The release.yml workflow uses https://gitea.com/actions/release-action@main. Renovate's gitea-tags manager tries to resolve @main as a tag and 404s, which crashes the entire renovate run (affecting all repos via autodiscover). Repo-level ignoreDeps + a packageRule make this defense-in-depth alongside the global ignoreDeps in /opt/renovate/config.js.
This commit is contained in:
@@ -17,6 +17,10 @@
|
||||
"prHourlyLimit": 10,
|
||||
"prConcurrentLimit": 20,
|
||||
"rebaseWhen": "behind-base-branch",
|
||||
"ignoreDeps": [
|
||||
"actions/release-action",
|
||||
"https://gitea.com/actions/release-action"
|
||||
],
|
||||
"packageRules": [
|
||||
{
|
||||
"description": "Group all minor and patch updates per ecosystem in one PR",
|
||||
@@ -60,6 +64,16 @@
|
||||
"github-actions"
|
||||
],
|
||||
"pinDigests": true
|
||||
},
|
||||
{
|
||||
"description": "Branch-ref refs (e.g. @main) cannot be tag-resolved — disable lookups for our known offenders",
|
||||
"matchManagers": [
|
||||
"gitea-tags"
|
||||
],
|
||||
"matchPackageNames": [
|
||||
"actions/release-action"
|
||||
],
|
||||
"enabled": false
|
||||
}
|
||||
],
|
||||
"vulnerabilityAlerts": {
|
||||
|
||||
Reference in New Issue
Block a user