From ad9267c66a168a2f51b696da9a90f6b30f303e82 Mon Sep 17 00:00:00 2001 From: Micha Date: Fri, 29 May 2026 20:20:00 +0200 Subject: [PATCH] Split renovate config: repo config in renovate.json, bot config in ops/ Renovate liest die repo-eigene renovate.json als REPO-Config, nicht als BOT-Config. Bot-spezifische Felder (platform, endpoint, repositories, autodiscover, gitAuthor, prHourlyLimit, ...) gehoeren nicht hinein und werden als "this repo is forbidden / disabled" fehlinterpretiert. Saubere Trennung: - renovate.json (Repo-Root): nur extends, packageRules, ignorePaths, manager file patterns, labels, rangeStrategy - ops/renovate/bot-config.js: Plattform, Endpoint, Username, gitAuthor, autodiscover=false, repositories=[Micha/homelab-infra], Concurrent-/Hourly-Limits bot-config.js statt config.json, weil Renovate Module-exports als config-file akzeptiert (offizielle Variante). Co-Authored-By: Claude Opus 4.7 --- ops/renovate/bot-config.js | 26 ++++++++++++++++++++++++++ ops/renovate/run-renovate.sh | 8 +++----- renovate.json | 11 ----------- 3 files changed, 29 insertions(+), 16 deletions(-) create mode 100644 ops/renovate/bot-config.js diff --git a/ops/renovate/bot-config.js b/ops/renovate/bot-config.js new file mode 100644 index 0000000..572fb19 --- /dev/null +++ b/ops/renovate/bot-config.js @@ -0,0 +1,26 @@ +// Renovate Bot-Config (NICHT die Repo-Config). +// +// Die Repo-Config liegt im Repository selbst unter `renovate.json` und +// enthaelt nur Repo-spezifische Sachen (extends, packageRules, ignorePaths, +// docker-compose patterns). +// +// Diese Bot-Config hier wird ueber RENOVATE_CONFIG_FILE in den Renovate- +// Container gemountet. Sie enthaelt nur Plattform-, Discovery- und Limits- +// Einstellungen. Den Auth-Token uebergeben wir ueber --env-file. +module.exports = { + platform: "gitea", + endpoint: "https://git.kaleschke.info/api/v1", + username: "renovate", + gitAuthor: "Renovate Bot ", + onboarding: false, + requireConfig: "optional", + // Autodiscover funktioniert in Gitea nur fuer eigene/Org-Repos; unser + // Service-Account hat nur Collaborator-Rechte. Daher explicit list. + autodiscover: false, + repositories: ["Micha/homelab-infra"], + // Limits konservativ: wenig PRs gleichzeitig, damit das Review-Volumen + // handhabbar bleibt. + prHourlyLimit: 0, + prConcurrentLimit: 5, + branchConcurrentLimit: 10, +}; diff --git a/ops/renovate/run-renovate.sh b/ops/renovate/run-renovate.sh index da13132..3989cde 100644 --- a/ops/renovate/run-renovate.sh +++ b/ops/renovate/run-renovate.sh @@ -20,7 +20,7 @@ RENOVATE_IMAGE="${RENOVATE_IMAGE:-renovate/renovate:41}" RENOVATE_TOKEN_FILE="${RENOVATE_TOKEN_FILE:-/mnt/user/appdata/secrets/renovate_token.txt}" RENOVATE_LOG_DIR="${RENOVATE_LOG_DIR:-/mnt/user/services/renovate/logs}" RENOVATE_STATE_DIR="${RENOVATE_STATE_DIR:-/mnt/user/services/renovate/state}" -RENOVATE_CONFIG_FILE="${RENOVATE_CONFIG_FILE:-/mnt/user/services/homelab-infra/renovate.json}" +RENOVATE_CONFIG_FILE="${RENOVATE_CONFIG_FILE:-/mnt/user/services/homelab-infra/ops/renovate/bot-config.js}" # Gitea sitzt hinter Traefik unter git.kaleschke.info; der WAN-Pfad geht # ueber Public-IP -> FRITZBox. Vom Docker-Container aus loest der Standard- # Resolver den Host moeglicherweise nicht auf (siehe `extra_hosts` im Komodo- @@ -60,9 +60,7 @@ LATEST_SYMLINK="$RENOVATE_LOG_DIR/latest.log" umask 077 cat > "$ENV_FILE" <&1 diff --git a/renovate.json b/renovate.json index 6aaebfd..3e7a662 100644 --- a/renovate.json +++ b/renovate.json @@ -5,18 +5,7 @@ ":dependencyDashboard", ":semanticCommits" ], - "platform": "gitea", - "endpoint": "https://git.kaleschke.info/api/v1", - "username": "renovate", - "gitAuthor": "Renovate Bot ", - "onboarding": false, - "requireConfig": "optional", - "autodiscover": false, - "repositories": ["Micha/homelab-infra"], "dependencyDashboardTitle": "Renovate Dependency Dashboard", - "prHourlyLimit": 0, - "prConcurrentLimit": 5, - "branchConcurrentLimit": 10, "labels": ["dependencies"], "rangeStrategy": "pin", "lockFileMaintenance": {