---
name: Renovate

"on":
  push:
    branches: [main]
  pull_request:
    types: [edited]
  issues:
    types: [edited]
  workflow_dispatch:
    inputs:
      # checkov:skip=CKV_GHA_7:The build output is unaffected by these inputs
      dryRun:
        description: "Dry-Run"
        default: "true"
        required: false
      logLevel:
        description: "Log-Level"
        default: "debug"
        required: false

env:
  LOG_LEVEL: info
  DRY_RUN: false

jobs:
  renovate:
    name: Renovate
    runs-on: ubuntu-latest
    steps:
      - name: Generate Token
        uses: tibdex/github-app-token@v2
        id: generate-token
        with:
          app_id: ${{ secrets.APP_ID }}
          private_key: ${{ secrets.APP_PRIVATE_KEY }}
      - name: Checkout
        uses: actions/checkout@v5
        with:
          token: ${{ steps.generate-token.outputs.token }}
          fetch-depth: 1
      - name: Override default config from dispatch variables
        run: |
          echo "DRY_RUN=${{ github.event.inputs.dryRun || env.DRY_RUN }}" >> "${GITHUB_ENV}"
          echo "LOG_LEVEL=${{ github.event.inputs.logLevel || env.LOG_LEVEL }}" >> "${GITHUB_ENV}"
      - name: Run Renovate
        uses: renovatebot/github-action@v41.0.22
        with:
          configurationFile: .github/renovate-ci.json5
          token: "x-access-token:${{ steps.generate-token.outputs.token }}"