This is a step-by-step guide to auto-update dependencies of GitLab projects using Renovate.
0. Create a new Gitlab project using the NodeJS template
We will be using this project in the end part of this tutorial.
1. Create a Gitlab project for Renovate (named renovate-bot in this tutorial)
2. Create a Personal Access Token (PAT) in GitHub, with repo scope
3. Create a Personal Access Token (PAT) in GitLab, with api scope
4. Add the PAT to the environment variables of your renovate-bot GitLab project
Go to renovate-bot’s CI/CD Settings
Scroll down to the Variables section, then expand it.
Then add a variable named GITHUB_COM_TOKEN and give it the value of the PAT from GitHub you created in step 2.
Add another variable named RENOVATE_TOKEN and give it the value of the PAT from GitHub you created in step 3.
You should have two environment variables added by now, like in this image below:
5. Go to Repository -> Files page, then click on the “Web IDE” button to open the GitLab IDE
6. Create a file named .gitlab-ci.yml in your GitLab repository
Paste this into that file:
update_repositories:
image: renovate/renovate:31.55
script:
- docker-entrypoint.sh
variables:
GITHUB_COM_TOKEN: $GITHUB_COM_TOKEN
RENOVATE_TOKEN: $RENOVATE_TOKEN
only:
- schedules
7. Create another file named config.js,
module.exports = {
onboardingConfig: {
extends: ["config:base"],
},
platform: "gitlab",
gitAuthor: "RenovateBot <renovatebot@gmail.com>",
baseBranches: ["main", "master"],
labels: ["dependencies"],
repositories: [
"jeremiahflaga/renovate-bot",
"jeremiahflaga/sample-nodejs-app",
],
};
The repositories in that setting contains the names of the projects we created in step 0 and step 1 of this tutorial, because those are the projects whose dependencies we want to be updated by Renovate.
Note that in your own project you have to change the repositories part of that settings.
Please refer to the following tutorial for information about these settings: “Use Renovate to Manage Dependencies in Gitlab” by Joonas Venäläine
8. Create another file named renovate.json,
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["config:base"]
}
Please refer to “Use Renovate to Manage Dependencies in Gitlab” by Joonas Venäläine for an explanation of these settings.
9. Commit your changes
10. Create a schedule to trigger the CI/CD pipeline
Go to CI/CD -> Schedules, then create a new schedule.
(Note: you can also manually trigger the schedule.)
11. Almost done!!!
When the CI/CD pipeline is triggered, a new merge request will be sent to the repositories listed in our config.js.
Here is the merge request created for jeremiahflaga/renovate-bot:
Here is the merge request created for jeremiahflaga/sample-nodejs-app:
12. Merge those merge requests… and we’re done 
Note: If you want the merge request to be directed to other branches, like development or production, you have to overwrite the renovate.json file in those target repositories like this:
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["config:base"],
"dependencyDashboard": true,
"baseBranches": ["development", "production"]
}
(Note: update the renovate.json in the main or master branch.)
Please refer to “Use Renovate to Manage Dependencies in Gitlab” by Joonas Venäläine for an explanation of these settings.
In the next minutes/hours/days, depending on the schedule of the CI/CD pipeline, the Renovate bot will create new merge requests like this:
References
Main reference: “Use Renovate to Manage Dependencies in Gitlab” by Joonas Venäläinen (January 19, 2022)
Other references:
“Renovate Your GitLab Projects Automatically” by Mike Barkmin
“How to Keep Software Dependencies Up-to-Date with Renovate” by Emmanuel Sys
“Update dependencies with Renovate” by Pavel Kutáč
“Automatic Dependency Updates with Renovate and Gitlab” by Max Rosin
“How to Update Dependencies Safely and Automatically with GitHub Actions and Renovate” by Ramón Morcillo
