Renovate Your Gitlab Projects Automatically

“Gitlab application screengrab” by Pankaj Patel on Unsplash

Keeping your dependencies up-to-date is something many of us are struggling with. Of course, we want the latest and greatest. We want the latest security fixes. But the time of a developer is better spent on something more useful than checking every day if there is an update to a dependency and if this update does not break the current build.

Automate the process

To fix this problem you could use an external service like greenkeeper or renovate. But both are only working with GitHub at the time of writing, when you are using their provided service. In the case of renovate there is an alternative to using their service. They keep the source code of renovate open and allow everyone to set up a self-hosted renovate bot. This sounds like a great hassle. Rent a new server, setup renovate, link to GitLab, setup a cron-job or something like this to check continuously.

Gitlab-CI to the rescue

GitLab-CI Pipeline ViewGitLab-CI Pipeline View

The CI part of GitLab is my favorite feature. For every repository, which I create I instantly setup a .gitlab-ci.yml. Whenever I push something to any branch of the repository, the code will be tested, a docker container will be build, and the documentation will be deployed. By manually activating the deployment job the project will be deployed to a production server. This part of GitLab is really worth checking out.

But now to the fun part. Let’s use GitLab-CI to check chosen repositories for outdated dependencies and create merge request to update them. All we need is to create a new repository with three files:

config.js for configuring renovate

    module.exports = {
     platform: ‘gitlab’,
     endpoint: ‘https://gitlab.com/api/v4/',
     assignees: [‘mikebarkmin’],
     baseBranches: [‘master’],
     labels: [‘renovate’],
     extends: [‘config:base’]
    };

repositories.txt for keeping track which repositories we want to check

    openpatch/ui-core
    openpatch/template

.gitlab-ci.yml the heart which runs renovate

    image: docker:latest
    
    services:
      - docker:dind
    
    renovate:
      stage: build
      script:
        - docker run -e GITLAB_TOKEN="$GITLAB_TOKEN" -e GITHUB_TOKEN="$GITHUB_TOKEN" -v $PWD/config.js:/usr/src/app/config.js renovate/renovate:13 $(cat repositories.txt | xargs)
      only:
        - master

As you can see I am using two GitLab Secret CI Variables which needs to be configured. GITLABTOKEN needs to be a [Personal Access Token](https://docs.gitlab.com/ce/user/profile/personalaccesstokens.html) with the scope api and GITHUBTOKEN needs to be a Personal Access Token with the scope repos.

Now everything is finished. When you run the pipeline renovate will check the repositories in repositories.txt and create merge request if a dependency needs to be updated.

Pipeline Schedule OverviewPipeline Schedule Overview

At last, we can create a Pipeline Schedule to run the pipeline every x hours or x day or whatever you like.

Summary

Merge Request by RenovateMerge Request by Renovate

We have created a way to automate the dependency updating with GitLab-CI. We now just have to keep waiting for the merge requests and see if our test suites are successful. Afterwards we can happily merge (Assuming that your test suite is quite good). If you are really trusting your test suite, you can even let renovate auto-merge the request, if the pipeline succeeds. The last thing we could do is to create a separate user just for the renovate task. I hope you can now all optimize your workflow and never ever (OK most likely not ever) have to worry about updating your dependencies again.