• Stars
    star
    112
  • Rank 312,240 (Top 7 %)
  • Language
    Dockerfile
  • License
    MIT License
  • Created over 2 years ago
  • Updated 10 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Renovate Bot Tutorial source

Renovate - Hands On Tutorial

Introduction

Welcome to the Renovate hands-on tutorial.

This tutorial is based on the Mend Renovate App. You can also run Renovate as a CLI tool or a self-hosted application.

Note Although this tutorial is based on the Mend Renovate App, the concepts discussed apply to all environments.

In this tutorial, you will learn how to configure Renovate and become familiar with some of the basic features.

What you will learn:

  1. Installation
  2. Onboarding
  3. Getting to know Renovateā€™s update PRs
  4. Dependency Dashboard

We will begin this tutorial with configuring and installing the Mend Renovate App and an overview of the default settings and basic functionalities.

Later, we will dive deeper into functional use-cases, advanced features, and best practices so you'll know how to leverage Renovate to its fullest.

Part 1 - Installation

Letā€™s start by forking the tutorial repo to your account, installing the Mend Renovate App, and configuring it to your repo.

  1. Make sure you are logged in to GitHub.com
  2. Fork this repository. The tutorial instructions will be based on its contents.
  3. The following instructions are directed at those that donā€™t have the Mend Renovate App installed:
  4. If you do have the Mend Renovate App installed:
  5. You will reach an installation configuration page where you are asked to configure Repository Access.

Note for existing users, installation configuration appears at the bottom of the page.

  • Mark Only select repositories and make sure to select the forked RenovateTutorial repo

    Note each selected repo gets an onboarding PR.

    If you select All repositories, forked repos will be skipped by default (including RenovateTutorial).

  • Click on Install (ā€œSaveā€ for existing users)

configuration page

For new installs:

  • You will be redirected to our ā€œThank you for installing Renovateā€ page while we are setting up your account.

image

  • After a few seconds, you will be automatically redirected to the Mend's developer portal where you can sign in and view the Renovate logs. We recommend saving this link for future use.
sign in page

Congratulations! You have successfully installed Renovate to your account. šŸŽˆ

Part 2 - Onboarding

Now you have installed the Mend Renovate App, we can begin onboarding.

Letā€™s review the concepts of the Onboarding PR and learn about Renovateā€™s initial settings.

Note For your convenience, Renovate will not make any changes to your repo or raise PRs until after you finish onboarding.

  • Upon installing Renovate, an onboarding PR will be automatically generated.
  • This PR is there to help you understand Renovate and its default settings before Renovate starts running on your repository.
  • The Onboarding PR creates a configuration file called renovate.json, which contains Renovateā€™s default settings and can be modified during onboarding.

Letā€™s review the onboarding PR:

  1. Navigate to the Pull Requests section in GitHub, and open the newly generated PR - Configure Renovate

onboarding PR

onboarding content

The onboarding PR contains:

  • Detected Package Files - All package files detected by Renovate in your code.
  • Configuration Summary - The default configuration settings that will be applied.
  • What to Expect - The dependency update PRs that Renovate is about to automatically create.
  • The link to Renovateā€™s official documentation.
  • The link to review jobs logs in the Renovate dashboard.

Note Renovate will not create dependency update PRs until the onboarding PR will be merged.

These are some of the default configurations of Renovate:

  • Enables creation of the ā€œDependency Dashboardā€ - a dashboard that shows an overview of the state of your repositories' dependencies.
  • PRs will be created at a rate of 2 PRs per hour.
  • The limit of simultaneous open Renovate PRs is set to 10.
  • Renovate automatically groups known monorepo packages to a single PR (example can be seen in the date-io PR under the what to expect section).

Renovate offers the ability to change configurations before merging the onboarding PR as well as preview the results of these changes. At this point, Renovate has created a branch called renovate/configure which contains the renovate.json configuration file. By default, Renovate limits branch creation to 2 per hour:

onboarding warning hourly

Example

As a user, despite Renovateā€™s suggestion to limit hourly PR creation to 2, we might want to increase the limit to a different number. Letā€™s try changing this hourly limitation to 3:

  1. Go to the newly created branch - renovate/configure:

new branch

  1. Go into the renovate.json file:

image

  1. Add the following code segment:
{
  "prHourlyLimit": 3
}

change in config 1

  1. Commit the changes
  2. Revisit the onboarding PR and notice how the onboarding PR automatically updates to reflect the changes you made to the configuration

onboarding warning hourly update

Note May take a few moments to update.

  1. Merge the onboarding pull request.

Congratulations! You have successfully onboarded Renovate. šŸŽˆ

Part 3 - Getting to know Renovateā€™s update PRs

Now that you have merged the onboarding PR, Renovate will generate Update PRs to the most recent dependency version based on your configuration.

Note PRs may take a couple of minutes to appear

Here we will review the basic concepts of Renovate update PRs and merge it.

  • By default, Renovate will create up to 2 update PRs per hour. However, if you completed the onboarding section of this tutorial, Renovate will now create 3 PRs.
  • You should already see notifications for these pull requests in the Pull Requests section of the repo.

Letā€™s go ahead and take a look at a Renovate update PR:

  1. Navigate to the Pull requests section and open - Update dependency lodash to x.y.z

open PRs

Each update PR contains:

  • Dependency information (name and version changes)
  • Merge Confidence values
  • Up-to-date release notes
  • Renovate configuration-related info
  • Option to rebase PR
  • Link to view Renovate logs

image

  • Renovateā€™s update PRs will update the relevant dependency across your entire repo. In our RenovateTutorial repo, this will be both the package.json file and the package-lock.json file:

file diff lodash

  1. Merge this pull request

Note Renovate is highly configurable and supports:

  • On-demand PR creation.
  • Automatic merging of PRs.
  • Settings for specific dependencies/package managers.
  • Scheduling.
  • Grouping.

All the above and more will be discussed in future parts of the tutorial.

Congratulations! You have now updated your first dependency with Renovate. šŸŽˆ

Part 4 - Dependency Dashboard

Renovateā€™s Dependency Dashboard is a GitHub Issue that enables you to manage and monitor Renovateā€™s activity in your repo. In this section, we will go over some of its main functionalities and capabilities.

Letā€™s begin by creating and enabling the Dependency Dashboard. Since GitHub defaults to disable issues on forked repositories, we need to enable it on the forked RenovateTutorial repo:

  1. Go to the main page of the repo
  2. Go to settings -> general
  3. Check the issues checkbox under the Features section:

issues settings

  • In order for the Dependency Dashboard to become available, we will need to re-run Renovate by triggering a webhook (for example, closing an update PR).

Note This is usually done in a click via the Dependency Dashboard.

  1. Go to the Pull requests section
  2. Select Update dependency php to v8.1 and select Close pull request

close php

  1. This will trigger Renovate to run and the Dependency Dashboard will appear under the Issues section - navigate to it

Note It may take a minute to appear.

The Dependency Dashboard includes:

  • Overview of all updates that are still to-do:

    • Open PRs
    • Rate Limited - PRs blocked by rate limit setting and will be opened based on preferences.
    • Pending Approval - PRs that require manual triggering based on configurations.
    • Awaiting Schedule - PRs creation blocked by Renovate scheduling settings.
    • Pending Status Checks - updates that await pending status checks in order to be created.
  • Visibility into rejected/deferred updates.

  • List of all the detected dependencies and package managers in your repository.

Screen Shot 2022-07-14 at 14 05 40

Users can manually trigger the creation of dependency updates directly from the dashboard.

You can also re-run Renovate manually from the Dependency Dashboard by enabling the ā€œCheck this box to trigger a request Renovate to run again on this repositoryā€ option:

rerun renovate

Letā€™s dive into one of the Dependency Dashboard capabilities - the Pending Approval feature.

Say we want to take extra measures before updating major versions of a package (either to reduce noise or to handle it more carefully). Renovate offers an option to prevent automatic creation of major version update PRs and create such PRs only upon manual request from the Dependency Dashboard.

In the Dependency Dashboard, under the Rate Limited section, the Update dependency commander to vX is waiting to be created.

Note Based on the previously set prHourlyLimit configuration, 3 PRs per hour in our case, this PR will be created within an hour.

commander in Rate Limited

Since we decided that we want to handle it manually, we will edit configurations and see how the Dependency Dashboard is affected by this change.

In order to limit all major updates to on-demand creation:

  1. Add this code segment to your renovate.json file:
"packageRules": [
    {
      "matchUpdateTypes": ["major"],
      "dependencyDashboardApproval": true
    }
  ]

change in config - pending approval

  1. Commit the changes

Note Changing the renovate.json configuration file is a webhook that triggers Renovate to re-run.

  1. Now go back to the Dependency Dashboard in the Issues section

  2. As you can see, commander major update PR now appears under the Pending Approval section and will not be opened unless manually triggered

    Note it may take a minute to complete Renovate's run

commander in pending approval

  1. You can now decide to manually open this PR by checking the box next to it
  2. Navigate to the Pull requests section to review the generated PR and merge it to the repo.

Congratulations! You are now familiar with Renovateā€™s Dependency Dashboard. šŸŽˆ

What you learned:

  • How to install Renovate
  • Onboarding Renovate by reviewing, configuring, and merging the onboarding PR
  • How to update a dependency with Renovate
  • How to utilize the Dependency Dashboard

General Comments:

  • Granting access to all repositories or change repo selections can be modified at any time on the the Mend Renovate App GitHub page.
  • Renovate configuration can be modified by manual configurations, global organization configurations and existing Renovate presets.

Congratulations!

You have successfully completed Renovateā€™s hands-on tutorial and have taken your first steps to automate dependency updates in your projects. Now, it's time to configure Renovate on the rest of your repositories and let Renovate manage your dependencies' health.

Upcoming Tutorials:

We're working on more advanced Renovate tutorials and will post updates when we publish new tutorials.

Whatā€™s coming next:

  • Merge confidence
  • Auto Merge
  • Labeling
  • Grouping
  • Schedule
  • Package Rules
  • GitHub Actions
  • PR Assignees and PR reviewers
  • Regex Managers

More Repositories

1

renovate

Home of the Renovate CLI: Cross-platform Dependency Automation by Mend.io
TypeScript
17,549
star
2

github-action

TypeScript
265
star
3

helm-charts

Mustache
101
star
4

docker-renovate

Renovate docker slim image
Dockerfile
74
star
5

presets

JavaScript
48
star
6

renovatebot.github.io

Auto-generating docs repository for Renovate Bot
TypeScript
43
star
7

renovate-approve-bot

JavaScript
42
star
8

docker-renovate-full

Repo for building the renovate/renovate:full image
Dockerfile
38
star
9

pre-commit-hooks

Pre-commit hooks for Renovate
29
star
10

config-help

Please use the Discussions feature of https://github.com/renovatebot/renovate instead
27
star
11

pep440

JavaScript
17
star
12

osv-offline

A collection of packages for using GitHub security advisories in Node.js.
TypeScript
12
star
13

renovate-approve-bot-bitbucket-cloud

renovate-approve-bot - Bitbucket Cloud Edition
JavaScript
12
star
14

.github

11
star
15

azure-devops-marketplace

Script to generate the renovate-bot config file for Azure DevOps Marketplace
PowerShell
8
star
16

auto-cancel-actions

Github App to auto-cancel previous github actions
TypeScript
6
star
17

ruby-semver

TypeScript
3
star
18

docker-cocoapods

Dockerfile
3
star
19

docker-buildpack

Dockerfile
3
star
20

eslint-plugin

Custom linting rules for Renovate project
JavaScript
3
star
21

docs.renovatebot.com

Source files to building Renovate's online docs site
JavaScript
3
star
22

base-image

Dockerfile
2
star
23

docker-go

Dockerfile
2
star
24

minimal-reproduction-template

Template repository for a minimal reproduction for Renovate bot.
2
star
25

detect-tools

TypeScript
1
star
26

docker-ruby

Dockerfile
1
star
27

docker-node

Dockerfile
1
star
28

node-schedule

This repository contains utilities that Renovate bot will use later on to work with the upstream Node.js schedule.
TypeScript
1
star
29

docker-yarn

Docker image for Yarn
Dockerfile
1
star
30

docker-rust

Dockerfile
1
star
31

docker-dotnet

Dockerfile
1
star
32

.allstar

1
star
33

python

prebuild python releases
Dockerfile
1
star
34

parser-utils

Programming languages semi-parser
TypeScript
1
star