renovate: add ssh signing

2025-10-22 10:34:57 -04:00
parent 9b53acf467
commit 27e477af6f
2 changed files with 22 additions and 0 deletions
--- a/renovate/renovate-cronjob.yaml
+++ b/renovate/renovate-cronjob.yaml
@@ -27,6 +27,11 @@ spec:
                    secretKeyRef:
                      key: github-com-pat
                      name: renovate-github-com-token
+                - name: RENOVATE_GIT_PRIVATE_KEY
+                  valueFrom:
+                    secretKeyRef:
+                      key: ssh-key
+                      name: renovate-ssh-key
                - name: RENOVATE_AUTODISCOVER
                  value: 'false'
                - name: RENOVATE_BASE_DIR
--- a/renovate/renovate-ssh-key.yaml
+++ b/renovate/renovate-ssh-key.yaml
@@ -0,0 +1,17 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: renovate-ssh-key
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: weyma-vault
+    kind: ClusterSecretStore
+  target:
+    name: renovate-ssh-key
+    creationPolicy: Owner
+  data:
+    - secretKey: ssh-key
+      remoteRef:
+        key: renovate
+        property: ssh-key