name: renovate

on:
  workflow_dispatch:
  schedule:
    - cron: "@hourly"
  push:

jobs:
  renovate:
    runs-on: ubuntu-latest
    # Pin to a specific Renovate version for stability (check ghcr.io for latest)
    # Example: ghcr.io/renovatebot/renovate:37.250.0
    container: ghcr.io/renovatebot/renovate:39.220.3 # Pinned version

    steps:
      # Checkout the repository containing config.js
      - name: Checkout
        uses: actions/checkout@v4

      # Cache Renovate's dependency cache directory between runs
      - name: Cache Renovate dependencies
        uses: actions/cache@v4
        with:
          path: /tmp/renovate-cache # Renovate's default cache directory
          # Key based on OS, config file hash, and run ID (ensures save)
          key: ${{ runner.os }}-renovate-${{ hashFiles('config.js') }}-${{ github.run_id }}
          # Fallback keys for restoring from previous runs
          restore-keys: |
            ${{ runner.os }}-renovate-${{ hashFiles('config.js') }}-
            ${{ runner.os }}-renovate-

      # Run Renovate using the configuration file
      - name: Run Renovate
        run: renovate
        env:
          # --- Core Configuration ---
          RENOVATE_CONFIG_FILE: "config.js" # Path to your config file
          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }} # Token for Gitea
          GITHUB_COM_TOKEN: ${{ secrets.GH_TOKEN }} # Only needed if Renovate MUST access github.com (e.g., for release notes). Remove if not needed.
          RENOVATE_GIT_PRIVATE_KEY: ${{ secrets.RENOVATE_GPG_SECRET_KEY }}
          RENOVATE_GIT_AUTHOR: "Renovate Bot <renovate@kjan.de>"
          # --- Performance & Logging ---
          # Use 'info' for normal runs, 'debug' only when troubleshooting
          LOG_LEVEL: "info"
          # Explicitly tell Renovate where the cache is (matches actions/cache path)
          RENOVATE_CACHE_DIR: /tmp/renovate-cache