renovate

Git Safe Directory

This doesn’t mount to the host /tmp, unlike examples in GitHub, because it asserts the directory as owned by the Docker user (likely root), leading to Git’s safe directory feature blocking it.

For this scenario, it’s easier to disable mounting to the host because git config --global --add safe.directory /tmp/renovate/repos/* didn’t work as expected.

Set the environment variables: export AZURE_DEVOPS_ORG=foo, AZURE_DEVOPS_EXT_PAT, and replace PROJECTNAME/REPO as required.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
docker run --rm -it \
    -e RENOVATE_PLATFORM="azure" \
    -e RENOVATE_ENDPOINT="https://dev.azure.com/${AZURE_DEVOPS_ORG}/" \
    -e GITHUB_COM_TOKEN=$(gh auth token) \
    -e SYSTEM_ACCESSTOKEN=$AZURE_DEVOPS_EXT_PAT \
    -e RENOVATE_TOKEN=$AZURE_DEVOPS_EXT_PAT \
    -e RENOVATE_DRY_RUN=full \
    -e LOG_LEVEL=debug \
    -v ${PWD}/config.js:/usr/src/app/config.js \
    -v /var/run/docker.sock:/var/run/docker.sock \
    renovate/renovate:latest --include-forks=false --dry-run=full PROJECTNAME/REPO

Create a config.js in the renovate-config repo you created. According to the Renovate documentation, this type of config supports NuGet, npm, and GitHub authentication.

Change various options by reviewing the Renovate documentation. Options like the creation of closed pull requests can be configured by flags or environment variables.

For Azure DevOps Pipelines, see the example below. For GitHub, consider using the Renovatebot GitHub app for a smoother integration, which also checks the status by default every 3 hours.

local debugging
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
# Change recreation if you are testing and need to abandon, then recreate
docker run --rm \
    -it \
    -e RENOVATE_RECREATE_CLOSED=false \
    -e LOG_LEVEL=debug \
    -e RENOVATE_DRY_RUN=true \
    -e GITHUB_COM_TOKEN=$GITHUB_TOKEN \
    -e RENOVATE_TOKEN=$AZURE_DEVOPS_EXT_PAT \
    -v "${PWD}/config.js:/usr/src/app/config.js" \
    renovate/renovate --include-forks=false
config.js
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
const pipelineToken = process.env.RENOVATE_TOKEN;
const patTokenForFeed = process.env.RENOVATE_TOKEN;

module.exports = {
  platform: 'azure',
  endpoint: 'https://dev.azure.com/{myorg}/',
  token: pipelineToken,
  hostRules: [
    {
      hostType: 'npm',
      matchHost: 'pkgs.dev.azure.com',
      username: 'apikey',
      password: patTokenForFeed,
    },
    {
      hostType: 'npm',
      matchHost: '{myorg}.pkgs.visualstudio.com',
      username: 'apikey',
      password: patTokenForFeed,
    },
    {
      matchHost: 'https://pkgs.dev.azure.com/{myorg}/',
      hostType: 'nuget',
      username: 'renovate', // username doesn't matter for azure
      password: patTokenForFeed,
    },
    {
      matchHost: 'github.com',
      token: process.env.GITHUB_COM_TOKEN,
    },
  ],
  repositories: [
    // specify format as 'Project/reponame'
    'Project/reponame',
  ],
};
renovate.azure-pipelines.yml
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
---
name: renovate.$(Build.Reason)-$(Date:yyyyMMdd)-$(Rev:.r)
pr: none
trigger:
  batch: true
  branches:
    include:
      - main
schedules:
  - cron: 0 07 * * Mon
    displayName: Mon7am
    branches:
      include: [main]
    always: true
jobs:
  - job: renovate
    displayName: renovate-repos
    timeoutInMinutes: 15
    pool:
      name: Azure Pipelines
      vmImage: ubuntu-latest
    steps:
      - checkout: self
      - bash: |
          git config --global user.email '[email protected]'
          git config --global user.name 'Renovate Bot'
          npx --userconfig .npmrc renovate          
        displayName: npx-renovate
        env:
          RENOVATE_TOKEN: $(System.AccessToken)
          GITHUB_COM_TOKEN: $(GITHUB_COM_TOKEN)

Webmentions

(No webmentions yet.)