65 lines
1.5 KiB
HCL
65 lines
1.5 KiB
HCL
job "renovate" {
|
|
type = "batch"
|
|
|
|
periodic {
|
|
cron = "0 4 * * *" # Daily at 4am
|
|
prohibit_overlap = true
|
|
}
|
|
|
|
group "renovate" {
|
|
network {
|
|
mode = "bridge"
|
|
}
|
|
|
|
# Consul Connect sidecar with upstream to Gitea (service: code-connect, port 3000)
|
|
service {
|
|
name = "renovate"
|
|
connect {
|
|
sidecar_service {
|
|
proxy {
|
|
upstreams {
|
|
destination_name = "code-connect"
|
|
local_bind_port = 3000
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
task "renovate" {
|
|
driver = "docker"
|
|
|
|
config {
|
|
image = "renovate/renovate:latest"
|
|
}
|
|
|
|
env = {
|
|
RENOVATE_PLATFORM = "gitea"
|
|
RENOVATE_ENDPOINT = "http://localhost:3000"
|
|
RENOVATE_GIT_URL = "endpoint"
|
|
RENOVATE_REPOSITORIES = "othrayte/infra"
|
|
RENOVATE_GIT_AUTHOR = "Renovate Bot <renovate@othrayte.one>"
|
|
LOG_LEVEL = "debug"
|
|
}
|
|
|
|
# Required SOPS key:
|
|
# renovate.gitea_token — PAT for the renovate bot account in Gitea
|
|
# Create a dedicated 'renovate' user in Gitea with these token scopes:
|
|
# repo (read+write), user (read), issue (read+write), organization (read)
|
|
template {
|
|
data = <<EOF
|
|
RENOVATE_TOKEN={{ with nomadVar "nomad/jobs/renovate" }}{{ .gitea_token }}{{ end }}
|
|
EOF
|
|
destination = "secrets/renovate.env"
|
|
env = true
|
|
}
|
|
|
|
resources {
|
|
cpu = 500
|
|
memory = 512
|
|
memory_max = 1024
|
|
}
|
|
}
|
|
}
|
|
}
|