12 Tips to Self-host Renovate Bot

Sad Wall-E
Photograph by Arturo Esparza on Unsplash

Updating dependencies is boring. Regardless of its significance, we at all times discover excuses to keep away from updating them within the phrase of “if it ain’t broke, don’t repair it” or “there are extra essential options to work on”. Over time, the maintainability of the tasks deteriorates. The crew finally ends up with a 3-year-old dependency the place nobody is courageous sufficient to bump it.

So, what’s the answer? Let the robots do our boring job!

On this article, you’ll be taught tips about operating a self-hosted Renovate bot with GitLab for instance. In case you’re on the lookout for a information on begin utilizing Renovate on GitHub, I’d extremely suggest you to read this.


  • Why use Renovate
  • Getting began on self-hosted Renovate (GitLab for instance)
  • The way to run Renovate regionally
  • Debugging Renovate jobs
  • 12 helpful Renovate bot suggestions

Disclaimer: the following pointers are my very own opinions from classes gathered from hours of labor. Take pleasure in!

In brief, Renovate (official doc) helps to replace venture dependencies (non-public or third-party) mechanically.

How? Renovate parses our tasks’ dependency administration recordsdata akin to package deal.json, pyproject.toml, go.mod file and raises a pull/merge request (PR/MR) with the up to date dependencies accordingly.

Renovate is extremely customizable through a easy configuration file (config.js). With somewhat intuitive configuration settings, it additionally helps a wide range of package managers.

As we speak, Renovate helps many different Git platforms akin to Bitbucket, Gitea, and even Azure DevOps. On high of that, it’s used by a lot of popular development communities or companies akin to Uber, GitLab, Netlify, Apollo GraphQL, and so forth.


The very best half about Renovate is its means to auto-merge PRs/MRs.

That apart, the pliability offered by the packageRules feature which is used to use guidelines to particular dependencies (in particular person or group) is extremely helpful.

To run Renovate on self-hosted GitLab, you’ll want a non-public GitLab venture (i.e. repository within the following). This bot repository shall be used to host GitLab runners which run Renovate on your different tasks.

Subsequent, assuming that you have already got GitLab runners put in and arrange, you’ll want the next within the bot venture:

  1. Configure the next CI/CD variables:
  • RENOVATE_TOKEN — GitLab Personal Access Token (PAT) with scopes: read_user, api, and write_repository.
  • GITHUB_COM_TOKENGitHub PAT with minimal scope.

2. config.js (NOTE: right here’s a more complex example).

3. .gitlab-ci.yml. In case you want a extra complicated instance, take a look at this example from the GitLab team. In any other case, right here’s a minimal instance; do replace accordingly:

4. Lastly, you’ll have to run Renovate at common intervals (e.g. each hour) utilizing the GitLab venture’s CI/CD Schedules function. Do be aware that that is completely different from Renovate’s personal schedule.

Test the source for extra particulars. Although, the steps above ought to be adequate.

Whereas I used to be working with a big repository (>6GB for full clone), every Renovate job might take hours to finish. Being able to run Renovate regionally saves me a bunch of time in the case of experimentation and debugging.

First, create a minimum reproducible example (MRE) repository. Then, replace your config.js to focus on or uncover the MRE repository. To run Renovate regionally:

  1. It’s lots simpler to simply use Docker. So, be sure to’ve put in Docker.
  2. To start out, you’ll want to make sure that these surroundings variables are being exported in your shell:
export RENOVATE_TOKEN="aa11bb22cc" # GitLab Private Entry token (PAT)
export GITHUB_COM_TOKEN="cc33dd44ee" # GitHub PAT

3. Subsequent, replace your config.js accordingly. You’ll have to replace your goal repositories accordingly.

4. Lastly, you’ll be able to run Renovate utilizing the next. To seize the most recent Renovate model, take a look at Docker hub. Do change the next command accordingly:

docker run 
-e LOG_LEVEL="debug"
-v "/path/to/native/config.js:/usr/src/app/config.js"

With this, testing Renovate configuration in a fast-feedback loop method is now attainable. In case you want extra complete logs, strive setting LOG_LEVEL=”hint” as a substitute.

To carry out an precise run, replace --dry-run="false".

Common suggestions

  1. Unsure get probably the most out of Renovate shortly? Try this Renovate bot cheat sheet as a substitute of the verboseness of the official Renovate doc.
  2. In case you are uncertain whether or not Renovate helps a sure performance, at all times take a look at their FAQ web page first. Chances are high it’s already there.
  3. To disable updates for a particular package deal or library merely set enabled: false below the respective packageRule. Instance:

4. Have to run some customized activity or script after upgrading (e.g. a script that posts messages to Slack)? Try postUpgradeTasks.

5. Preserve project-specific Renovate configs on the bot repository as a substitute of getting renovate.json in each different repository. For this, set onboarding: false below module.exports. This permits for Renovate-related configs to be abstracted away to a single repository solely.

Tips about debugging Renovate jobs

Relating to self-hosted options, there’s no operating away from debugging your individual jobs. There might be situations the place you’ll want to check connections to your non-public registry, proxy, and so forth.

Listed below are a few useful suggestions:

  1. Strive operating Renovate regionally to have a quicker suggestions loop as a substitute of relying in your CI/CD pipelines. Plus, operating regionally is virtually free!
  2. Use hint LOG_LEVEL in case debug doesn’t provide you with sufficient data.
  3. In case you’re engaged on some bespoke use circumstances or going through odd encounters/bugs, strive Google looking out with the prefix “web site:github.com/renovatebot/renovate <your key phrases or phrases>”. (example). Usually, you’ll discover that there are already others who’ve filed an analogous dialogue or situation.

Coping with a big repository (e.g. GB in measurement)

  1. In case you try and run Renovate on a big repository, it’s possible you’ll encounter a SIGTERM sign (which might be seen in your Renovate job log) as a result of timeout. To deal with this, enhance the executionTimeout setting in your config.js. E.g.:

2. Beneath your GitLab venture’s CI/CD Common pipelines settings, it’s possible you’ll need to enhance your job timeout (e.g. 10 hours) as Renovate might take a very long time on an uncached run on massive repositories.

3. It’s possible you’ll need to set persistRepoData: true for quicker git fetch between runs. E.g.:

4. On some events, it’s possible you’ll run into ERROR: Disk house error - skipping. Right here, it’s possible you’ll need to provision a runner with elevated disk measurement. E.g. in case you are utilizing AWS EC2, attempt to enhance the dimensions of the quantity.

More Posts