What is Renovate?
Renovate is an automated dependency update service. It works by scanning private or public repositories and creates Merge Requests, based on the requirements we have and the configuration we made. It is highly configurable and it can match very well our specific needs.
Which platforms are supported by Renovate?
Renovate supports GitHub, GitLab, Bitbucket, Azure DevOps, AWS CodeCommit and Gitea.
The integration with each of them is a little bit different, but the way it works is the same.
It support also many languages like Go, Java, Python, Rust, Ruby, JavaScript, Nuget dependencies and s.o.
Renovate supports most of the popular dependency systems. Complete list can be found HERE ( https://docs.renovatebot.com/modules/manager/ )
How to integrate Renovate?
The integration with GitHub is an easy process. There are a few ways of integration.
One way is to run Renovate as Bot which is using PAT:
1. Create GitHub PAT
- Login to your GitHub account
- Open Settings
- Navigate to Developer settings
- Under Personal access tokens and click Tokens
- Then Generate new token and fill the form
- Click on Generate token
2. Set your PAT as an environment variable RENOVATE_TOKEN
Another way is to use Renovate as self-hosted application. The makers of Renovate are providing “Renovate GitHub App”, which can be installed with a single click ( https://github.com/apps/renovate ).
1. When creating the GitHub App, give it the following permissions:
| Permission | Scope |
| Checks | read+write |
| Commit statuses | read+write |
| Contents | read+write |
| Issues | read+write |
| Pull requests | read+write |
| Workflows | read+write |
| Dependabot alerts | read |
| Members | read |
| Metadata | read |
2. In the configuration section we need to select for which repositories we want to use Renovate:
3. After applying the changes, Renovate will create its first MR which contains renovate.json file with basic configuration:
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:base"
]
}Once we merge, the Renovate bot will start scanning the repository and if found some new versions, will create new MRs.
You can find the integration with the rest of the supported platforms here: https://docs.renovatebot.com/modules/platform/
Custom configuration examples:
By default Renovate is not scanning Kubernetes manifest files. We can include them by updating the renovate.json file by adding:
"kubernetes": {
"fileMatch": ["\\.yaml$"]
}If we want to make renovate to scan for changes once per week, on Sunday, we should add:
"packageRules": [
{
"matchPackageNames": ["*"],
"schedule": ["on sunday"]
}
]By default, renovate will not merge the MRs automatically. Of course, we probably would leave the major updates to be reviewed first by human. So you could configure it to automerge all but major version this way:
{
"packageRules": [
{
"matchUpdateTypes": ["minor", "patch", "pin", "digest"],
"automerge": true
}
]
}You can see below an example of Renovate MR which automatically found a new version of Prometheus docker tag:
You can find all configuration options in the Renovate Docs section https://docs.renovatebot.com/configuration-options
It could be used also for updating dependencies in you repositories. For example, if you have a repository that depends on some library and you want when ever a new version is released, your repository automatically to get a version bump of that library:
...
"matchPackageNames": ["my-private-library"],
….
as soon as there are new versions in “my-private-library” this will be shown in you on-boarded repositories automatically by renovate by creating a new pull request with changes, if it is package manager it will also generate the lock files for your language.
Conclusion
Renovate is a great tool which could save us a lot of manual work. As DevOps, we can use it for updating Helm charts, Docker image tags, Terraform providers, Kubernetes manifests and many more.