Merge branch 'renovate-only-runs-on-gitlab.com' into 'main'

fix: renovate bot should only run on gitlab.com See merge request gitlab-com/gl-infra/common-ci-tasks!116

Merge branch 'renovate-only-runs-on-gitlab.com' into 'main'
fb9eef22 · Andrew Newdigate · 99ce8ecf · 0ac62211 · fb9eef22 · fb9eef22
Commit fb9eef22 authored 2 years ago by Andrew Newdigate
--- a/renovate-bot.md
+++ b/renovate-bot.md
@@ -7,12 +7,13 @@ Runs [`renovatebot`](https://docs.renovatebot.com/) against the project to autom
 1. Lookup the GitHub Personal Access token from [1Password Production Vault](https://gitlab.1password.com/vaults/7xbs54owvjux3cypztlhyetej4/allitems/53z2zuf7urh7hoy3nqeqsei27e) and save it into the CI environment variable `RENOVATE_GITHUB_TOKEN`. Make sure the variable is **Protected** and **Masked**.
 1. Note that you can use Group Access Tokens and Group CI/CD variables, instead of Project-level ones should you choose.
 1. Create a CI Pipeline Schedule called `Renovatebot` with a daily schedule, eg `0 1 * * *`. Ensure that the CI Pipeline schedule includes a variable, `RENOVATE_SCHEDULED` with a value of `1`.
+1. Note that Renovate Bot will only run on `gitlab.com`. For projects that are mirrored to other GitLab instances, the task will not run.
 1. Create a `renovate.json` file in the root of the project. See below for an example configuration:
  
 ```json
 {
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": ["gitlab>gitlab-com/gl-infra/common-ci-tasks:renovate-common"],
+  "extends": ["gitlab>gitlab-com/gl-infra/common-ci-tasks:renovate-common"]
 }
 ```
  
@@ -23,11 +24,9 @@ stages:
 include:
  # Upgrades dependencies on a schedule
  # see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/renovate-bot.md
-  - project: 'gitlab-com/gl-infra/common-ci-tasks'
+  - project: "gitlab-com/gl-infra/common-ci-tasks"
    ref: v1.32.0 # renovate:managed
    file: renovate-bot.yml
-    rules:
-      - if: '$CI_SERVER_HOST == "gitlab.com"'
 ```
  
 ## Annotating `.tool-versions` and `.gitlab-ci-other-versions.yml` to support Renovate
@@ -64,13 +63,12 @@ In an effort to reduce toil, a [Renovate Automerge configuration](https://docs.r
  
 This will automatically configure development-time dependency to be auto-merged if the pipeline succeeds.
  
-
 ```json
 {
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "gitlab>gitlab-com/gl-infra/common-ci-tasks:renovate-common",
    "gitlab>gitlab-com/gl-infra/common-ci-tasks:renovate-automerge"
-  ],
+  ]
 }
 ```
--- a/renovate-bot.yml
+++ b/renovate-bot.yml
@@ -39,6 +39,9 @@ renovate_bot:
      --allowed-post-upgrade-commands '[".*"]'
      ${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}
  rules:
+    # Renovate only ever runs on gitlab.com
+    - if: '$CI_SERVER_HOST != "gitlab.com"'
+      when: never
    - if: "($RENOVATE_SCHEDULED || $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH) && ($RENOVATE_IMMEDIATE == '' || $RENOVATE_IMMEDIATE == null) "
      exists:
        - renovate.json