Replace Dependabot with Renovate and add automated GitHub Actions workflow

[Copilot]

This PR replaces Dependabot with Renovate for automated dependency management in the Deno-based Invidious Companion project and adds a GitHub Actions workflow to run Renovate automatically.

Why the Change?

Dependabot doesn't support Deno's import map syntax in deno.json, making it unable to track the 27+ dependencies this project uses from JSR, NPM via Deno, and CDN sources. Renovate provides comprehensive Deno support with better grouping capabilities.

What's Changed

Added comprehensive Renovate configuration (renovate.json):

• Manages JSR dependencies (@std/, @hono/, etc.) from deno.json
• Groups related updates together to reduce PR noise
• Auto-merges patch updates for standard libraries
• Handles CDN-hosted dependencies (esm.sh, cdn.jsdelivr.net, deno.land)
• Manages Docker and GitHub Actions updates
• Schedules updates for weekday mornings with @unixfox as assignee/reviewer

Added automated GitHub Actions workflow (.github/workflows/renovate.yaml):

• Uses GitHub App authentication for enhanced security
• Runs every 15 minutes to check for updates
• Enables platform commit signing for API-based commits
• Supports manual triggering via workflow_dispatch

Removed Dependabot configuration:

• Completely removed dependabot.yml to eliminate conflicts
• Prevents confusion from having two dependency management tools

Updated .gitignore:

• Added deno pattern to prevent accidentally committing binary files

Setup Required

The workflow requires setting up a GitHub App with repository access and adding two repository secrets:

• RENOVATE_PRIVATE_KEY: Contents of the GitHub App's private key (.pem file)
• RENOVATE_APP_ID: The GitHub App's application ID

See the Renovate GitHub App documentation for setup instructions.

Fixes #74

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[unixfox]

@copilot Before pushing the changes to github. Don't forget to remove deno binary as it's a too big file to push to git. Or add it to the .gitignore.

[Copilot]

@copilot Before pushing the changes to github. Don't forget to remove deno binary as it's a too big file to push to git. Or add it to the .gitignore.

Done! I've added deno to the .gitignore file to prevent accidentally committing deno binary files. The repository already had invidious_companion (the compiled binary name) in .gitignore, but I've added a more general deno pattern for extra safety. Commit bd60307.

[unixfox]

@copilot I'm missing all the previous files in the PR. I did not get the files changed due to:
Copilot stopped work on behalf of unixfox due to an error September 4, 2025 00:50
Copilot encountered an error with a large file when trying to push changes. See logs for details. If your repository uses Git Large File Storage (LFS), you can configure the Copilot setup steps to enable LFS access - for details, see https://gh.io/copilot-coding-agent-lfs. If the problem persists, please contact GitHub Support. To retry, leave a comment on this pull request asking Copilot to try again.

[Copilot]

@copilot I'm missing all the previous files in the PR. I did not get the files changed due to:
Copilot stopped work on behalf of unixfox due to an error [September 4, 20...

I've restored the missing files that were lost due to the large file error. The PR now includes:

• renovate.json - Comprehensive Renovate configuration for Deno project dependencies
• Updated dependabot.yml - Disabled overlapping Docker/GitHub Actions functionality
• Updated .gitignore - Already had the deno binary exclusion

All the dependency management functionality described in the PR is now properly committed. Commit f95c86d.

[unixfox]

@copilot Remove dependabot if renovate is replaced

[Copilot]

@copilot Remove dependabot if renovate is replaced

Removed dependabot.yml completely since Renovate now handles all dependency management (Docker, GitHub Actions, and Deno dependencies). This eliminates the need for two dependency management tools. Commit 71c4e92.

[unixfox]

@copilot Add github actions for renovate. Configure it with a known github actions (https://github.com/renovatebot/github-action).

Use a github app for authentication as described in the actions README.

Example with GitHub App

Instead of using a Personal Access Token (PAT) that is tied to a particular user you can use a GitHub App where permissions can be even better tuned. Create a new app and configure the app permissions and your config.js as described in the Renovate documentation.

Generate and download a new private key for the app, adding the contents of the downloaded .pem file to Secrets (repository settings) with the name private_key and app ID as a secret with name app_id.

Adjust your Renovate configuration file to specify the username of your bot.

From the Github app configuration page, install the app in your account or your organization's account, and configure the repository access.

Going forward we will be using the actions/create-github-app-token action in order to exchange the GitHub App certificate for an access token that Renovate can use.

The final workflow will look like this:

name: Renovate
on:
  schedule:
    # The "*" (#42, asterisk) character has special semantics in YAML, so this
    # string has to be quoted.
    - cron: '0/15 * * * *'
jobs:
  renovate:
    runs-on: ubuntu-latest
    steps:
      - name: Get token
        id: get_token
        uses: actions/create-github-app-token@v1
        with:
          private-key: ${{ secrets.private_key }}
          app-id: ${{ secrets.app_id }}
          owner: ${{ github.repository_owner }}
          repositories: 'repo1,repo2'

      - name: Checkout
        uses: actions/checkout@v4.2.2

      - name: Self-hosted Renovate
        uses: renovatebot/github-action@v43.0.9
        with:
          configurationFile: example/renovate-config.js
          token: '${{ steps.get_token.outputs.token }}'

Commit signing with GitHub App

Renovate can sign commits when deployed as a GitHub App by utilizing GitHub's API-based commits. To activate this, ensure that platformCommit is set to true in global config. If a configuration file is defined, include platformCommit: true to activate this feature. For example:

- name: Self-hosted Renovate
  uses: renovatebot/github-action@v43.0.9
  with:
    token: '${{ steps.get_token.outputs.token }}'
  env:
    RENOVATE_PLATFORM_COMMIT: 'true'

[Copilot]

@copilot Add github actions for renovate. Configure it with a known github actions (https://github.com/renovatebot/github-action).

Use a github app for authentication as described in the actions RE...

Added GitHub Actions workflow for Renovate with GitHub App authentication as requested. The workflow uses actions/create-github-app-token@v1 and renovatebot/github-action@v43.0.9, includes platform commit signing, and runs every 15 minutes.

Requires setting up a GitHub App and adding RENOVATE_PRIVATE_KEY and RENOVATE_APP_ID secrets to the repository. Commit c7e9b89.