...thanks to gpg no longer needing to write lock files or cache to user's home folder. that has been achieved by supplying the following flags to the key export command: '--lock-never --no-symkey-cache --disable-dirmngr'
27 lines
1.2 KiB
Bash
Executable File
27 lines
1.2 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# export env vars and run renovate
|
|
|
|
export RENOVATE_CONFIG_FILE="/etc/renovate-bot/config.js"
|
|
# Gitea access token for Renovate Bot user
|
|
export RENOVATE_TOKEN="${RENOVATE_TOKEN}"
|
|
# token for GitHub release notes to avoid getting rate-limited
|
|
export GITHUB_COM_TOKEN="${GITHUB_COM_TOKEN}"
|
|
# this email address doesn't exist but to git it doesn't matter
|
|
export RENOVATE_GIT_AUTHOR='Renovate Bot <renovate-bot@git.dotya.ml>'
|
|
export RENOVATE_HOST_RULES="[{\"hostType\": \"github\", \"domainName\": \"github.com\", \"token\": \"${GITHUB_COM_TOKEN}\"}]"
|
|
export RENOVATE_DOCKER_USER="${RENOVATE_DOCKER_USER_AND_GROUP}"
|
|
|
|
# used as the git signing key only to sign commits/tags
|
|
GPG_KEY="$(gpg --armor --lock-never --no-symkey-cache --disable-dirmngr --export-secret-keys "${SIGNING_KEY}")"
|
|
|
|
export RENOVATE_GIT_PRIVATE_KEY="${GPG_KEY}"
|
|
# enable custom (i.e. self-hosted) rust crate registries
|
|
export RENOVATE_ALLOW_CUSTOM_CRATE_REGISTRIES=true
|
|
# modify the PR footer to something that makes more sense for a self-hosted
|
|
# instance of renovate
|
|
export RENOVATE_PR_FOOTER="This PR has been generated by [Renovate Bot](https://git.dotya.ml/dotya.ml/renovate-bot)."
|
|
|
|
# do renovate
|
|
renovate --host-rules="$RENOVATE_HOST_RULES"
|