fluent-operator icon indicating copy to clipboard operation
fluent-operator copied to clipboard
verified publisher icon fluent

renovate: Use GitHub app to retrieve a token

Open marcofranssen opened this issue 8 months ago • 1 comments

As Renovate will run with a different token, there is no need for specific workflow permissions anymore.

Instead the GitHub app should have sufficient permissions to create a PullRequest on the repo.

See https://github.com/actions/create-github-app-token/blob/main/README.md on instructions how to add the GitHub App.

Please note we need to configure following on the repo settings:

variable RENOVATE_APP_ID secret RENOVATE_PRIVATE_KEY

I named it specific like this so we can dedicate this app specifically to Renovate and therefore also keep permissions limited to the Renovate usecase.

We can test by rerunning the renovate workflow on this PR after we put the GitHub App and variables and secrets in place on this repo.

marcofranssen avatar Apr 18 '25 12:04 marcofranssen

As Renovate will run with a different token, there is no need for specific workflow permissions anymore.

Instead the GitHub app should have sufficient permissions to create a PullRequest on the repo.

See https://github.com/actions/create-github-app-token/blob/main/README.md on instructions how to add the GitHub App.

Please note we need to configure following on the repo settings:

variable RENOVATE_APP_ID secret RENOVATE_PRIVATE_KEY

I named it specific like this so we can dedicate this app specifically to Renovate and therefore also keep permissions limited to the Renovate usecase.

We can test by rerunning the renovate workflow on this PR after we put the GitHub App and variables and secrets in place on this repo.

@benjaminhuo PTAL

wenchajun avatar May 02 '25 14:05 wenchajun