amazon-web-servicesgithub-actionsaws-codeartifactrenovate

Github actions for renovate to read AWS Code Artifact


We have a kotlin based repo in github and we are using AWS Code Artifact to store our private packages. I am trying to use renovate to check for dependency updates from AWS Code Artifact and create pull requests accordingly.

Knowing the fact that Renovate Bot (managed one) doesnt support the AWS Code Artifact, so I am trying to create a CICD for this and self host it using github actions. Below is my renovate.yml file content

name: Renovate
on:
  schedule:
    - cron: '*/10 * * * *'

jobs:
  renovate:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v2

      - name: Set up Node.js
        uses: actions/setup-node@v2
        with:
          node-version: 16

      - name: Install Renovate
        run: npm install -g renovate

      - name: Replace GitHub token in renovate-config.json
        run: sed -i 's/REPLACE_WITH_GITHUB_TOKEN/${{ secrets.GITHUB_TOKEN }}/g' renovate-config.json

      - name: Run Renovate
        run: renovate --config=renovate-config.json
        env:
          CODEARTIFACT_AUTH_TOKEN: ${{ secrets.CODEARTIFACT_AUTH_TOKEN }}

Here is the renovate-config.json file

{
  "platform": "github",
  "endpoint": "https://api.github.com",
  "token": "<token>",
  "repositories": ["githubuser/repnoname"],
  "packageRules": [
    {
      "matchDatasources": ["maven"],
      "registryUrls": [
        "https://domain-123456789.d.codeartifact.us-east-1.amazonaws.com/maven/repo/"
      ]
    }
  ]
}

But when the github actions running it is keep showing this error

 renovate --config=renovate-config.json
  shell: /usr/bin/bash -e {0}
  env:
    CODEARTIFACT_AUTH_TOKEN: ***
 WARN: Config needs migrating
       "originalConfig": {
         "platform": "github",
         "endpoint": "https://api.github.com",
         "repositories": ["githubuser/reponame"],
         "packageRules": [
           {
             "matchDatasources": ["maven"],
             "registryUrls": [
               "https://domain-123456789.d.codeartifact.us-east-1.amazonaws.com/maven/repo/"
             ]
           }
         ]
       },
       "migratedConfig": {
         "platform": "github",
         "endpoint": "https://api.github.com",
         "repositories": ["githubusr/reponame"],
         "packageRules": [
           {
             "matchDatasources": ["maven"],
             "registryUrls": [
               "https://domain-12345678.d.codeartifact.us-east-1.amazonaws.com/maven/repo/"
             ]
           }
         ]
       }
error: unknown option '--config=renovate-config.json'
Error: Process completed with exit code 1.

Any idea why? or is there any other way of doing the same. Ultimate goal is to config renovate to access AWS Code artifacts so it can create related PRs.


Solution

  • Ok here I am posting a complete working solution with self hosted renovate on github actions. Please note that this solution is for Kotlin/Gradle/Maven based repos.

    Inside .github/workflows create a renovate.yml file with the following content. Change the placeholder values according to your needs. (Keep REPLACE_WITH_GITHUB_TOKEN and REPLACE_WITH_CODEARTIFACT_AUTH_TOKEN as it is)

    name: Renovate
    on:
      schedule:
        - cron: '*/10 * * * *' # Set the schedule according to your preference
    
    jobs:
      renovate:
        runs-on: ubuntu-latest
        steps:
          - name: Checkout repository
            uses: actions/checkout@v2
    
          - name: Set up Node.js
            uses: actions/setup-node@v2
            with:
              node-version: 18.12.0
    
          - name: Install Renovate
            run: npm install -g renovate
    
          - name: Replace GitHub token in renovate-config.json
            run: sed -i 's/REPLACE_WITH_GITHUB_TOKEN/${{ secrets.GITHUB_TOKEN }}/g' renovate-config.json
    
          - name: Replace CodeArtifact token in renovate-config.json
            run: sed -i 's/REPLACE_WITH_CODEARTIFACT_AUTH_TOKEN/${{ secrets.CODEARTIFACT_AUTH_TOKEN }}/g' renovate-config.json
    
          - name: Run Renovate
            run: renovate
            env:
              RENOVATE_CONFIG_FILE: renovate-config.json
              CODEARTIFACT_AUTH_TOKEN: ${{ secrets.CODEARTIFACT_AUTH_TOKEN }}
    

    Now in the root of your repo create a file named renovate-config.json with the following content. ( Keep REPLACE_WITH_CODEARTIFACT_AUTH_TOKEN here as it is too)

    {
      "platform": "github",
      "endpoint": "https://api.github.com",
      "token": "<github token>",
      "enabled": true,
      "repositories": ["repoOwner/repoName"],
      "dependencyDashboard": true,
      "repositoryCache": "gradle-test-renovate-cache",
      "packageRules": [
        {
          "matchDatasources": ["maven"],
          "registryUrls": [
            "https://domain-domainOwner.d.codeartifact.region.amazonaws.com/maven/repository/"
          ]
        }
      ],
      "hostRules": [
        {
          "hostType": "maven",
          "baseUrl": "https://domain-domainOwner.d.codeartifact.region.amazonaws.com/maven/repository/",
          "token": "REPLACE_WITH_CODEARTIFACT_AUTH_TOKEN"
        }
      ]
    }
    

    This should be enough to make it work. Also if you have enabled the renovate bot on this repo or on the organizational level then in the root of repo you will see a file named " renovate.json ". Replace the content of that file with the following

    {
      "enabled": true
    }
    

    Hope this will help. Thanks