mirror of
https://github.com/kubernetes-sigs/external-dns.git
synced 2026-05-04 22:26:11 +02:00
a6266dd5ff
Apply principle of least privilege across all workflows:
- end-to-end-tests.yml: add missing permissions (contents: read)
- dependency-update.yaml: add missing permissions (contents: read)
- lint-test-chart.yaml: replace top-level read-all with permissions: {}
- release-chart.yaml: replace top-level read-all with permissions: {}
- codeql-analysis.yaml: remove unused actions: read
- lint.yaml: remove unused pull-requests: read
- staging-image-tester.yaml: remove unused checks: write (no goveralls step)
31 lines
907 B
YAML
31 lines
907 B
YAML
name: update-versions-with-renovate
|
|
|
|
on:
|
|
push:
|
|
branches: [main, master]
|
|
schedule:
|
|
# https://crontab.guru/
|
|
# once a day
|
|
- cron: '0 0 * * *'
|
|
|
|
permissions:
|
|
contents: write
|
|
pull-requests: write
|
|
|
|
jobs:
|
|
update-versions-with-renovate:
|
|
runs-on: ubuntu-latest
|
|
if: github.repository == 'kubernetes-sigs/external-dns'
|
|
steps:
|
|
- name: checkout
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
# https://github.com/renovatebot/github-action
|
|
- name: self-hosted renovate
|
|
uses: renovatebot/github-action@0b17c4eb901eca44d018fb25744a50a74b2042df # v46.1.4
|
|
with:
|
|
# https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
configurationFile: .github/renovate-config.js
|
|
env:
|
|
LOG_LEVEL: info
|