Add Renovate GitHub token support

ops/renovate/run-renovate.sh

@@ -13,11 +13,14 @@ set -euo pipefail
 #  3. Im Gitea-Profil des renovate-Users ein Access-Token erzeugen:
 #       Scope: `write:repository` + `read:user`
 #  4. Token in `/mnt/user/appdata/secrets/renovate_token.txt` ablegen (chmod 600)
-#  5. Erstlauf: `bash /mnt/user/services/homelab-infra/ops/renovate/run-renovate.sh`
-#  6. User-Script `renovate-six-hourly` aktivieren
+#  5. Optional: GitHub.com Read-only-PAT fuer Release Notes als
+#     `/mnt/user/appdata/secrets/renovate_github_com_token.txt` ablegen.
+#  6. Erstlauf: `bash /mnt/user/services/homelab-infra/ops/renovate/run-renovate.sh`
+#  7. User-Script `renovate-six-hourly` aktivieren
 
 RENOVATE_IMAGE="${RENOVATE_IMAGE:-renovate/renovate:41}"
 RENOVATE_TOKEN_FILE="${RENOVATE_TOKEN_FILE:-/mnt/user/appdata/secrets/renovate_token.txt}"
+RENOVATE_GITHUB_COM_TOKEN_FILE="${RENOVATE_GITHUB_COM_TOKEN_FILE:-/mnt/user/appdata/secrets/renovate_github_com_token.txt}"
 RENOVATE_LOG_DIR="${RENOVATE_LOG_DIR:-/mnt/user/services/renovate/logs}"
 RENOVATE_STATE_DIR="${RENOVATE_STATE_DIR:-/mnt/user/services/renovate/state}"
 RENOVATE_CONFIG_FILE="${RENOVATE_CONFIG_FILE:-/mnt/user/services/homelab-infra/ops/renovate/bot-config.js}"
@@ -63,8 +66,16 @@ RENOVATE_TOKEN=$(cat "$RENOVATE_TOKEN_FILE")
 RENOVATE_CONFIG_FILE=/usr/src/app/config.js
 LOG_LEVEL=${RENOVATE_LOG_LEVEL:-info}
 EFEOF
+  if [ -r "$RENOVATE_GITHUB_COM_TOKEN_FILE" ]; then
+    {
+      printf 'RENOVATE_GITHUB_COM_TOKEN='
+      cat "$RENOVATE_GITHUB_COM_TOKEN_FILE"
+      printf '\n'
+    } >> "$ENV_FILE"
+  fi
   chmod 600 "$ENV_FILE"
 
+  set +e
   docker run --rm \
     --name renovate-run \
     --add-host "git.kaleschke.info:$GITEA_HOST_LAN_IP" \
@@ -75,6 +86,7 @@ EFEOF
     --env-file "$ENV_FILE" \
     "$RENOVATE_IMAGE" 2>&1
   rc=$?
+  set -e
   shred -u "$ENV_FILE" 2>/dev/null || rm -f "$ENV_FILE"
 
   echo