f58cf13e33
## Summary First successful Renovate run (after the docker-image fix in #12) extracted 116 deps cleanly but every branch update failed with `fatal: empty ident name not allowed`, then the whole repo aborted on `Lock file error - aborting`. Two root causes: - **No git identity** — the bot user had an email but no **Full Name** on its Gitea profile, so Renovate produced incomplete git authorship. - **No github.com auth** — Renovate could not look up versions of GitHub-hosted Actions (`actions/checkout`, etc.) or `containerbase/node-prebuild` (the Node binary it dynamically fetches for lockfile maintenance) — anonymous rate limit (60 req/h) hit. Fixes: 1. **`renovate.json`** — pin `gitAuthor` explicitly. The Full Name was also set on the bot's Gitea profile for UI consistency, but the override in config means we don't depend on out-of-band UI state. 2. **`.gitea/workflows/renovate.yml`** — pass `RENOVATE_GITHUB_COM_TOKEN` from the new `GITHUBCOM_TOKEN` repo secret (no underscore between GITHUB and COM — Gitea reserves the `GITHUB_*` namespace). 3. **`docs/development.md`** — onboarding procedure now covers both tokens + the Full Name step. ## Manual setup required after merge Already done in this iteration: - Bot's Full Name set in Gitea ("APF Portal Bot"). - `GITHUBCOM_TOKEN` repo secret created with a zero-scope github.com PAT. (If the PAT was leaked during setup, regenerate before merging — the workflow only references the secret name, not the value.) ## Test plan - [ ] After merge, trigger Renovate manually (Actions → Renovate → Run workflow). - [ ] No `empty ident name` warning in the logs. - [ ] No `Lock file error - aborting`; repo finishes with `INFO: Repository finished … "cloned": true`. - [ ] Renovate creates the dependency dashboard issue + the first batch of grouped PRs (Angular, Nx, NestJS, Prisma, …) signed by `apf-portal-bot`. --------- Co-authored-by: Julien Gautier <julien.gautier@apf.asso.fr> Reviewed-on: #13
70 lines
1.7 KiB
JSON
70 lines
1.7 KiB
JSON
{
|
|
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
|
"extends": ["config:recommended"],
|
|
"gitAuthor": "APF Portal Bot <jgautier.webdev+apf-portal-bot@gmail.com>",
|
|
"dependencyDashboard": true,
|
|
"dependencyDashboardTitle": "Renovate Dependency Dashboard",
|
|
"labels": ["dependencies"],
|
|
"prHourlyLimit": 4,
|
|
"prConcurrentLimit": 10,
|
|
"lockFileMaintenance": {
|
|
"enabled": true
|
|
},
|
|
"osvVulnerabilityAlerts": true,
|
|
"vulnerabilityAlerts": {
|
|
"enabled": true,
|
|
"labels": ["security", "dependencies"]
|
|
},
|
|
"packageRules": [
|
|
{
|
|
"groupName": "Angular",
|
|
"matchPackageNames": [
|
|
"@angular/*",
|
|
"@angular-devkit/*",
|
|
"@angular-eslint/*",
|
|
"@schematics/angular",
|
|
"angular-eslint"
|
|
]
|
|
},
|
|
{
|
|
"groupName": "Nx",
|
|
"matchPackageNames": ["@nx/*", "nx"]
|
|
},
|
|
{
|
|
"groupName": "NestJS",
|
|
"matchPackageNames": ["@nestjs/*"]
|
|
},
|
|
{
|
|
"groupName": "Prisma",
|
|
"matchPackageNames": ["prisma", "@prisma/*", "nestjs-prisma"]
|
|
},
|
|
{
|
|
"groupName": "Vitest",
|
|
"matchPackageNames": ["vitest", "@vitest/*", "/^vitest-/"]
|
|
},
|
|
{
|
|
"groupName": "TypeScript tooling",
|
|
"matchPackageNames": [
|
|
"typescript",
|
|
"typescript-eslint",
|
|
"@typescript-eslint/*",
|
|
"ts-node",
|
|
"ts-jest",
|
|
"tslib"
|
|
]
|
|
},
|
|
{
|
|
"groupName": "ESLint",
|
|
"matchPackageNames": ["eslint", "eslint-*", "@eslint/*"]
|
|
},
|
|
{
|
|
"groupName": "SWC",
|
|
"matchPackageNames": ["@swc/*", "@swc-node/*"]
|
|
},
|
|
{
|
|
"groupName": "Tailwind CSS",
|
|
"matchPackageNames": ["tailwindcss", "@tailwindcss/*", "postcss"]
|
|
}
|
|
]
|
|
}
|