Hiddenden/openrabbit
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
Files
9f842189f319cf1eec7c06ba47863c5003616ee1
openrabbit/docs/RENOVATE.md
latte 8cadb2d216
Some checks failed
Docker / docker (push) Successful in 6s
Details
Security / security (push) Successful in 6s
Details
Deploy / deploy-local-runner (push) Has been cancelled
Details
CI / ci (push) Successful in 1m42s
Details
Deploy / deploy-ssh (push) Successful in 7s
Details
Add Gitea Actions workflows, CI config, and docs
2026-02-28 20:40:14 +01:00

2.9 KiB
Raw Blame History

Renovate — Automated Dependency Updates — ${REPO_NAME}

Overview

Renovate automatically detects outdated dependencies and opens PRs to update them. This keeps your project secure and up-to-date with minimal manual effort.

Disabled by default. Set ENABLE_RENOVATE=true in .ci/config.env to enable.

How It Works

  1. The workflow (.gitea/workflows/renovate.yml) runs on a schedule (default: weekly).
  2. Renovate scans your lockfiles and config for outdated packages.
  3. It opens PRs with updates, grouped by minor/patch to reduce noise.
  4. You review and merge the PRs.

Setup

Step 1: Create a Bot PAT

  1. Create a dedicated Gitea user (e.g., renovate-bot) or use your own account.
  2. Generate a PAT: Settings → Applications → Generate New Token
  3. Scopes: repo (full repository access)
  4. Copy the token.

Step 2: Add the Secret

  1. Go to Repository Settings → Actions → Secrets
  2. Add secret: RENOVATE_TOKEN = the PAT from step 1

Step 3: Enable in Config

In .ci/config.env:

ENABLE_RENOVATE=true
RENOVATE_SCHEDULE=weekly
RENOVATE_PR_LIMIT=5

Step 4: Commit and Push

Renovate will run on the next scheduled time, or you can trigger it manually via the Actions tab → "Renovate" → "Run workflow".

Configuration

Workflow Config (.ci/config.env)

Variable Default Description
ENABLE_RENOVATE false Master switch
RENOVATE_SCHEDULE weekly How often to run
RENOVATE_PR_LIMIT 5 Max open PRs at once

Renovate Config (renovate.json)

The renovate.json file in the repo root controls Renovate's behavior:

  • Grouping: Minor and patch updates are grouped into a single PR.
  • Docker: Base image updates (FROM ...) are enabled.
  • Labels: PRs get the dependencies label.
  • Schedule: Runs before 6am on Mondays.

Customize renovate.json to:

  • Pin specific dependencies
  • Exclude packages
  • Change grouping strategy
  • Add automerge for low-risk updates

Docker Base Image Updates

Renovate will detect FROM lines in your Dockerfile and open PRs when newer base images are available. This is enabled by default in renovate.json.

Noise Control

To reduce PR spam:

  1. Group updates: Already configured — minor/patch grouped together.
  2. Limit PRs: RENOVATE_PR_LIMIT=5 (adjust as needed).
  3. Schedule: Runs weekly by default, not on every push.
  4. Automerge: Add to renovate.json for trusted updates: 
    {
  "packageRules": [
    {
      "matchUpdateTypes": ["patch"],
      "automerge": true
    }
  ]
}

Expected Behavior

After enabling, expect:

  • An initial burst of PRs for all outdated dependencies
  • Weekly batches of 1-5 PRs (depending on updates available)
  • PRs labeled dependencies for easy filtering
  • Each PR includes a changelog and compatibility notes
Reference in New Issue View Git Blame Copy Permalink