Configure Renovate (#265)

* SP-1317 - configure renovate and remove dependabot #minor
ministryofjustice · Dec 15, 2022 · 23873ac · 23873ac
1 parent 13a5ed3
commit 23873ac
Show file tree

Hide file tree

Showing 4 changed files with 61 additions and 44 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -0,0 +1,48 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": [
+        "config:base"
+    ],
+    "branchPrefix": "renovate-",
+    "commitMessageAction": "Renovate Update",
+    "labels": [
+        "Dependencies",
+        "Renovate"
+    ],
+    "lockFileMaintenance": {
+        "enabled": true
+    },
+    "packageRules": [
+        {
+            "automerge": true,
+            "groupName": "Patch & Minor Updates",
+            "groupSlug": "all-minor-patch-updates",
+            "matchPackagePatterns": [
+                "*"
+            ],
+            "matchUpdateTypes": [
+                "minor",
+                "patch"
+            ],
+            "prPriority": 1,
+            "stabilityDays": 3
+        }
+    ],
+    "major": {
+        "labels": [
+            "Dependencies",
+            "Renovate"
+        ],
+        "prPriority": 0
+    },
+    "vulnerabilityAlerts": {
+        "groupName": "Vulnerability Patches",
+        "dependencyDashboardApproval": false,
+        "stabilityDays": 0,
+        "rangeStrategy": "update-lockfile",
+        "commitMessagePrefix": "[SECURITY]",
+        "branchTopic": "{{{datasource}}}-{{{depName}}}-vulnerability",
+        "prCreation": "immediate",
+        "prPriority": 2
+    }
+}
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -45,14 +45,13 @@ jobs:
 
       - name: Publish Unit Test Results
         uses: EnricoMi/publish-unit-test-result-action@v1
-        if: ${{ always() && github.actor != 'dependabot[bot]' }}
+        if: ${{ always() }}
         with:
           check_name: "Unit Test Results"
           files: test-results/*.xml
 
       - name: Scan with SonarQube
         uses: sonarsource/sonarqube-scan-action@master
-        if: ${{ github.actor != 'dependabot[bot]' }}
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
           SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
@@ -105,7 +104,6 @@ jobs:
     name: "Build & Push Containers"
     runs-on: ubuntu-latest
     needs: ['test', 'lint', 'acceptance-test', 'cypress']
-    if: github.actor != 'dependabot[bot]'
     outputs:
       branch: ${{ steps.set-outputs.outputs.branch }}
       tag: ${{ steps.bump_version.outputs.tag }}
@@ -118,7 +116,7 @@ jobs:
           if [ "$GITHUB_EVENT_NAME" == "push" ]; then
             echo BRANCH_NAME=main >> $GITHUB_ENV
           else
-            echo BRANCH_NAME=${{ github.head_ref }} >> $GITHUB_ENV
+            echo BRANCH_NAME=$(echo ${{ github.head_ref }} | sed 's/\//-/g') >> $GITHUB_ENV
           fi
         id: extract_branch
       - uses: unfor19/install-aws-cli-action@v1
@@ -129,19 +127,19 @@ jobs:
 
       - name: Bump version
         id: bump_version
-        uses: anothrNick/github-tag-action@1.36.0
+        uses: anothrNick/github-tag-action@1.52.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           INITIAL_VERSION: 1.0.0
           DEFAULT_BUMP: minor
+          PRERELEASE: true
           PRERELEASE_SUFFIX: ${{ env.BRANCH_NAME }}
           RELEASE_BRANCHES: main
           WITH_V: true
-          DRY_RUN: ${{ github.actor == 'dependabot[bot]' }}
+          DRY_RUN: ${{ github.actor == 'renovate[bot]' }}
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v1
-        if: ${{ github.actor != 'dependabot[bot]' }}
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
@@ -153,7 +151,6 @@ jobs:
       - name: ECR Login
         id: login-ecr
         uses: aws-actions/amazon-ecr-login@v1
-        if: ${{ github.actor != 'dependabot[bot]' }}
         with:
           registries: 311462405659
 
@@ -182,7 +179,6 @@ jobs:
         env:
           ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
           DEPUTY_HUB_ECR_REPOSITORY: sirius/sirius-deputy-hub
-        if: ${{ github.actor != 'dependabot[bot]' }}
         run: |
           if [ $BRANCH_NAME == "main" ]; then
             docker tag sirius-deputy-hub:latest $ECR_REGISTRY/$DEPUTY_HUB_ECR_REPOSITORY:latest

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,8 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+---
+repos:
+  - repo: https://github.com/renovatebot/pre-commit-hooks
+    rev: 33.2.2
+    hooks:
+      - id: renovate-config-validator