From ed36830cf385dd90ccde71256ef0544267b9e4a6 Mon Sep 17 00:00:00 2001
From: Tyler Mayoff <tyler@mayoff.ca>
Date: Sat, 22 Nov 2025 22:20:26 -0500
Subject: [PATCH] updated renovate config

Fixup CI

Setup dependency dashboard

more renovate config

Set repo in workflow

remove trailing comma

Setup Github token and ignore FlakeHub in flake.nix

Add magic nix cache

Skip FlakeHub add cache permissions

.

cache?

cache?

more env vars

renovate.json
---
 .forgejo/workflows/flake-updater.yml | 76 ----------------------------
 .forgejo/workflows/main.yml          |  3 ++
 .forgejo/workflows/renovate.yml      | 57 ++++++++++++++++++---
 renovate.json                        | 28 +++++++++-
 4 files changed, 81 insertions(+), 83 deletions(-)
 delete mode 100644 .forgejo/workflows/flake-updater.yml

diff --git a/.forgejo/workflows/flake-updater.yml b/.forgejo/workflows/flake-updater.yml
deleted file mode 100644
index e96530b..0000000
--- a/.forgejo/workflows/flake-updater.yml
+++ /dev/null
@@ -1,76 +0,0 @@
-name: Update `flake.lock`
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: '0 0 * * 5' # runs weekly on Friday at 00:00
-
-jobs:
-  update_lockfile:
-    runs-on: codeberg-tiny
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-      - name: Install nix
-        uses: https://github.com/DeterminateSystems/nix-installer-action@main
-      - name: Setup Action cache for nix
-        uses: https://github.com/DeterminateSystems/magic-nix-cache-action@main
-
-      - name: Update flake inputs
-        uses: ./.forgejo/actions/flake-update
-        with:
-          flake_path: "./dot_config/flake"
-          token: ${{ secrets.FLAKE_PR_TOKEN }}
-
-      # - name: Write PR body template
-      #   uses: https://github.com/DamianReeves/write-file-action@v1.3
-      #   with:
-      #     path: pr_body.template
-      #     contents: |
-      #       - The following Nix Flake inputs were updated:
-
-      #       ```
-      #       ${{ env.UPDATE_LOG }}
-      #       ```
-
-      #       Auto-generated by [update.yml][1] with the help of
-      #       [create-pull-request][2].
-
-      #       [1]: https://forgejo.stefka.eu/jiriks74/nix.nvim/src/branch/main/.github/workflows/update.yml
-      #       [2]: https://forgejo.stefka.eu/jiriks74/create-pull-request
-
-      # - name: Generate PR body
-      #   uses: pedrolamas/handlebars-action@v2.4.0 # v2.4.0
-      #   with:
-      #     files: "pr_body.template"
-      #     output-filename: "pr_body.md"
-      # - name: Save PR body
-      #   id: pr_body
-      #   uses: juliangruber/read-file-action@v1
-      #   with:
-      #     path: "pr_body.md"
-
-      # - name: Remove temporary files
-      #   run: |
-      #     rm pr_body.template
-      #     rm pr_body.md
-
-      # - name: Create Pull Request
-      #   id: create-pull-request
-      #   uses: https://forgejo.stefka.eu/jiriks74/create-pull-request@2c60f3517609825873003cde0d4367c6cc2cd74c
-      #   with:
-      #     token: ${{ secrets.FORGEJO_TOKEN_FOR_UPDATES  }}
-      #     body: ${{ steps.pr_body.outputs.content }}
-      #     author: '"github-actions[bot]" <github-actions[bot]@users.noreply.github.com>'
-      #     title: 'automated: Update `flake.lock`'
-      #     commit-message: |
-      #       automated: Update `flake.lock`
-
-      #       ${{ steps.pr_body.outputs.content }}
-
-      #     branch: update-flake-lock
-      #     delete-branch: true
-
-      # - name: Print PR number
-      #   run: |
-      #     echo "Pull request number is ${{ steps.create-pull-request.outputs.pull-request-number }}."
-      #     echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
diff --git a/.forgejo/workflows/main.yml b/.forgejo/workflows/main.yml
index 2f7a686..1ab5969 100644
--- a/.forgejo/workflows/main.yml
+++ b/.forgejo/workflows/main.yml
@@ -25,6 +25,9 @@ jobs:
     steps:
     - uses: actions/checkout@v4
 
+    - name: Install Nix
+      uses: https://github.com/DeterminateSystems/nix-installer-action@main
+
     - name: build nixos
       if: ${{ matrix.os }} == 'linux'
       run: |
diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml
index 79bc668..53023bc 100644
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@@ -1,15 +1,60 @@
 name: Renovate
 
 on:
-  workflow_dispatch:
+  push:
+  workflow_dispatch: # allows manual triggering
   schedule:
-    - cron: '0 0 * * 5' # runs weekly on Sunday at 00:00
+    - cron: '0 0 * * 5' # runs weekly on Friday at 00:00
 
 jobs:
   renovate:
-    runs-on: codeberg-tiny
+    runs-on: kaylee
+    permissions:
+      id-token: "write"
+      contents: "read"
 
     steps:
-      - uses: https://github.com/DeterminateSystems/nix-installer-action@main
-      - run: |
-          nix run nixpkgs#renovate -- --platform forgejo --endpoint https://codeberg.org/api/v1 --token ${{ secrets.RENOVATE_TOKEN }} ${{ env.FORGEJO_REPOSITORY }} 
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Nix
+        uses: https://github.com/DeterminateSystems/nix-installer-action@main
+
+      - name: Magic Nix Cache
+        uses: https://github.com/DeterminateSystems/magic-nix-cache-action@main
+        with:
+          use-flakehub: false
+          use-gha-cache: true
+        env:
+          ACTIONS_CACHE_URL: ${{ env.ACTIONS_CACHE_URL }}
+          ACTIONS_RESULTS_URL: ${{ env.ACTIONS_RESULTS_URL }}
+          ACTIONS_RUNTIME_TOKEN: ${{ github.token }}
+          ACTIONS_CACHE_SERVICE_V2: ${{ env.ACTIONS_CACHE_SERVICE_V2 }}
+
+      - name: Run Renovate
+        env:
+          # Platform configuration
+          RENOVATE_PLATFORM: forgejo
+          RENOVATE_ENDPOINT: https://codeberg.org/api/v1
+          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
+          RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_TOKEN }}
+
+          # Repository configuration
+          RENOVATE_REPOSITORIES: ${{ github.repository }}
+
+          # Git configuration
+          RENOVATE_GIT_AUTHOR: 'Renovate Bot <bot@renovateapp.com>'
+          RENOVATE_USERNAME: 'renovate-bot'
+
+          # Renovate settings
+          RENOVATE_ONBOARDING: 'false'
+          RENOVATE_REQUIRE_CONFIG: 'required'
+          RENOVATE_CONFIG_FILE: '${{ github.workspace }}/renovate.json'
+
+          # Logging
+          LOG_LEVEL: 'info'
+
+          # Reduce external API calls
+          RENOVATE_AUTODISCOVER: 'false'
+        run: |
+          nix run nixpkgs#renovate 
diff --git a/renovate.json b/renovate.json
index 7190a60..87483bc 100644
--- a/renovate.json
+++ b/renovate.json
@@ -1,3 +1,29 @@
 {
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json"
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    ":dependencyDashboard",
+    "config:recommended"
+  ],
+  "semanticCommits": "enabled",
+  "rebaseWhen": "behind-base-branch",
+  "platformCommit": "enabled",
+  "dependencyDashboard": true,
+  "dependencyDashboardTitle": "Dependency Dashboard",
+  "packageRules": [
+    {
+      "description": "Update Forgejo actions",
+      "matchManagers": ["github-actions"],
+      "groupName": "forgejo-actions"
+    }
+  ],
+  "nix": {
+    "enabled": true
+  },
+  "git-submodules": {
+    "enabled": true
+  },
+  "includePaths": [
+    ".forgejo/**",
+    "dot_config/flake/**"
+  ]
 }