fix(renovate-bot): Continue to support the `VAULT_RENOVATE_GITLAB_TOKEN_PATH` variable.

renovate-bot.yml

@@ -8,21 +8,28 @@ spec:
     vault:
       default: ""
 ---
+# Include exactly one of the following files:
 include:
-  # Explicit vault path? Use it to obtain the RENOVATE_GITLAB_TOKEN for Renovate
+  # Option 1: Vault with explicit path from the "vault" input
   - local: 'internal/renovate-bot/vault.yml'
     rules:
       - if: '"$[[ inputs.vault | expand_vars ]]" != ""'
     inputs:
       vault: "$[[ inputs.vault | expand_vars ]]"
-  # RENOVATE_GITLAB_TOKEN CI variable? use the legacy variable based configuration
+  # Option 2: Vault with explicit path from the "VAULT_RENOVATE_GITLAB_TOKEN_PATH" variable
+  - local: 'internal/renovate-bot/vault.yml'
+    rules:
+      - if: '"$[[ inputs.vault | expand_vars ]]" == "" && $VAULT_RENOVATE_GITLAB_TOKEN_PATH != null'
+    inputs:
+      vault: "${VAULT_RENOVATE_GITLAB_TOKEN_PATH}/token@ci"
+  # Option 3: Variable using RENOVATE_GITLAB_TOKEN (compatibility behavior)
   - local: 'internal/renovate-bot/variable.yml'
     rules:
-      - if: '"$[[ inputs.vault | expand_vars ]]" == "" && $RENOVATE_GITLAB_TOKEN != null'
-  # Default: obtain the RENOVATE_GITLAB_TOKEN from a well-known Vault path
+      - if: '"$[[ inputs.vault | expand_vars ]]" == "" && $VAULT_RENOVATE_GITLAB_TOKEN_PATH == null && $RENOVATE_GITLAB_TOKEN != null'
+  # Option 4 (default): Vault using a well-known default path
   - local: 'internal/renovate-bot/vault.yml'
     rules:
-      - if: '"$[[ inputs.vault | expand_vars ]]" == "" && $RENOVATE_GITLAB_TOKEN == null'
+      - if: '"$[[ inputs.vault | expand_vars ]]" == "" && $VAULT_RENOVATE_GITLAB_TOKEN_PATH == null && $RENOVATE_GITLAB_TOKEN == null'
     inputs:
       vault: "access_tokens/${VAULT_SECRETS_PATH}/renovate-bot/token@ci"