►
From YouTube: Using Renovate to keep your version dependencies updated - Christian Hòˆrl, SysEleven
Description
There are many third-party tools in place such as webservers, databases, logging-stacks and monitoring tools which are providing infrastructure to your own software application.
A
A
I'm
gonna
talk
about
our
most
diligent
worker
in
the
company.
Besides
our
gorgeous
marketing
team,
the
the
most
diligent
worker
in
our
company
is
a
renovate
bot.
I'm
gonna
talk
about
the
tool
how
it
works
and
show
you
some
of
its
features
and
well.
There
are
a
lot
of
features
believe
me,
but
I
assure
you,
the
most
important
ones
which
help
us
using
renovate
in
our
production
setup.
Now,
let's
start
with
a
very
basic
configuration
of
renovate
and
see
how
it
can
grow
and
then
integrate
into
your
workflows.
A
Now
what
is
renovate
bot
and
what
can
it
do
for
us?
It's
an
open
source
project
by
mend,
formerly
known
as
white
source,
renovate
automatically
recognizes
version
updates
in
your
project
sources
and
whenever
I
use
a
term
project.
I
mean
gitlab
project
in
this.
In
this
combination.
Here
now,
if
renovate
bot
has
found
some
updates
for
our
dependency,
it
creates
a
pull
request
for
it
and
notifies
you
about
it,
simple
and
plain,
but
that
will
save
us
a
lot
of
time.
A
Renovate
supports
multiple
platforms.
As
you
can
see,
you
can
get
installable
packages
available
through
npm
or
you
can
get
it
on
Docker
Hub.
Of
course,
gitlab
is
the
platform
we
use
in
combination
with
CI
pipelines
and
basically
it's
running
through
our
gitlab
runners
from
there
our
workloads
are
deployed
to
kubernetes
in
the
end
and
depending
on
the
platform
you
might
be
using,
there
might
be
slight
differences
in
the
way
you
configure
renovate
and
how
you
integrate
it.
A
The
full
feature
set
is
truly
provided
by
the
self-hosted
edition
of
Runaways,
but
today
we're
gonna
talk
about
using
it
on
the
self-hosted
gitlab
platform
package
managers,
renovates
use
a
so-called
package
managers
or
just
managers.
Those
are
modules,
let's
call
them
modules,
which
know
best
how
to
find
and
determine
dependencies
for
your
software
packages
such
as
ansible,
Docker
and
Docker,
compose
and
so
on.
There
are
really
a
lot
managers
it
offers
those
managers
have
or
use
file
name
patterns
to
detect
a
language
or
a
package.
A
A
Presets
renovate
uses
so-called
presets,
and
many
of
them
are
already
built
in
presets,
are
well
collections
of
rules
and
provide
a
very
easy
and
comfortable
way
of
using
global
settings
among
one
or
more
projects.
So
presets
can
easily
be
included
in
your
renovate
configuration
file
and
you
can
add
single
single
rules
to
overwrite
the
default
settings.
A
Now,
let's
take
a
look
at
some
important
features,
which
are
my
personal
favorites
among
the
renovate
features.
Auto
discover
projects,
as
the
name
says
it
will
find
projects
automatically
which
do
not
yet
have
a
renovate
configuration
and
identifies
them.
Auto,
merge,
pull
requests
would,
of
course,
automatically
and
silently
merge
pull
requests,
so
you
don't
get
even
notified
by
it
and
you
don't
want
to
get
bothered
by
renovate
every
time
it
finds
and
updates.
A
Also,
it
does
no
longer
propose
pull
requests
once
once
they
were
skipped.
Renovate
will
remember
that
you
have
skipped
a
pull
request
or
denied
a
pull
request
and
will
never
propose
it
again.
So
it
does
a
lot
of
housekeeping
implicitly
and
it
has
a
comfortable
dependency
dashboard,
showing
you
a
summary
of
all
the
open
pool
requests.
A
You
have,
you
can
add
custom
labels
on
every
renovate
merch
request,
so
you
can
easily
determine
which
merge
request
was
done
by
renovate,
and
you
can
also
customize
its
commit
messages
to
better
determine
that
by
the
way
renovate
by
default
looks
only
and
works
only
in
the
main
branch
of
a
project.
This
is
I
think
this
is.
This
is
pretty
important.
It
does
not
look
in
in
branches
by
default.
A
A
Another
cool
feature
is
the
the
docker
version
Precision,
since
many
pull
requests
are
upon
Docker
image
tags,
it's
important
to
have
a
strict
policy
handling
updates
for
them
and
renovate
always
keeps
the
versioning
of
an
image
tag,
so
it
does
not
propose
a
more
common
or
more
specific
image
tags
than
the
ones
you
use.
It
always
stay
in
that
versioning
schema,
but
of
course,
as
anything,
this
Behavior
can
be
changed.
If
you
like
now,
let's
see
how
you
can
integrate
and
use
renovate
in
gitlab.
A
Here
are
the
components
you
need
to
get
started.
You
can
decide
and
run
renovate
in
a
way
that
fits
your
needs.
We
use
a
scenario
with
gitlab,
which
is
called
renovate
Runner.
As
I
said
earlier,
the
global
configuration
the
the
config.js
holds
options
which
are
only
possible
in
This
Global
configuration
and
not
in
the
Project
Specific
configuration.
A
A
A
A
A
A
Finally,
only
a
quite
streamlined
and
Slimmer
runaway
Json
file
is
placed
in
a
Project's
directory.
The
schema
you
can
see
in
in
the
second
line.
The
schema
is
always
included
by
renovate
automatically.
It
contains
the
complete
package
managers
and
the
rule
sets
renovate
has
to
offer.
So
you
don't
have
to
take
care
about
the
rule.
Sets
you
simply
include
it.
Also.
The
presets
differing
from
the
default
can
be
included
here,
as
extends
to
your
configuration
foreign.
A
We
found
two
approaches
to
configure
renovate
in
GitHub.
First
is
the
centralized
renovate
bot
when
it
resides
in
a
dedicated
project?
It
must
be
provided
an
access
token
or
a
group
token,
so
it
can
discover
and
onboard
other
projects
from
there
and
this
setup
might
be
used
when
you
are
fully
in
charge
and
fully
controlling
all
the
projects
in
gitlab
when
you're
kind
of
an
administrator
of
of
gitlab.
A
This
is
what
I
show
you
afterwards.
The
first
scenario,
the
second
one
is
the
Standalone
instance.
This
is
rather
a
multi-tenant
ready
approach.
Every
setting
must
be
configured
manually
and
directly
in
a
renovate
Json
file
in
each
project
separately.
Project
access
must
be
granted
to
renovate,
also
by
by
a
Project
Specific
access.
Token
here
is
a
little
schema
of
the
first
scenario.
A
This
is
what
it
might
look
like.
The
global
configuration
contains
instructions
for
auto
Discovery
instructions
for
onboarding
it
can
enable
or
disable
particular
projects.
You
you
don't
want
to
be
found
by
renovate.
You
can
also
filter
this
Auto
Discovery
to
to
not
having
them
found,
and
this
offers
a
central
trigger
for
renovate
you.
You
start
it
from
a
central
point
in
your
gitlab.
The
second
scenario
has
no
Global
configuration
in
place.
It
does
no
automatic
onboarding.
A
Renovate
integration
is
done
individually
through
each
project
by
placing
a
renovate
Json
configuration
file
and,
of
course
they
all
have
separate
triggers
to
start
renovate
by
a
pipeline
or
a
scheduler
tweaking
and
tuning
well
using
runaways
for
the
first
time
can
be
a
little
overwhelming.
On
the
one
hand,
you
finally
receive
automatic
updates
for
all
the
dependencies,
but
on
the
other
hand,
from
this
very
point
on
you
have
to
review
them
and
believe
me,
there
will
be
many
pull
requests
every
day.
A
So
soon
you
will
determine
which
updates
need
more
attention
and
which
can
be
accepted
anyway,
then
you
might
want
to
reduce
all
these
notifications
coming
from
renovate
and
all
those
reminders
about
pull
requests
still
open,
at
least
some
of
them.
Maybe
you
could
start
with
disabling
the
dependency
dashboard
at
first.
It's
really
interesting
to
read
in
the
beginning,
but
a
little
time
consuming
as
time
goes
on,
also
give
renovate
a
schedule
when
it
should
look
for
updates.
Maybe
once
a
day
is
a
good
start
in
the
beginning.
A
A
Further.
Noise
reduction
can
be
reached
well,
renovates.
Documentation
recommends
here
to
enable
auto
merge
for
any
type
of
dependency,
update
where
you
would
just
click
merge
anyway.
So
this
saves
time
honestly,
we
do
not
yet
have
Auto
merge
in
place
in
production,
but
there
is
one
case:
I
personally
use
it
for,
especially
for
the
updates
of
renovate
itself
when
it's
creating
updates
for
its
Docker
image
tags.
This
is
not
critical
in
my
opinion
and
and
saves
me
time.
So.
Therefore,
you
need
to
create
a
special
package
rule.
A
A
While
Auto
merging
sounds
good
and
it's
almost
the
first
thing
that
came
to
my
mind
when
I
first
tried
to
renovate
I
thought,
this
is
really
cool.
I
have
to
automate
everything,
but
implementing
and
using
it
has
some
difficulties.
For
example,
insufficient
access,
token
permissions
or
insufficient
scope
of
the
token
can
make
renovates
Auto
merge
fail,
silently
you
do
not
get
too
much
information.
Why
it
failed.
Simply
the
the
token
doesn't
have
enough
permissions.
So
it
took
me
some
time
to
figure
that
out
and
if
your
code
platform
like
gitlab,
enforces
strict
security
settings.
A
These
could
also
block
Auto
merging,
for
example,
if
you
are
not
allowed
to
commit
to
the
main
branch,
for
instance,
but
in
the
most
cases
there
are
ways
to
configure
renovate
accordingly
well
debugging
Auto
much
problems
is
a
little
time
consuming
and
long
story
short
renovate
bot
needs
simply
access
to
projects
to
be
able
to
do
its
job.
So
this
is
the
first
thing
you
configure.
A
If
you
want
to
try
it,
you
just
want
to
play
around
with
runway
for
the
first
time
or
you're,
still
a
beginner.
This
might
help
you.
Maybe
you
want
to
use
a
dry
run.
First,
you
can
use
this
environment
variable
to
make
it
run
dry
runs.
Then
no
action
is
taken.
Everything
is
being
sent
to
the
logs
only
and
you
have
to
grab
the
locks
to
see
what
it
would
do,
because
renovate
is
built
to
never
forget
tasks
already
taken,
so
it
places
them
in
the
history.
A
You
might
want
to
explicitly
reset
a
specific
project
when
you
are
still
learning
over
and
over
again,
so
try
it
again
see
if
it
works,
delete
everything,
try
it
again
and
so
on.
So
you
might
have
to
remove
pieces
of
information
at
certain
points.
In
gitlab,
for
instance,
you
have
to
delete
already
merge.
Pull
requests
also
delete
the
branches
created
by
renovate
delete
the
dependency
dashboard.
If
you,
if
you
like,
and
want
to
see
it
pop
up
every
time
to
see
if
it
works
and
remove
the
runaway
Json
file.
A
If
you
are
testing
the
onboarding
feature,
so
you
can
try
if
the
automatic
onboarding
works
correctly
so
I'm
going
over
to
the
demo,
I
have
to
mirror
my
screen.
Okay,
as
you
can
see,
I
have
a
gitlab
running
and
what
I
show
you
here
is
the
first
scenario.
So
we
have
a
centralized
renovate
configuration
where
renovate
is
put
in
a
in
its
very
own
group
and
its
very
own
project
and
from
there
it
can
discover
other
projects
now
get
in
there.
A
A
A
Let's
have
it
do
its
job
and
now
I
show
you
around
in
the
project
here:
I
have
some
kind
of
Maximum
project
which
has
all
the
functions
of
renovate
and
and
demonstration
stuff
in
it,
for
instance,
I
have
some
code,
a
simple
Docker
compose
file
with
some
version
tags,
also
a
simple
PHP
application
here
and
last
but
not
least,
some
terraform
project,
which
also
has
some
versions
in
it.
Now,
let's
take
a
look
at
our
main
pipeline
of
that
project:
I
resize.
It
a
bit
hope
that
works.
A
So,
as
you
can
see,
we
integrate
the
the
renovate
a
runner
image
from
from
Docker
Hub.
We
set
some
basic
variables,
such
as
the
project
path,
the
gitlab
API
version.
We
have
to
tell
renovate
which
platform
it
is
running
on
give
some
information
to
yeah
identify
the
renovate
bot
itself
through
the
gitlab,
and
we
set
our
logging
level
to
debug
to
gather
real,
really
information,
much
information
yeah.
This
is
pretty
much
it.
A
Now,
coming
to
this
Global
configuration
I
talked
about
earlier.
This
is
our
JavaScript
file,
which
does
the
magic
we
have
some
labels
set
so
renovate
labels
all
of
its
pull
requests
with
that
with
attack.
I
have
myself
as
an
assignee
of
that
pull
request,
so
I
get
notified
about
everything
we
use
the
onboarding
feature
so
renovate
automatically
pushes
a
renovate
configuration
to
other
projects
and
onboards
them,
and
here
is
the
onboarding
configuration.
So
here
we
Define
what
we
want
all
the
other
projects
to
to
have
when
renovate
has
run.
A
For
the
first
time
and
as
I
told
you
earlier,
we
have
this
package
rules
which
are
especially
for
renovates
updates
for
the
for
itself,
so
it
merges
minor
and
Patch
level
updates
automatically,
but
not
the
major
patch,
not
the
major
versions
we
have
to
set
the
auto
merge
feature
true,
and
if
a
pull
request
is
automatically
merged,
we
want
another
label
to
be
added
which
is
called
Auto
merged.
So
we
can
easily
determine
that
this
was
done
explicitly
and
we
have
the
possibility
to
lock
renovate
into
its
own
project.
A
You
can
add
more
projects
explicitly
if
you
want
to
yeah
increase
the
scope.
What
what
it
can
find
in
your
gitlab
I
do
not
use
the
auto
discover
feature
here
now,
let's
see
if
the
pipeline
has
run
yeah,
it's
it
has
passed,
and
now
we
should
see,
we
should
see
one
merge
request.
This
is
the
very
first
merch
request
called
configure
renovate
which
it
created
for
us.
It
has
the
label
renovate
set.
This
is
very
cool
and
it
says
welcome
to
run
away
to
activate
merge
this
request.
We
will
do
that.
A
A
We
get
a
summary
based
upon
the
the
settings,
the
configuration
we
we
added,
what
it
would
do
and
what
it
wouldn't
do
and
down
below
here
is
what
we
have
to
expect.
So,
for
instance,
it
would
update
our
gitlab
in
the
docker
compose
file
to
a
to
a
newer
version
and
all
the
others
as
well.
So
now,
let's
do,
as
we
were
told,
let's
merge
that
and
now
let's
run
renovate
for
the
very
first
time
in
a
normal
way,
as
it
would
do
automatically
each
day
by
a
schedule.
A
A
A
A
It's
a
major
step
from
version
31
to
32.
You
can
see
it
here
and
now
I
really
like
that
feature.
It
pulls
release
notes
from
GitHub
directly
through
the
GitHub
communication
token
you
can
read
through
it
or
not,
and
we
can
merge
that.
What
else
can
we
see
if
you
go
to
merge
request
again,
you
see
there
are
already
too
much
requests
finished.