Consider Renovate an automation for dependencies upgrade, that creates Merge Requests in your project.
These are the steps I followed to enable it a the project, within Gitlab pipeline.
- Create Gitlab Token (Project or Personal, it will set the creator of your Merge Requests) for Renovate to have access to you repository
- Add the Gitlab Token to the Env variables of the project, to allow the token to be provided to the pipeline in the
gitlab-ci.ymlfile - Create a configuration file renovate.json in the root folder of your project as the following, this is an example for npm package manager, check the suitable for your type of project.
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"commitMessageExtra": "from {{currentVersion}} to {{newVersion}}",
"commitMessagePrefix": "Upgraded",
"commitMessageTopic": "{{depName}}",
"enabledManagers": ["npm"],
"minimumReleaseAge": "3 days",
"packageFiles": ["package.json"],
"packageRules": [
{
"addLabels": ["libs"],
"automerge": false,
"commitMessageAction": "patch for",
"matchUpdateTypes": ["patch"]
},
{
"addLabels": ["libs"],
"automerge": false,
"commitMessageAction": "minor for",
"matchUpdateTypes": ["minor"]
},
{
"addLabels": ["libs"],
"automerge": false,
"commitMessageAction": "major for",
"matchUpdateTypes": ["major"]
}
],
"prBodyColumns": ["Package", "Package file", "Type", "Update", "Change", "Pending", "References"],
"prConcurrentLimit": 10,
"prHourlyLimit": 3,
"reviewersFromCodeOwners": true,
"timezone": "Europe/Amsterdam"
}
For more information https://docs.renovatebot.com/configuration-options/
- Configure renovate in the
gitlab-ci.ymlfile, this is an example setting up a scheduled and manual trigger.
stages:
- renovate
variables:
RENOVATE_BASE_DIR: .
RENOVATE_ENDPOINT: $CI_API_V4_URL
RENOVATE_PLATFORM: gitlab
RENOVATE_TOKEN: $GITLAB_PROJECT_RENOVATE_TOKEN
RENOVATE_GIT_AUTHOR: "Renovate Bot <bot@renovateapp.com>"
LOG_FILE: renovate-log.ndjson
LOG_FILE_LEVEL: debug
RENOVATE_REPOSITORIES: "$CI_PROJECT_PATH"
RENOVATE_AUTODISCOVER: false
renovate:
image:
name: ghcr.io/renovatebot/renovate:39
pull_policy: always
script:
- renovate $RENOVATE_EXTRA_FLAGS
stage: renovate
resource_group: production
rules:
- if: $CI_PIPELINE_SOURCE == "schedule" && $RENOVATE_JOB == "1"
when: always
- if: $CI_PIPELINE_SOURCE == "web" && $RENOVATE_JOB == "1"
when: manual
artifacts:
when: always
expire_in: 3d
paths:
- '$LOG_FILE'
- Create a scheduled pipeline in through the section Build → Pipeline schedules menu, setting up a variable
RENOVATE_JOBto allow just this pipeline to be triggered.
Notes
Every year the GitLab token expires, so it is required to generate a new one and reset it in the project Env variables.
This example renovate.json can be suitable for nodejs projects, check how to replace these two fields for other type of project,
"enabledManagers": ["npm"],
"packageFiles": ["package.json"],
depending on the type of module package.
To ignore dependencies use this field:
"ignoreDeps": ["react"]
To ignore certain type of versions use this field:
"packageRules": [{
"matchUpdateTypes": ["major"],
"enabled": false
}]
Good automations.
Top comments (0)