renovatebot/github-action

Creating only vulnerability PRs, not working

khansaofx opened this issue · 1 comments

khansaofx commented

Hi Team,
we are using self hosted renovate bot in github actions,
we are looking to configure renovate to create PR for security vulnerability only.
with the below configuration used no PR is getting created but if we enable package rules then we do get PRs created but those are not just for security ones.

  • renovate.yml github workflow file is as below
name: Renovate

on:
  push:
  workflow_dispatch:
  schedule:
    - cron: "0 0 * * MON" #Every MON 10:00 AM AEST

jobs:
  renovate:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@master
      - name: Substitute vars
        shell: bash
        run: sed -i "s/GITHUB_TOKEN/${{ secrets}}/g" config.json
      - name: Self-hosted Renovate
        uses: renovatebot/github-action@v32.0.1
        with:
          configurationFile: config.json
          token: ${{ secrets }}
  • config.json file is as below
{
   "groupName ":"all",
   "branchPrefix":"renovate/reno-",
   "dryRun":false,
   "gitAuthor":"Renovate Bot <bot@renovateapp.com>",
   "labels":[
      "renovate-dependencies"
   ],
   "onboarding":true,
   "onboardingConfigFileName":".github/renovate.json",
   "onboardingBranch":"renovate/reno-cfg",
   "platform":"github",
   "hashedBranchLength":20,
   "github-actions":{
      "enabled":false
   },
   "docker":{
      "enabled":false
   },
   "extends":[
      ":enableVulnerabilityAlerts"
   ],
   "repositories":[
      "<<repo name here>>"
   ],
   "ignoreDeps":[
      "EPPlus"
   ],
   "hostRules":[
      {
         "matchHost":"https://npm.pkg.github.com/",
         "hostType":"npm",
         "token":"GITHUB_TOKEN"
      }
   ],
   "includePaths":[
      "test/*"
   ],
   "packageRules":[
      {
         "enabled":false,
         "matchDatasources":[
            "npm"
         ],
         "matchPackagePatterns":[
            "*"
         ],
         "groupName":"NPM: all dependencies",
         "groupSlug":"all"
      }
   ],
   "vulnerabilityAlerts":{
      "enabled":"true"
   },
}
  • Package.json file present in /test folder of repo is below.
{
  "name": "test",
  "version": "1.0.0",
  "description": "",
  "main": "*.test.js",
  "scripts": {
    "test": "mocha *.test.js --timeout 30000 && eslint *.js"
  },
  "author": "",
  "dependencies": {
    "bluebird": "*",
    "cheerio": "^0.22.0",
    "expect": "^26.6.2",
    "mocha": "^9.1.2",
    "request": "^2.88.2",
    "should": "13.2.3"
  },
  "devDependencies": {
    "eslint": "^7.32.0",
    "eslint-plugin-mocha-no-only": "^1.1.1"
  }
}
jdbruijn commented

Please open a discussion in the main renovate repository as you have configuration issues with aren't related to the GitHub Action. I've edited the OP for code blocks so feel free to copy/paste that. Or perhaps someone with the right access can transfer this to a discussion there?