Javarevisited
Published in

Javarevisited

Renovate: Dependency Management

My best friend to automate dependency updates.

Renovate Banner

I have been using Renovate for almost a year and it is one of the best open-source tools that I have used to automate dependency updates for my projects. There are other alternatives like Dependabot and Snyk. However, as my projects are self-hosted on GitLab (CE), I have chosen Renovate.

In this article, I will be sharing briefly about Renovate and how I used it for my project.

Intro

As shared above, Renovate is a free open-source tool to automate dependency updates for software projects. It can detect dependencies in a repository (open source and private/closed source). If it found any dependency updates, it will create a MR/PR (merge request/pull request) to update dependencies.

Screenshot of a MR (single) created by Renovate Bot
Screenshot of a MR (multiple) created by Renovate Bot

In the MR/PR, we can see the dependency that has update(s) (you may see a list also) and the release notes (this depends if it is available). I like this feature a lot, as it helps me to save a lot of time and I could just focus on testing my application.

Platforms Supported

Renovate supports multiple platforms.

GitHub (.com and Enterprise)

If you are not looking for a self-hosted Renovate, you can simply install the Renovate app. For more details, you can refer to this documentation.

GitLab (.com and CE/EE)

Only self-host option is available.

Bitbucket Cloud/Server

Only self-host option is available.

Azure DevOps

There are 2 options:

Gitea

Only self-host option is available

Languages

Renovate supports multiple languages:

Self-hosting Options

There are a few ways you can self-host Renovate.

npmjs

Install the renovate CLI tool from npmjs and run it on a schedule (e.g. GitLab scheduled pipeline).

Run: npm install -g renovate

Docker

Run the renovate/renovate Docker Hub image (same content/versions as the CLI tool) and run it on a schedule (e.g. GitLab scheduled pipeline). If you only use package managers that don’t need third-party binaries, you can just use the renovate/renovate:slim Docker Hub image.

## sample command to run renovate and docker run --rm -v "/path/to/your/config.js:/usr/src/app/config.js" renovate/renovate

Kubernetes

Renovate’s official Docker image is compatible with Kubernetes and you could use the Kubernetes CronJob to schedule a run. You may visit their documentation page for a sample.

CircleCI

If you are using CircleCI, you may use the third-party daniel-shuy/renovate orb to run a self-hosted instance of Renovate on CircleCI. You may visit their documentation page for more information.

GitLab CI/CD pipeline

For my project, I am using the recommended option, which is to use the renovate-runner. You will need the followings:

  • Create a new project to host the runner
  • Configure credentials using CI variables
  • Create a new main pipeline that includes this project’s template
  • Set up a schedule to run the pipeline

Config

Another advantage of using Renovate is that its configuration is customizable via configuration files (config as code).

Meme

For instance, I have been using the labels options to add my label (dependency-upgrade) to my MR in GitLab (by default, Renovate won’t add any labels to its MR/PR).

And there we have it. I hope you have found this useful. Thank you for reading. If you enjoyed this article, remember to follow me for more updates!

Stay tuned for more articles ✌️.

If you are not a Medium member yet and want to become one, click here.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Wei Kang

Wei Kang

Once a programmer, always a programmer