Welcome to the Renovate hands-on tutorial.
This tutorial is based on the Mend Renovate App. You can also run Renovate as a CLI tool or a self-hosted application.
Note Although this tutorial is based on the Mend Renovate App, the concepts discussed apply to all environments.
In this tutorial, you will learn how to configure Renovate and become familiar with some of the basic features.
What you will learn:
- Installation
- Onboarding
- Getting to know Renovateās update PRs
- Dependency Dashboard
We will begin this tutorial with configuring and installing the Mend Renovate App and an overview of the default settings and basic functionalities.
Later, we will dive deeper into functional use-cases, advanced features, and best practices
so you'll know how to leverage Renovate to its fullest.
Letās start by forking the tutorial repo to your account, installing the Mend Renovate App, and configuring it to your repo.
- Make sure you are logged in to GitHub.com
- Fork this repository. The tutorial instructions will be based on its contents.
- The following instructions are directed at those that donāt have the Mend Renovate App installed:
- Install the Mend Renovate App to your account by navigating to the the Mend Renovate App installation page and select Install:
- If you do have the Mend Renovate App installed:
- navigate to the Mend Renovate App and select configure:
- You will reach an installation configuration page where you are asked to configure Repository Access.
Note for existing users, installation configuration appears at the bottom of the page.
-
Mark
Only select repositories
and make sure to select the forked RenovateTutorial repoNote each selected repo gets an onboarding PR.
If you select
All repositories
, forked repos will be skipped by default (including RenovateTutorial). -
Click on
Install
(āSaveā for existing users)
For new installs:
- You will be redirected to our āThank you for installing Renovateā page while we are setting up your account.
- After a few seconds, you will be automatically redirected to the Mend's developer portal where you can sign in and view the Renovate logs. We recommend saving this link for future use.
Congratulations! You have successfully installed Renovate to your account. š
Now you have installed the Mend Renovate App, we can begin onboarding.
Letās review the concepts of the Onboarding PR and learn about Renovateās initial settings.
Note For your convenience, Renovate will not make any changes to your repo or raise PRs until after you finish onboarding.
- Upon installing Renovate, an onboarding PR will be automatically generated.
- This PR is there to help you understand Renovate and its default settings before Renovate starts running on your repository.
- The Onboarding PR creates a configuration file called
renovate.json
, which contains Renovateās default settings and can be modified during onboarding.
Letās review the onboarding PR:
- Navigate to the
Pull Requests
section in GitHub, and open the newly generated PR -Configure Renovate
- Detected Package Files - All package files detected by Renovate in your code.
- Configuration Summary - The default configuration settings that will be applied.
- What to Expect - The dependency update PRs that Renovate is about to automatically create.
- The link to Renovateās official documentation.
- The link to review jobs logs in the Renovate dashboard.
Note Renovate will not create dependency update PRs until the onboarding PR will be merged.
- Enables creation of the āDependency Dashboardā - a dashboard that shows an overview of the state of your repositories' dependencies.
- PRs will be created at a rate of 2 PRs per hour.
- The limit of simultaneous open Renovate PRs is set to 10.
- Renovate automatically groups known monorepo packages to a single PR (example can be seen in the
date-io
PR under the what to expect section).
Renovate offers the ability to change configurations before merging the onboarding PR as well as preview the results of these changes.
At this point, Renovate has created a branch called renovate/configure which contains the renovate.json
configuration file.
By default, Renovate limits branch creation to 2 per hour:
Example
As a user, despite Renovateās suggestion to limit hourly PR creation to 2, we might want to increase the limit to a different number. Letās try changing this hourly limitation to 3:
- Go to the newly created branch -
renovate/configure
:
- Go into the
renovate.json
file:
- Add the following code segment:
{
"prHourlyLimit": 3
}
- Commit the changes
- Revisit the onboarding PR and notice how the onboarding PR automatically updates to reflect the changes you made to the configuration
Note May take a few moments to update.
- Merge the onboarding pull request.
Congratulations! You have successfully onboarded Renovate. š
Now that you have merged the onboarding PR, Renovate will generate Update PRs to the most recent dependency version based on your configuration.
Note PRs may take a couple of minutes to appear
Here we will review the basic concepts of Renovate update PRs and merge it.
- By default, Renovate will create up to 2 update PRs per hour. However, if you completed the onboarding section of this tutorial, Renovate will now create 3 PRs.
- You should already see notifications for these pull requests in the
Pull Requests
section of the repo.
Letās go ahead and take a look at a Renovate update PR:
- Navigate to the
Pull requests
section and open -Update dependency lodash to x.y.z
- Dependency information (name and version changes)
- Merge Confidence values
- Up-to-date release notes
- Renovate configuration-related info
- Option to rebase PR
- Link to view Renovate logs
- Renovateās update PRs will update the relevant dependency across your entire repo. In our RenovateTutorial repo, this will be both the
package.json
file and thepackage-lock.json
file:
- Merge this pull request
Note Renovate is highly configurable and supports:
- On-demand PR creation.
- Automatic merging of PRs.
- Settings for specific dependencies/package managers.
- Scheduling.
- Grouping.
All the above and more will be discussed in future parts of the tutorial.
Congratulations! You have now updated your first dependency with Renovate. š
Renovateās Dependency Dashboard is a GitHub Issue that enables you to manage and monitor Renovateās activity in your repo. In this section, we will go over some of its main functionalities and capabilities.
Letās begin by creating and enabling the Dependency Dashboard.
Since GitHub defaults to disable issues
on forked repositories, we need to enable it on the forked RenovateTutorial repo:
- Go to the main page of the repo
- Go to
settings
->general
- Check the
issues
checkbox under the Features section:
- In order for the Dependency Dashboard to become available, we will need to re-run Renovate by triggering a webhook (for example, closing an update PR).
Note This is usually done in a click via the Dependency Dashboard.
- Go to the
Pull requests
section - Select
Update dependency php to v8.1
and selectClose pull request
- This will trigger Renovate to run and the Dependency Dashboard will appear under the
Issues
section - navigate to it
Note It may take a minute to appear.
-
Overview of all updates that are still to-do:
- Open PRs
- Rate Limited - PRs blocked by rate limit setting and will be opened based on preferences.
- Pending Approval - PRs that require manual triggering based on configurations.
- Awaiting Schedule - PRs creation blocked by Renovate scheduling settings.
- Pending Status Checks - updates that await pending status checks in order to be created.
-
Visibility into rejected/deferred updates.
-
List of all the detected dependencies and package managers in your repository.
Users can manually trigger the creation of dependency updates directly from the dashboard.
You can also re-run Renovate manually from the Dependency Dashboard by enabling the āCheck this box to trigger a request Renovate to run again on this repositoryā option:
Letās dive into one of the Dependency Dashboard capabilities - the Pending Approval feature.
Say we want to take extra measures before updating major versions of a package (either to reduce noise or to handle it more carefully). Renovate offers an option to prevent automatic creation of major version update PRs and create such PRs only upon manual request from the Dependency Dashboard.
In the Dependency Dashboard, under the Rate Limited
section, the Update dependency commander to vX
is waiting to be created.
Note Based on the previously set
prHourlyLimit
configuration, 3 PRs per hour in our case, this PR will be created within an hour.
Since we decided that we want to handle it manually, we will edit configurations and see how the Dependency Dashboard is affected by this change.
In order to limit all major
updates to on-demand creation:
- Add this code segment to your
renovate.json
file:
"packageRules": [
{
"matchUpdateTypes": ["major"],
"dependencyDashboardApproval": true
}
]
- Commit the changes
Note Changing the
renovate.json
configuration file is a webhook that triggers Renovate to re-run.
-
Now go back to the Dependency Dashboard in the Issues section
-
As you can see,
commander
major update PR now appears under the Pending Approval section and will not be opened unless manually triggeredNote it may take a minute to complete Renovate's run
- You can now decide to manually open this PR by checking the box next to it
- Navigate to the
Pull requests
section to review the generated PR and merge it to the repo.
Congratulations! You are now familiar with Renovateās Dependency Dashboard. š
- How to install Renovate
- Onboarding Renovate by reviewing, configuring, and merging the onboarding PR
- How to update a dependency with Renovate
- How to utilize the Dependency Dashboard
- Granting access to all repositories or change repo selections can be modified at any time on the the Mend Renovate App GitHub page.
- Renovate configuration can be modified by manual configurations, global organization configurations and existing Renovate presets.
You have successfully completed Renovateās hands-on tutorial and have taken your first steps to automate dependency updates in your projects. Now, it's time to configure Renovate on the rest of your repositories and let Renovate manage your dependencies' health.
We're working on more advanced Renovate tutorials and will post updates when we publish new tutorials.
Whatās coming next:
- Merge confidence
- Auto Merge
- Labeling
- Grouping
- Schedule
- Package Rules
- GitHub Actions
- PR Assignees and PR reviewers
- Regex Managers