Forte/launchpad
6
0
Fork 0
Code Issues Pull Requests Actions Packages Wiki Activity

renovate
Some checks failed
Deploy Gitea Pages / build-and-deploy (push) Failing after 6s
Details

Browse Source
This commit is contained in:
Danijel Simeunovic
2026-04-14 12:05:14 +02:00
parent 58ccc9fd2e
commit 0e8524b84a
5 changed files with 138 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
docs/REFERENCE.md
View File

@@ -90,6 +90,7 @@ launchpad/
│ ├── gitea-actions.yaml
│ ├── sealedsecrets.yaml
│ ├── secrets.yaml
│ ├── renovate.yaml
│ └── values/
│ ├── argocd-values.yaml
│ ├── prometheus-values.yaml
@@ -98,7 +99,8 @@ launchpad/
│ ├── tempo-values.yaml
│ ├── gitea-values.yaml
│ ├── gitea-actions-values.yaml
── fluent-bit-values.yaml
── fluent-bit-values.yaml
│ └── renovate-values.yaml
├── apps/ # Business applications
│ ├── mcp10x.yaml
@@ -867,6 +869,48 @@ dind:
- Gitea admin panel (`/admin/runners`) — runners show as Online
- Create test workflow in `.gitea/workflows/test.yml` — job executes
### Renovate
**Chart**: `renovate` (OCI: `ghcr.io/renovatebot/charts`)
**Version**: 46.109.0 (app v43.113.0)
**Namespace**: `renovate`
**Sync Wave**: 2
**Purpose**: Automated dependency update bot. Runs as a CronJob that scans Gitea repositories for outdated dependencies and creates pull requests with updates.
**Configuration**:
```yaml
# infra/renovate.yaml + infra/values/renovate-values.yaml
cronjob:
schedule: "@hourly"
concurrencyPolicy: Forbid
renovate:
config:
platform: gitea
endpoint: https://git.forteapps.net
autodiscover: true
gitAuthor: "Renovate Bot <renovate@forteapps.net>"
resources:
requests: { cpu: 250m, memory: 512Mi }
limits: { cpu: "1", memory: 1Gi }
```
**Secrets**: `renovate-env` (SealedSecret in `secrets` namespace, cloned by Kyverno) containing:
- `RENOVATE_TOKEN` — Gitea PAT with repo write + issue write permissions
- `RENOVATE_GITHUB_COM_TOKEN` — GitHub PAT (public_repo read-only) for changelog fetching
**Setup Steps**:
1. Fill in `private/renovate-env.yaml` with tokens
2. Seal: `kubeseal --format yaml < private/renovate-env.yaml > secrets/renovate-env-sealed.yaml`
3. Commit and push — ArgoCD deploys the CronJob, Kyverno clones the secret
**Verification**:
- `kubectl get cronjob -n renovate` — CronJob exists
- `kubectl create job --from=cronjob/renovate renovate-test -n renovate` — manual trigger
- `kubectl logs -n renovate job/renovate-test` — check logs
---
## Kyverno Policies
@@ -1472,6 +1516,7 @@ team: platform
| **Fluent-Bit** | 2.1.0+ | Latest |
| **Gitea** | 1.25.4 | 12.5.0 |
| **Gitea Act Runner** | Latest | Latest |
| **Renovate** | v43.113.0 | 46.109.0 |
| **PostgreSQL** | 16-alpine | N/A |
| **Trivy** | Latest | Latest |
@@ -1483,6 +1528,6 @@ team: platform
---
**Last Updated**: 2026-04-08
**Last Updated**: 2026-04-14
**Maintained By**: Platform Team
**Version**: 1.0.0