agentguard-ci/docs/plans/phase4-step2-renovate-cronjob.md

Implementation Plan: Renovate Bot CronJob / ArgoCD App

Objective

Create the Kubernetes manifests to deploy Renovate Bot as a cluster-level service (CronJob) via ArgoCD, configured to scan repositories and open PRs (which will trigger the Phase 1-3 pipeline).

Requirements

• Create Kubernetes manifests for a CronJob that runs the Renovate Bot Docker image.
• Expect Git Provider credentials (GitHub/GitLab token) to be injected as environment variables via Infisical (using standard operator annotations).
• Configure the CronJob to run periodically (e.g., hourly).
• Package this as an ArgoCD Application or a Helm chart located in helm/renovate-bot/.
• The configuration should instruct Renovate to scan the designated repositories and respect the presets defined in Phase 4 Step 1.

Agent Instructions

1. Create the helm/renovate-bot directory.
2. Add the CronJob, ServiceAccount, and necessary RBAC manifests.
3. Configure the Infisical annotations for secrets injection.
4. Provide an Application manifest for ArgoCD to deploy it easily.