Update Dependencies via Renovate
Since 11.6.0, OneDev added the ability to update project dependencies via Renovate. Let's go through procedures to set it up.
Request a Trial Subscription
Renovate integration requires a subscription to use. Switch to menu item Administration / Subscription Management, request a trial subscription key and install it into OneDev if you do not have a subscription yet:
Set Up Renovate Bot Account
-
We need to set up an account to be used by Renovate to create commits, issues and pull requests:
-
This account needs to be authorized with code write permission for all projects you want to update dependencies
-
Generate an access token to be used later in build spec
Configure Server URL
Make sure server url is configured correctly and can be reached from within docker container, as renovate cli needs to access this url from container.
Run Renovate via CI/CD Step
Set up build spec to update dependencies of specified projects via Renovate step. We created a demo project explaining this:
- The ci job is set up to test the project. It has a trigger defined in section params & triggers to run the job automatically when pull request is opened or updated
- The update dependencies job is set up to run Renovate to update dependencies:
- Step set up cache configures cache of the renovate step to speed up Renovate execution
- Step run renovate is configured to update dependencies of current project. In this step:
- Property project is left empty to refer to current project
- Property access token secret is specified as a job secret with value set to Renovate access token created previously
- Specify default field values for various issues created by Renovate
- In more settings of the step, property github access token secret is specified as a job secret with value set to any GitHub access token. With this, Renovate can retrieve release notes of new dependency versions (if source hosted on GitHub) into pull request body for review
- This job has a cron trigger defined to run at 1:00AM every night
Now run update dependencies job. Renovate will create on-board pull request in each specified project. Merge the on-board pull request and subsequent triggering of the update dependencies job will create pull requests to update dependencies.
Enable Renovate Auto Merge
It is recommended to enable auto merge for minor dependendies to reduce overheads of merging pull requests manually. To do it, update renovate.json (created via on-board pull request) of desired projects as below:
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:recommended"
],
"packageRules": [
{
"matchUpdateTypes": ["minor", "patch", "pin", "digest"],
"automerge": true
}
]
}
If you need to add this settings to multiple projects, it is suggested to use shareable presets to avoid duplication
We should also add a branch protection rule so that pull requests can only be merged when desired tests pass:
Explore the Renovate configuration to discover all the possibilities it offers. Thank you for reading!