Files
apf_portal/renovate.json
T
Julien Gautier 181fb1d4dd
CI / commits (pull_request) Successful in 2m19s
CI / scan (pull_request) Failing after 2m30s
CI / check (pull_request) Successful in 2m37s
CI / a11y (pull_request) Successful in 2m19s
CI / perf (pull_request) Successful in 4m1s
fix(ci): give Renovate a git identity and a github.com token
First end-to-end Renovate run (after switching to direct docker run)
extracted dependencies but failed to commit any update branches with
`fatal: empty ident name not allowed`, then aborted the repo with
`Lock file error - aborting`. Two root causes:

- The bot user had an email but no Full Name on its Gitea profile,
  so Renovate could not derive a complete git author identity. After
  enough commit failures Renovate gives up on the repository.
- Renovate also warned `GitHub token is required for some
  dependencies` and could not resolve `containerbase/node-prebuild`
  releases (the Node binary it pulls dynamically for lockfile
  maintenance) — anonymous github.com rate limit (60 req/h) was the
  bottleneck.

Fixes:

1. Pin `gitAuthor` explicitly in `renovate.json` so the identity does
   not depend on out-of-band Gitea profile state. The Full Name was
   also set on the bot profile for consistency with Gitea's UI.
2. Pass `RENOVATE_GITHUB_COM_TOKEN` from a repo secret. The secret is
   named `GITHUBCOM_TOKEN` (no underscore between GITHUB and COM)
   because Gitea reserves the `GITHUB_*` secret namespace for the
   built-in `${{ github.* }}` context. The token is a zero-scope
   PAT — anonymous-equivalent rights, only useful for the higher
   authenticated rate limit (5 000 req/h).

`docs/development.md` is updated with the new bot-onboarding steps
(Full Name, GITHUBCOM_TOKEN setup).
2026-05-05 13:25:10 +02:00

70 lines
1.7 KiB
JSON

{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["config:recommended"],
"gitAuthor": "APF Portal Bot <jgautier.webdev+apf-portal-bot@gmail.com>",
"dependencyDashboard": true,
"dependencyDashboardTitle": "Renovate Dependency Dashboard",
"labels": ["dependencies"],
"prHourlyLimit": 4,
"prConcurrentLimit": 10,
"lockFileMaintenance": {
"enabled": true
},
"osvVulnerabilityAlerts": true,
"vulnerabilityAlerts": {
"enabled": true,
"labels": ["security", "dependencies"]
},
"packageRules": [
{
"groupName": "Angular",
"matchPackageNames": [
"@angular/*",
"@angular-devkit/*",
"@angular-eslint/*",
"@schematics/angular",
"angular-eslint"
]
},
{
"groupName": "Nx",
"matchPackageNames": ["@nx/*", "nx"]
},
{
"groupName": "NestJS",
"matchPackageNames": ["@nestjs/*"]
},
{
"groupName": "Prisma",
"matchPackageNames": ["prisma", "@prisma/*", "nestjs-prisma"]
},
{
"groupName": "Vitest",
"matchPackageNames": ["vitest", "@vitest/*", "/^vitest-/"]
},
{
"groupName": "TypeScript tooling",
"matchPackageNames": [
"typescript",
"typescript-eslint",
"@typescript-eslint/*",
"ts-node",
"ts-jest",
"tslib"
]
},
{
"groupName": "ESLint",
"matchPackageNames": ["eslint", "eslint-*", "@eslint/*"]
},
{
"groupName": "SWC",
"matchPackageNames": ["@swc/*", "@swc-node/*"]
},
{
"groupName": "Tailwind CSS",
"matchPackageNames": ["tailwindcss", "@tailwindcss/*", "postcss"]
}
]
}