From a1e977379913b0d83be21c24324958db8a6285b1 Mon Sep 17 00:00:00 2001 From: copilotcoder Date: Mon, 13 Jul 2026 10:33:27 -0400 Subject: [PATCH] Fix Renovate workflow cleanup --- .gitea/workflows/renovate.yml | 25 +------------------------ 1 file changed, 1 insertion(+), 24 deletions(-) diff --git a/.gitea/workflows/renovate.yml b/.gitea/workflows/renovate.yml index e4be061..da978ea 100644 --- a/.gitea/workflows/renovate.yml +++ b/.gitea/workflows/renovate.yml @@ -105,7 +105,6 @@ jobs: RENOVATE_TOKEN_SECRET: ${{ secrets.RENOVATE_TOKEN }} ACTIONS_TRIGGER_TOKEN: ${{ secrets.ACTIONS_TRIGGER_TOKEN }} PACKAGE_ACCESS_TOKEN: ${{ secrets.PACKAGE_ACCESS_TOKEN }} - RENOVATE_CONFIG_REF: ${{ github.ref_name }} RENOVATE_DRY_RUN: ${{ inputs.dry_run }} RENOVATE_PLATFORM: gitea RENOVATE_ENDPOINT_INTERNAL: http://kankali.darkhelm.lan:3001/api/v1 @@ -128,8 +127,6 @@ jobs: echo "=== Running Renovate Bot ===" TARGET_REPO="DarkHelm.org/plex-playlist" TARGET_ORG="${TARGET_REPO%%/*}" - RENOVATE_CONFIG_PATH="/tmp/renovate-config.json" - RENOVATE_CONFIG_PAYLOAD="/tmp/renovate-config-payload.json" CURL_INSECURE_FLAG="" if [ "${RENOVATE_ALLOW_INSECURE_TLS:-false}" = "true" ]; then @@ -216,25 +213,6 @@ jobs: echo "Renovate git base URL override: ${RENOVATE_GIT_URL}" echo "Preflight API endpoint: ${API_ENDPOINT}" - CONFIG_FETCH_TOKEN="${RENOVATE_TOKEN_SECRET:-${ACTIONS_TRIGGER_TOKEN:-${PACKAGE_ACCESS_TOKEN:-}}}" - if [ -z "${CONFIG_FETCH_TOKEN}" ]; then - echo "❌ No token available to fetch renovate.json from the repo contents API" - exit 1 - fi - - if ! curl -sS ${CURL_INSECURE_FLAG} \ - -H "Authorization: token ${CONFIG_FETCH_TOKEN}" \ - "${API_ENDPOINT}/repos/${TARGET_REPO}/contents/renovate.json?ref=${RENOVATE_CONFIG_REF}" \ - -o "${RENOVATE_CONFIG_PAYLOAD}"; then - echo "❌ Expected Renovate config could not be fetched from the repo contents API at ref ${RENOVATE_CONFIG_REF}" - exit 1 - fi - - if ! python3 -c 'import base64, json, sys; output_path = sys.argv[1]; payload_path = sys.argv[2]; payload = json.load(open(payload_path, encoding="utf-8")); content = payload.get("content"); sys.exit(1) if not content else None; open(output_path, "wb").write(base64.b64decode(content.replace("\n", "")))' "${RENOVATE_CONFIG_PATH}" "${RENOVATE_CONFIG_PAYLOAD}"; then - echo "❌ Expected Renovate config could not be decoded from the repo contents API response at ref ${RENOVATE_CONFIG_REF}" - exit 1 - fi - PLATFORM_VERSION="" if [ "${VERSION_STATUS}" = "200" ]; then PLATFORM_VERSION=$(sed -n 's/.*"version":"\([^"]*\)".*/\1/p' /tmp/renovate-version-check.json | head -n 1) @@ -377,7 +355,6 @@ jobs: -e RENOVATE_BRANCH_CONCURRENT_LIMIT \ -e RENOVATE_NODE_ARGS \ -e RENOVATE_OSV_VULNERABILITY_ALERTS \ - -v "${RENOVATE_CONFIG_PATH}:/tmp/renovate-config.json:ro" \ --entrypoint /bin/sh \ "${RENOVATE_IMAGE}" \ -lc 'set -e @@ -388,7 +365,7 @@ jobs: git config --global --add "url.${RENOVATE_GIT_REWRITE_TO}.insteadOf" "https://x-access-token:${RENOVATE_TOKEN}@dogar.darkhelm.org/" git config --global --add "url.${RENOVATE_GIT_REWRITE_TO}.insteadOf" "${RENOVATE_GIT_REWRITE_FROM}" echo "Configured git dogar->kankali rewrite rules" - renovate --config-file /tmp/renovate-config.json --platform "${RENOVATE_PLATFORM}" --endpoint "${RENOVATE_ENDPOINT}" --git-url "${RENOVATE_GIT_URL}" --git-author "${RENOVATE_GIT_AUTHOR}" --onboarding="${RENOVATE_ONBOARDING}" --pr-concurrent-limit "${RENOVATE_PR_CONCURRENT_LIMIT}" --branch-concurrent-limit "${RENOVATE_BRANCH_CONCURRENT_LIMIT}" --osv-vulnerability-alerts="${RENOVATE_OSV_VULNERABILITY_ALERTS}" DarkHelm.org/plex-playlist' + renovate --platform "${RENOVATE_PLATFORM}" --endpoint "${RENOVATE_ENDPOINT}" --git-url "${RENOVATE_GIT_URL}" --git-author "${RENOVATE_GIT_AUTHOR}" --onboarding="${RENOVATE_ONBOARDING}" --pr-concurrent-limit "${RENOVATE_PR_CONCURRENT_LIMIT}" --branch-concurrent-limit "${RENOVATE_BRANCH_CONCURRENT_LIMIT}" --osv-vulnerability-alerts="${RENOVATE_OSV_VULNERABILITY_ALERTS}" DarkHelm.org/plex-playlist' } if run_renovate_with_endpoint "${BASE_ENDPOINT}" 2>&1 | tee /tmp/renovate.log; then