Oxide's self-hosted Renovate runner and shared configuration
Renovate is available as a Mend hosted service or a self-hosted GitHub action. The Renovate docs describe the process of enabling the Mend hosted variant. To enable the Oxide self-hosted version the repository will need to be added to the allow list in runner/global.json. Once the change is merged to main, our self-hosted version of Renovate will start running against the repository.
Assuming you want an Oxide repository to be managed by our self-hosted renovate, you can perform the following steps:
- Add the following file as
renovate.jsoninto your repository
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"local>oxidecomputer/renovate-config"
]
}- Add your repository name to
runner/global.jsonwithin this repository. - Look for an issue called "Dependency Dashboard" which renovate should open within your repository. If this exists, your integration was successful.
If your repository requires the use of post upgrade scripts, then you will need to use the self-hosted version instead of the Mend hosted version. Our self-hosted version also declares an allow list of expected script locations that are allowed to be run: global config. To make this easier you can extend the post-upgrade configuration file from this repository in your renovate.json configuration file.
Any presets that you want to enable across all repos with Renovate enabled in Oxide's GitHub organization can be added to default.json. Avoid putting any rules directly in default, instead using separate preset files for a cleaner configuration.
See rust/README.adoc.
To run post-upgrade scripts:
- Check in an executable script at the location
tools/renovate-post-upgrade.shin your repository. - Ensure you're using self-hosted Renovate, and add your repository to the list in the global config.
- In your repository's
renovate.json, extend fromlocal>oxidecomputer/renovate-config:post-upgrade.
To learn more about how to include these shared config files in your own Renovate setup see Renovate's preset hosting documentation.
We may make it a requirement very soon for GitHub Actions digests to be pinned to a hash. To enable
pinning, plus automerging updates to some allowlisted actions (to reduce developer burden), extend
from local>oxidecomputer/renovate-config//actions/pin in your renovate.json.
If you have access to Oxide RFDs, see RFD 434 for more.
We currently do not perform any automatic merges of dependency PRs, but in the near future we might want to enable automerges for allowlisted crates on an opt-in basis. Instructions to do so will be added here.