From 3d3f30ee2f93e98a30b7110b13e319535f195437 Mon Sep 17 00:00:00 2001
From: Rich Wareham <rjw57@cam.ac.uk>
Date: Thu, 21 Nov 2024 11:31:45 +0000
Subject: [PATCH] feat: add new trigger-renovatebot job

Add a new CI job to the common pipeline which triggers a run of
renovatebot for the CI pipeline's project if the
TRIGGER_RENOVATEBOT_ENABLED variable is set.

Since no jobs are added *unless* that variable is set, this ensures that
renovatebot runs are always explicitly triggered.

The auto-devops/trigger-renovatebot.yml template also includes a
template CI job which can be used to construct trigger jobs with more
elaborate rulesets.
---
 CHANGELOG.md                                  |  8 +++++
 auto-devops/common-pipeline.yml               |  1 +
 auto-devops/trigger-renovatebot.gitlab-ci.yml | 36 +++++++++++++++++++
 trigger-renovatebot.gitlab-ci.yml             |  5 +++
 4 files changed, 50 insertions(+)
 create mode 100644 auto-devops/trigger-renovatebot.gitlab-ci.yml
 create mode 100644 trigger-renovatebot.gitlab-ci.yml

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e6e1d40..411307a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [6.2.0] - 2024-11-21
+
+### Added
+
+- Added a new job "trigger-renovatebot" to the common pipeline. When the
+  `TRIGGER_RENOVATEBOT_ENABLED` variable is set, a run of renovatebot will be
+  triggered for the pipeline's project.
+
 ## [6.1.1] - 2024-11-14
 
 ### Fixed
diff --git a/auto-devops/common-pipeline.yml b/auto-devops/common-pipeline.yml
index 2515ed1..2d8cc0d 100644
--- a/auto-devops/common-pipeline.yml
+++ b/auto-devops/common-pipeline.yml
@@ -18,6 +18,7 @@ include:
   - local: "/auto-devops/python-publish.yml"
   - local: "/auto-devops/python-check-tags-match-version.yml"
   - local: "/auto-devops/mkdocs-docs.gitlab-ci.yml"
+  - local: "/auto-devops/trigger-renovatebot.gitlab-ci.yml"
 
   # Fail-safe workflow rules. These can be overridden by CI configuration which includes us.
   - template: Workflows/Branch-Pipelines.gitlab-ci.yml
diff --git a/auto-devops/trigger-renovatebot.gitlab-ci.yml b/auto-devops/trigger-renovatebot.gitlab-ci.yml
new file mode 100644
index 0000000..14edd7b
--- /dev/null
+++ b/auto-devops/trigger-renovatebot.gitlab-ci.yml
@@ -0,0 +1,36 @@
+# Triggers a renovatebot run against the CI pipeline's project if $TRIGGER_RENOVATEBOT_ENABLED is set.
+#
+# A template job called ".trigger-renovatebot" is provided which jobs may extend if they want to have more fine-grained
+# control over when renovatebot runs are triggered.
+#
+# The "trigger-renovatebot" job provided in this template extends ".trigger-renovatebot" and runs only if
+# $TRIGGER_RENOVATEBOT_ENABLED is set. By default the job is configured with no dependencies and so will run
+# immediately.
+#
+# Due to renovatebot trigger API restrictions, this job can *only* trigger renovatebot runs for its own project. Use a
+# multi-project pipeline if you want to trigger runs of renovatebot for other projects.
+
+.trigger-renovatebot:
+  id_tokens:
+    RENOVATE_TRIGGER_TOKEN:
+      aud: renovatebot-trigger.devops.uis.cam.ac.uk
+  variables:
+    RENOVATE_TRIGGER_ENDPOINT: https://europe-west2-gitlab-bots-prod-364942b0.cloudfunctions.net/renovatebot-trigger-8d99
+  image:
+    name: alpine/httpie
+    entrypoint: [""]
+  script:
+    - |-
+      http --ignore-stdin --check-status -v POST "$RENOVATE_TRIGGER_ENDPOINT" \
+        "Authorization:Bearer $RENOVATE_TRIGGER_TOKEN" "projects[0]=$CI_PROJECT_PATH"
+
+trigger-renovatebot:
+  extends: .trigger-renovatebot
+
+  # There's not really a "right" stage for triggering renovatebot but the "needs: []" will always cause the job to run
+  # immediately irrespective of the stage and so we might as well put it in the initial "build" stage.
+  stage: build
+  needs: []
+
+  rules:
+    - if: $TRIGGER_RENOVATEBOT_ENABLED
diff --git a/trigger-renovatebot.gitlab-ci.yml b/trigger-renovatebot.gitlab-ci.yml
new file mode 100644
index 0000000..8d970b2
--- /dev/null
+++ b/trigger-renovatebot.gitlab-ci.yml
@@ -0,0 +1,5 @@
+# Stand alone version of auto-devops/trigger-renovatebot.gitlab-ci.yml
+
+include:
+  - local: '/auto-devops-stages.yml'
+  - local: '/auto-devops/trigger-renovatebot.gitlab-ci.yml'
-- 
GitLab