diff --git a/.github/renovate.json b/.github/renovate.json index 159f21a..6881547 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -7,12 +7,6 @@ "gitAuthor": "github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>", "minimumReleaseAge": "14 days", "customManagers": [ - { - "customType": "regex", - "managerFilePatterns": ["/\\.github/workflows/.*\\.yaml$/"], - "matchStrings": ["uses:\\s+(?[\\w-]+/[\\w-]+)@(?[a-f0-9]+)\\s+#\\s+(?v[\\S]+)"], - "datasourceTemplate": "github-releases" - }, { "customType": "regex", "description": "Update SHA-pinned actions in .jinja template files", @@ -22,10 +16,9 @@ }, { "customType": "regex", - "description": "Update copier-flake ref in Nix flake inputs", + "description": "Update SHA-pinned Nix flake inputs in template files", "managerFilePatterns": ["/template/flake\\.nix\\.jinja$/", "/includes/flake-extra-inputs\\.jinja$/"], - "matchStrings": ["github:gordon-code/copier-flake/(?[a-f0-9]+).*#\\s*(?v[\\S]+)"], - "depNameTemplate": "gordon-code/copier-flake", + "matchStrings": ["github:(?[\\w-]+/[\\w-]+)/(?[a-f0-9]+).*#\\s*(?v[\\S]+)"], "datasourceTemplate": "github-releases" } ], @@ -39,6 +32,11 @@ "matchUpdateTypes": ["major"], "groupName": "major dependencies", "groupSlug": "major" + }, + { + "matchManagers": ["github-actions"], + "matchFileNames": ["template/**"], + "enabled": false } ] } diff --git a/.github/workflows/render-template.yaml b/.github/workflows/render-template.yaml new file mode 100644 index 0000000..35abb96 --- /dev/null +++ b/.github/workflows/render-template.yaml @@ -0,0 +1,53 @@ +# Template-repo only: re-renders root files after Renovate updates includes/template +name: Render Template + +on: + push: + branches: ['renovate/**'] + paths: ['includes/**', 'template/**'] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: + contents: read + +jobs: + render: + runs-on: ubuntu-latest + permissions: + contents: write + timeout-minutes: 15 + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + ref: ${{ github.ref }} + token: ${{ secrets.RENOVATE_TOKEN }} + + - uses: ./.github/actions/nix-setup + + - name: Set up Git + run: | + git config user.name "github-actions[bot]" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + + - name: Re-render from template + run: nix develop -c just render + + - name: Update flake lock if inputs changed + run: | + if ! git diff --quiet flake.nix; then + nix flake lock + fi + + - name: Restore copier answers + run: git restore .copier-answers.yaml + + - name: Commit and push if changed + run: | + if [ -n "$(git status --porcelain)" ]; then + git add -A + git commit -m "chore: re-render root files from updated template" + git push + fi diff --git a/includes/renovate-template.jinja b/includes/renovate-template.jinja index 055a570..663f406 100644 --- a/includes/renovate-template.jinja +++ b/includes/renovate-template.jinja @@ -8,10 +8,9 @@ }, { "customType": "regex", - "description": "Update copier-flake ref in Nix flake inputs", + "description": "Update SHA-pinned Nix flake inputs in template files", "managerFilePatterns": ["/template/flake\\.nix\\.jinja$/", "/includes/flake-extra-inputs\\.jinja$/"], - "matchStrings": ["github:gordon-code/copier-flake/(?[a-f0-9]+).*#\\s*(?v[\\S]+)"], - "depNameTemplate": "gordon-code/copier-flake", + "matchStrings": ["github:(?[\\w-]+/[\\w-]+)/(?[a-f0-9]+).*#\\s*(?v[\\S]+)"], "datasourceTemplate": "github-releases" } {% endif %} diff --git a/justfile b/justfile index eb7c649..bd085b7 100644 --- a/justfile +++ b/justfile @@ -24,6 +24,7 @@ render: git show HEAD:lib/nix/project.nix > lib/nix/project.nix 2>/dev/null || true git show HEAD:justfile > justfile 2>/dev/null || true git show HEAD:.gitignore > .gitignore 2>/dev/null || true + git show HEAD:.github/workflows/render-template.yaml > .github/workflows/render-template.yaml 2>/dev/null || true # Run unit tests test: diff --git a/template/.github/renovate.json.jinja b/template/.github/renovate.json.jinja index ecc6200..5a803f9 100644 --- a/template/.github/renovate.json.jinja +++ b/template/.github/renovate.json.jinja @@ -7,12 +7,6 @@ "gitAuthor": "github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>", "minimumReleaseAge": "14 days", "customManagers": [ - { - "customType": "regex", - "managerFilePatterns": ["/\\.github/workflows/.*\\.yaml$/"], - "matchStrings": ["uses:\\s+(?[\\w-]+/[\\w-]+)@(?[a-f0-9]+)\\s+#\\s+(?v[\\S]+)"], - "datasourceTemplate": "github-releases" - }{{ ',' if _is_template else '' }} {% include pathjoin("includes", "renovate-template.jinja") ignore missing %} ], "packageRules": [ @@ -25,6 +19,13 @@ "matchUpdateTypes": ["major"], "groupName": "major dependencies", "groupSlug": "major" + }{{ ',' if _is_template else '' }} +{% if _is_template %} + { + "matchManagers": ["github-actions"], + "matchFileNames": ["template/**"], + "enabled": false } +{% endif %} ] } diff --git a/tests/test_rendering.py b/tests/test_rendering.py index 11bcb06..a6962e6 100644 --- a/tests/test_rendering.py +++ b/tests/test_rendering.py @@ -287,6 +287,16 @@ def test_renovate_has_template_config(generated_template_project): assert template_managers, "No template-specific customManagers found" +def test_renovate_template_suppresses_builtin_gha(generated_template_project): + """Template repo disables built-in github-actions manager for template paths.""" + data = parse_json(generated_template_project / ".github" / "renovate.json") + rules = data.get("packageRules", []) + gha_rule = [r for r in rules if r.get("matchManagers") == ["github-actions"]] + assert gha_rule, "No packageRule suppressing github-actions for template paths" + assert gha_rule[0].get("matchFileNames") == ["template/**"] + assert gha_rule[0].get("enabled") is False + + def test_no_consistency_job_default(generated_github_project): """Default projects have no consistency job in pr-checks.""" assert "consistency" not in (generated_github_project / ".github" / "workflows" / "pr-checks.yaml").read_text()