Child pages
  • Renovate bot (version 25.56.7)
Skip to end of metadata
Go to start of metadata

The renovate bot can be found here: https://github.com/renovatebot/

The bot will analyze the given repo you gave and automatically update the dependencies(maven, npm, etc..)

Step-by-step guide for dev

Renovate can run on Docker. This is called self-hosted in Renovate documentation.
A simple docker pull renovate/renovate to get the latest available version.

  1. Configure a token in GitHub (requires a Github account)

    Renovate need a personnal token in GitHub to fetch the release notes.
    Create a personal access token for the bot account (select "repo" permissions):
    Follow the guide: https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token

    Save the token for step 4.

  2. Configure a token in stash

    Go to your account > Personal Access token > Create a token
    - Tokenname: renovatebot
    - Permissions: Read project / Write repo. (For a fist try to can set it to read/read) to debug your config.

    Save the token for step 4.

  3. Create a file into your repo renovate.json (Optional - for bot installation on original repo only)
    {

      "$schema": "https://docs.renovatebot.com/renovate-schema.json",
    "extends": [
      "config:base"
    ],
      "prConcurrentLimit": 5

    }

    Then push this file to your repo. This will 'activate' the next renovate run on the selected repository.
    Otherwise, you will face the debug note: config file not found or Repository is disabled. And renovate will not create any PRs.

    OR

    You can bypass this step by adding the two following parameters to your configuration:

    "onboarding": false,
    "requireConfig": false


    See: - https://docs.renovatebot.com/self-hosted-configuration/#requireconfig
             - https://docs.renovatebot.com/self-hosted-configuration/#onboarding


  4. Configure your renovate.json 

    Don't forget to update the following document with YOUR repository(fork) name and to adapt the configuration according to your needs.


    https://docs.renovatebot.com/self-hosted-configuration/

    Do NOT forget to remove comments in the file below (smile) for a valid JSON file

    {
    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
    "extends": [
    "config:base"
    ],
    "endpoint": "https://stash.forgerock.org/",
    "repositories": [
    "~violette/openig-renovate"
    ],
    "platform": "bitbucket-server",
    "prConcurrentLimit": 5,
    "branchConcurrentLimit": 5,
    "prBodyColumns": [
    "Package",
    "Update",
    "New value",
    "Package file",
    "References"
    ],
    "enabledManagers": [
    "maven"
    ],
    "packageRules": [
    {
    "enabled": false,
    "matchPackagePatterns": [ // This is to manage package exclusion
    "javax.servlet"
    ]
    },
    {
    "registryUrls": [
    "https://repo.maven.apache.org/maven2/"
    ],
    "automerge": false,
    "matchManagers": [
    "maven"
    ]
    },
    {
    "matchPaths": [ // redundant with the enabledManagers in IG case - given as example - package exclusion for UI in this case
    "openig-ui/**"
    ],
    "automerge": false,
    "enabled": false
    }
    ],
    "automerge": false,
    "autodiscover": false,
    "includeForks": true,
    "onboarding": false,
    "requireConfig": false
    }


  5. Run the self-hosted configuration

    Run the following docker command:


    docker run
    docker run --rm -it -v $PWD/renovate.json:/usr/src/app/config.json -e RENOVATE_USERNAME='<STASH USERNAME>' -e RENOVATE_PASSWORD='<STASH_TOKEN>' -e GITHUB_COM_TOKEN='<GITHUB_TOKEN>' -e LOG_LEVEL=debug renovate/renovate


    Note the -e is used to set the environment variables, LOG_LEVEL=debug is optional.


    NOTE: Actually, the bot does not target original repository when opening PR. The branches and PRs are created in your fork. (Read this discussion: https://github.com/renovatebot/renovate/discussions/10936)
    A feature request has been added: https://github.com/renovatebot/renovate/issues/10938


(warning) NEVER use the autodiscover option. It will allow the bot to scan the whole project architecture and create PRs on all projects (warning)

Output:

If you complete successfully the above configuration, you should see on your screen DEBUG lines and the process should be launched. 

Check in the output that your configuration is used (debug mode only)

The process can be a bit long. After what, if you open your stash, you should see PR/branches created in your fork.

More:

  • Private maven repositories can be configured, this require to add hostRules with required authentication tokens.

Renovate bot security advisories

Check the link: https://github.com/renovatebot/renovate/security/advisories


See https://docs.renovatebot.com/configuration-options for more configuration options.

Source: https://github.com/renovatebot