Renovate in Gitlab pipeline

Consider Renovate an automation for dependencies upgrade, that creates Merge Requests in your project.

These are the steps I followed to enable it a the project, within Gitlab pipeline.

• Create Gitlab Token (Project or Personal, it will set the creator of your Merge Requests) for Renovate to have access to you repository
• Add the Gitlab Token to the Env variables of the project, to allow the token to be provided to the pipeline in the gitlab-ci.yml file
• Create a configuration file renovate.json in the root folder of your project as the following, this is an example for npm package manager, check the suitable for your type of project.

{
    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
    "commitMessageExtra": "from {{currentVersion}} to {{newVersion}}",
    "commitMessagePrefix": "Upgraded",
    "commitMessageTopic": "{{depName}}",
    "enabledManagers": ["npm"],
    "minimumReleaseAge": "3 days",
    "packageFiles": ["package.json"],
    "packageRules": [
        {
            "addLabels": ["libs"],
            "automerge": false,
            "commitMessageAction": "patch for",
            "matchUpdateTypes": ["patch"]
        },
        {
            "addLabels": ["libs"],
            "automerge": false,
            "commitMessageAction": "minor for",
            "matchUpdateTypes": ["minor"]
        },
        {
            "addLabels": ["libs"],
            "automerge": false,
            "commitMessageAction": "major for",
            "matchUpdateTypes": ["major"]
        }
    ],
    "prBodyColumns": ["Package", "Package file", "Type", "Update", "Change", "Pending", "References"],
    "prConcurrentLimit": 10,
    "prHourlyLimit": 3,
    "reviewersFromCodeOwners": true,
    "timezone": "Europe/Amsterdam"
}

For more information https://docs.renovatebot.com/configuration-options/

• Configure renovate in the gitlab-ci.yml file, this is an example setting up a scheduled and manual trigger.

stages:
  - renovate

variables:
  RENOVATE_BASE_DIR: .
  RENOVATE_ENDPOINT: $CI_API_V4_URL
  RENOVATE_PLATFORM: gitlab
  RENOVATE_TOKEN: $GITLAB_PROJECT_RENOVATE_TOKEN
  RENOVATE_GIT_AUTHOR: "Renovate Bot <bot@renovateapp.com>"
  LOG_FILE: renovate-log.ndjson
  LOG_FILE_LEVEL: debug
  RENOVATE_REPOSITORIES: "$CI_PROJECT_PATH"
  RENOVATE_AUTODISCOVER: false

renovate:
  image:
    name: ghcr.io/renovatebot/renovate:39
    pull_policy: always
  script:
    - renovate $RENOVATE_EXTRA_FLAGS
  stage: renovate
  resource_group: production
  rules:
    - if: $CI_PIPELINE_SOURCE == "schedule" && $RENOVATE_JOB == "1"
      when: always
    - if: $CI_PIPELINE_SOURCE == "web" && $RENOVATE_JOB == "1"
      when: manual
  artifacts:
    when: always
    expire_in: 3d
    paths:
      - '$LOG_FILE'

• Create a scheduled pipeline in through the section Build → Pipeline schedules menu, setting up a variable RENOVATE_JOB to allow just this pipeline to be triggered.

Notes

Every year the GitLab token expires, so it is required to generate a new one and reset it in the project Env variables.

This example renovate.json can be suitable for nodejs projects, check how to replace these two fields for other type of project,

    "enabledManagers": ["npm"],
    "packageFiles": ["package.json"],

depending on the type of module package.

To ignore dependencies use this field:

    "ignoreDeps": ["react"]

To ignore certain type of versions use this field:

    "packageRules": [{
      "matchUpdateTypes": ["major"],
      "enabled": false
    }]

Good automations.