Hello there and Happy Halloween 🎃🎃🎃.

Wether you are a DevOps Engineer, Platform Engineer, or SRE, you might know Renovate — an automated dependency update tool.

It helps keep your infrastructure up to date without almost manual intervention. In this post, I’ll show how Renovate can be extended to make the most of it. While the examples focus on cloud infrastructure and DevOps, the same approach can be applied by developers who want to keep their code packages and libraries up to date.

How Renovate works?

There are many ways to use it. You can run it as a Github Action, you can self-host your own Renovate server or you can do what majority do which is install the Renovate App in your version control system, let’s say GitHub and then allow Renovate access to the repositories you want to enable it.

Once is installed, you can create a JSON file in your repository with any of the following filenames where you will store the Renovate configuration:

1. renovate.json

2. renovate.json5

3. .github/renovate.json

4. .github/renovate.json5

5. .gitlab/renovate.json

6. .gitlab/renovate.json5

7. .renovaterc

8. .renovaterc.json

9. .renovaterc.json5

10. package.json (within a “renovate” section)

Renovate bot will pickup the configuration and act accordingly.

When it comes to the configuration and starting with Renovate, it is recommended to use one of the presets. These presets contains best practices recommended by Renovate maintainers. One of the most popular presets is “config:recommended” which basically encapsulate the following configuration:

Find more about presets here. I encourage you to get familiar with them.

Another important part of the configuration is the schedule cadence. Scheduling allows you to define when you want to Renovate to scan your repository and create Pull Requests. There are infinite use cases and it depends on each team but the most commons are:

• Run Renovate outside office hours, to free up continuous integration resources for your developers.

• Get updates for certain packages on a regular interval, instead of right away.

• Reduce Renovate bot PR notifications during the day.

You can customize the scheduler with a specific timezone and the schedule cadence. For instance you can have Renovate to run every 2 Tuesdays with the following configuration:

“schedule”: [

“on the 1st and 3rd day instance on Tuesday”

]

This tool is fully customizable. For instance you can configure when to update specific dependencies. Take a look the scheduling documentation.

Below you can see a diagram with the overview of how Renovate is configured and how it works as a Github App.

Features

Renovate can provide updates for most popular languages, platforms, and registries including: npm, Java, Python, .NET, Scala, Ruby, Go, Docker and more. Supports over 90 different package managers.

Renovate updates code repositories on the following platforms: GitHub, GitLab, Bitbucket, Azure DevOps, AWS Code Commit, Gitea, Forgejo, Gerrit (experimental)

In a nutshell what Renovate does:

• Delivers update PRs directly to your repo

  • Relevant package files are discovered automatically

  • Pull Requests automatically generated in your repo

• Provides useful information to help you decide which updates to accept (age, adoption, pass rates, merge confidence)

• Highly configurable and flexible to fit in with your needs and repository standards

• Largest collection of languages and platforms (listed below)

• Connects with private repositories and package registries

Tips and how to extend Renovate

Finally I would like to provide my 5 cents on how I have extended this great tool and some tweaks that have worked for me.

• Use a central repository to define a configuration for a group of repositories. For instance define all the configurations related to Terraform modules in a central repository. It will save you time and a lot of Pull Requests, believe me, specially when you manage a high number of Terraform modules inside your organization.

• Use automerge when makes sense. When renovate runs it will open a huge list of Pull Requests (PRs). One way to reduce this “spam“ of PRs is to enable automerge for packages with a minor version upgrade or when the change is in lower environments (not production).

• When you manage modules inside your organization and you use Github Releases. Renovate will create PRs on those repositories that consume those modules. You can see how it is fully automated by default 🙂.

• Once Renovate is enabled, you can also access the UI provided by Mend.io to see the runs and have a more detailed view of what it is doing. You just need to go to

  https://developer.mend.io/ and login with your Version Control account, let’s say Github.

• Additionally you can download the CLI and run it locally for troubleshooting, for instance using the —dry-run flag.

renovate --dry-run

Enjoy it 🎃 !

Share