12:06:53 +0200 Subject: [PATCH 1/9] Replace dependabot with renovate for GitHub Actions updates Co-Authored-By: Claude (Opus 4.6) --- .github/dependabot.yml | 10 ---------- renovate.json | 8 ++++++++ 2 files changed, 8 insertions(+), 10 deletions(-) delete mode 100644 .github/dependabot.yml create mode 100644 renovate.json diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index be33b8975f..0000000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,10 +0,0 @@ -version: 2 - -updates: - - package-ecosystem: github-actions - labels: [modifies/dependencies] - directory: / - schedule: - interval: daily - cooldown: - default-days: 5 diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000000..3fb4e8ebaf --- /dev/null +++ b/renovate.json @@ -0,0 +1,8 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": ["config:recommended"], + "enabledManagers": ["github-actions"], + "labels": ["modifies/dependencies"], + "schedule": ["before 6am"], + "minimumReleaseAge": "5 days" +} From a0b98c68c7ba4443e8f29f167b8f78002ec0811f Mon Sep 17 00:00:00 2001 From: silverwind Date: Tue, 31 Mar 2026 12:29:40 +0200 Subject: [PATCH 2/9] Add cron-renovate workflow with GitHub App token auth Co-Authored-By: Claude (Opus 4.6) --- .github/workflows/cron-renovate.yml | 25 +++++++++++++++++++++++++ renovate.json | 1 - 2 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/cron-renovate.yml diff --git a/.github/workflows/cron-renovate.yml b/.github/workflows/cron-renovate.yml new file mode 100644 index 0000000000..62f0091012 --- /dev/null +++ b/.github/workflows/cron-renovate.yml @@ -0,0 +1,25 @@ +name: cron-renovate + +on: + schedule: + - cron: "0 1 * * *" # every day at 01:00 UTC + workflow_dispatch: + +jobs: + cron-renovate: + runs-on: ubuntu-latest + if: github.repository == 'go-gitea/gitea' + steps: + - uses: actions/create-github-app-token@v1 + id: get_token + with: + app-id: ${{ secrets.RENOVATE_APP_ID }} + private-key: ${{ secrets.RENOVATE_PRIVATE_KEY }} + owner: ${{ github.repository_owner }} + repositories: gitea + - uses: actions/checkout@v6 + - uses: renovatebot/github-action@v46 + with: + token: ${{ steps.get_token.outputs.token }} + env: + RENOVATE_PLATFORM_COMMIT: "true" diff --git a/renovate.json b/renovate.json index 3fb4e8ebaf..c6f4f70b1c 100644 --- a/renovate.json +++ b/renovate.json @@ -3,6 +3,5 @@ "extends": ["config:recommended"], "enabledManagers": ["github-actions"], "labels": ["modifies/dependencies"], - "schedule": ["before 6am"], "minimumReleaseAge": "5 days" } From c72863fc79dc731c3c11b7a06f8cb7370f16b5f6 Mon Sep 17 00:00:00 2001 From: silverwind Date: Tue, 31 Mar 2026 12:35:56 +0200 Subject: [PATCH 3/9] Apply suggestion from @silverwind Signed-off-by: silverwind --- .github/workflows/cron-renovate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cron-renovate.yml b/.github/workflows/cron-renovate.yml index 62f0091012..f2f80eb7a2 100644 --- a/.github/workflows/cron-renovate.yml +++ b/.github/workflows/cron-renovate.yml @@ -22,4 +22,4 @@ jobs: with: token: ${{ steps.get_token.outputs.token }} env: - RENOVATE_PLATFORM_COMMIT: "true" + RENOVATE_PLATFORM_COMMIT: "true" # commit directly to branch to avoid API rate limits and for commit signing. From 38d626a4cd7f38f49ac98c6de960649a226936b2 Mon Sep 17 00:00:00 2001 From: silverwind Date: Tue, 31 Mar 2026 12:41:34 +0200 Subject: [PATCH 4/9] Add explicit branchPrefix to renovate config Co-Authored-By: Claude (Opus 4.6) --- renovate.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/renovate.json b/renovate.json index c6f4f70b1c..beadbc389b 100644 --- a/renovate.json +++ b/renovate.json @@ -3,5 +3,6 @@ "extends": ["config:recommended"], "enabledManagers": ["github-actions"], "labels": ["modifies/dependencies"], - "minimumReleaseAge": "5 days" + "minimumReleaseAge": "5 days", + "branchPrefix": "renovate/" } From 31e1c221ff1a65e3e35b068b4464c50bce6b8434 Mon Sep 17 00:00:00 2001 From: silverwind Date: Tue, 31 Mar 2026 12:50:08 +0200 Subject: [PATCH 5/9] Add permissions to cron-renovate workflow Co-Authored-By: Claude (Opus 4.6) --- .github/workflows/cron-renovate.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/cron-renovate.yml b/.github/workflows/cron-renovate.yml index f2f80eb7a2..871366fdf3 100644 --- a/.github/workflows/cron-renovate.yml +++ b/.github/workflows/cron-renovate.yml @@ -9,6 +9,8 @@ jobs: cron-renovate: runs-on: ubuntu-latest if: github.repository == 'go-gitea/gitea' + permissions: + contents: read steps: - uses: actions/create-github-app-token@v1 id: get_token From 21af37e957c24266f12b33c5dddebd1ca2cc5e93 Mon Sep 17 00:00:00 2001 From: silverwind Date: Tue, 31 Mar 2026 12:52:03 +0200 Subject: [PATCH 6/9] Add comment explaining fork guard condition Co-Authored-By: Claude (Opus 4.6) --- .github/workflows/cron-renovate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cron-renovate.yml b/.github/workflows/cron-renovate.yml index 871366fdf3..571d0ba368 100644 --- a/.github/workflows/cron-renovate.yml +++ b/.github/workflows/cron-renovate.yml @@ -8,7 +8,7 @@ on: jobs: cron-renovate: runs-on: ubuntu-latest - if: github.repository == 'go-gitea/gitea' + if: github.repository == 'go-gitea/gitea' # prevent running on forks permissions: contents: read steps: From 66e1b46d8df1d64c53a3643121ca68b1f2166210 Mon Sep 17 00:00:00 2001 From: silverwind Date: Tue, 31 Mar 2026 12:54:22 +0200 Subject: [PATCH 7/9] Add comment explaining repository scope Co-Authored-By: Claude (Opus 4.6) --- .github/workflows/cron-renovate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cron-renovate.yml b/.github/workflows/cron-renovate.yml index 571d0ba368..25e3cc72ba 100644 --- a/.github/workflows/cron-renovate.yml +++ b/.github/workflows/cron-renovate.yml @@ -18,7 +18,7 @@ jobs: app-id: ${{ secrets.RENOVATE_APP_ID }} private-key: ${{ secrets.RENOVATE_PRIVATE_KEY }} owner: ${{ github.repository_owner }} - repositories: gitea + repositories: gitea # scope token to this repo only - uses: actions/checkout@v6 - uses: renovatebot/github-action@v46 with: From be28ab88ac15a7e13701ac3851fc9e28e13a7681 Mon Sep 17 00:00:00 2001 From: silverwind Date: Tue, 31 Mar 2026 12:56:37 +0200 Subject: [PATCH 8/9] Rename renovate.json to renovate.json5 Co-Authored-By: Claude (Opus 4.6) --- renovate.json => renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename renovate.json => renovate.json5 (87%) diff --git a/renovate.json b/renovate.json5 similarity index 87% rename from renovate.json rename to renovate.json5 index beadbc389b..f0c4696bd2 100644 --- a/renovate.json +++ b/renovate.json5 @@ -4,5 +4,5 @@ "enabledManagers": ["github-actions"], "labels": ["modifies/dependencies"], "minimumReleaseAge": "5 days", - "branchPrefix": "renovate/" + "branchPrefix": "renovate/", } From b35ee4252481a9f84615b8715832842ba28a2d82 Mon Sep 17 00:00:00 2001 From: silverwind Date: Tue, 31 Mar 2026 12:57:56 +0200 Subject: [PATCH 9/9] Add explicit configurationFile to renovate workflow Co-Authored-By: Claude (Opus 4.6) --- .github/workflows/cron-renovate.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/cron-renovate.yml b/.github/workflows/cron-renovate.yml index 25e3cc72ba..a53062cd7d 100644 --- a/.github/workflows/cron-renovate.yml +++ b/.github/workflows/cron-renovate.yml @@ -22,6 +22,7 @@ jobs: - uses: actions/checkout@v6 - uses: renovatebot/github-action@v46 with: + configurationFile: renovate.json5 token: ${{ steps.get_token.outputs.token }} env: RENOVATE_PLATFORM_COMMIT: "true" # commit directly to branch to avoid API rate limits and for commit signing.