Merge pull request 'Enable renovate osv vulnerability alerts' (#2788) from viceice/forgejo:chore/renovate into forgejo

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2788 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-11-09 08:32:16 +00:00 · 2024-05-14 12:01:47 +00:00 · 2024-05-14 12:01:47 +00:00 · b88bae5c5a
parent 069b78b305 06725504a3
commit b88bae5c5a
2 changed files with 5 additions and 0 deletions
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@ -30,6 +30,7 @@ jobs:
        with:
          path: |
            .tmp/cache/renovate/repository
+            .tmp/osv
          key: repo-cache-${{ github.run_id }}
          restore-keys: |
            repo-cache-
@ -51,10 +52,13 @@ jobs:
          GIT_COMMITTER_NAME: 'Renovate Bot'
          GIT_COMMITTER_EMAIL: 'forgejo-renovate-action@forgejo.org'

+          OSV_OFFLINE_ROOT_DIR: ${{ github.workspace }}/.tmp/osv
+
      - name: Save renovate repo cache
        if: always() && env.RENOVATE_DRY_RUN != 'full'
        uses: https://code.forgejo.org/actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
        with:
          path: |
            .tmp/cache/renovate/repository
+            .tmp/osv
          key: repo-cache-${{ github.run_id }}
--- a/renovate.json
+++ b/renovate.json
@ -19,6 +19,7 @@
  "postUpdateOptions": ["gomodTidy", "gomodUpdateImportPaths", "npmDedupe"],
  "prConcurrentLimit": 5,
  "internalChecksFilter": "strict",
+  "osvVulnerabilityAlerts": true,
  "packageRules": [
    {
      "description": "Require approval for go and python minor version",