Using Renovate in Gitlab

May 01 · 7 mins read

This is a step-by-step guide to auto-update dependencies of GitLab projects using Renovate.

0. Create a new Gitlab project using the NodeJS template

GitLab: create new project using NodeJS template

We will be using this project in the end part of this tutorial.

1. Create a Gitlab project for Renovate (named renovate-bot in this tutorial)

GitLab: create blank project

2. Create a Personal Access Token (PAT) in GitHub, with repo scope

GitHub: create new personal access token

3. Create a Personal Access Token (PAT) in GitLab, with api scope

GitLab: create new personal access token

4. Add the PAT to the environment variables of your renovate-bot GitLab project

Go to renovate-bot’s CI/CD Settings

GitLab: Settings -> CI/CD

Scroll down to the Variables section, then expand it.

GitLab: Settings -> CI/CD

Then add a variable named GITHUB_COM_TOKEN and give it the value of the PAT from GitHub you created in step 2.

GitLab: add `GITHUB_COM_TOKEN` environment variable

Add another variable named RENOVATE_TOKEN and give it the value of the PAT from GitHub you created in step 3.

GitLab: add `RENOVATE_TOKEN` environment variable

You should have two environment variables added by now, like in this image below:

GitLab: two environment variables added

5. Go to Repository -> Files page, then click on the “Web IDE” button to open the GitLab IDE

GitLab: Web IDE button

6. Create a file named .gitlab-ci.yml in your GitLab repository

GitLab: Web IDE - Create new file button

Paste this into that file:

update_repositories:
  image: renovate/renovate:31.55
  script:
    - docker-entrypoint.sh
  variables:
    GITHUB_COM_TOKEN: $GITHUB_COM_TOKEN
    RENOVATE_TOKEN: $RENOVATE_TOKEN
  only:
    - schedules

7. Create another file named config.js,

module.exports = {
  onboardingConfig: {
    extends: ["config:base"],
  },
  platform: "gitlab",
  gitAuthor: "RenovateBot <renovatebot@gmail.com>",
  baseBranches: ["main", "master"],
  labels: ["dependencies"],
  repositories: [
    "jeremiahflaga/renovate-bot",
    "jeremiahflaga/sample-nodejs-app",
  ],
};

The repositories in that setting contains the names of the projects we created in step 0 and step 1 of this tutorial, because those are the projects whose dependencies we want to be updated by Renovate.

Note that in your own project you have to change the repositories part of that settings.

Please refer to the following tutorial for information about these settings: “Use Renovate to Manage Dependencies in Gitlab” by Joonas Venäläine

8. Create another file named renovate.json,

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": ["config:base"]
}

Please refer to “Use Renovate to Manage Dependencies in Gitlab” by Joonas Venäläine for an explanation of these settings.

9. Commit your changes

GitLab: Web IDE - commit changes

10. Create a schedule to trigger the CI/CD pipeline

Go to CI/CD -> Schedules, then create a new schedule.

GitLab: create schedule

(Note: you can also manually trigger the schedule.)

11. Almost done!!!

When the CI/CD pipeline is triggered, a new merge request will be sent to the repositories listed in our config.js.

Here is the merge request created for jeremiahflaga/renovate-bot:

GitLab: MR created for `jeremiahflaga/renovate-bot`

Here is the merge request created for jeremiahflaga/sample-nodejs-app:

GitLab: MR created for `jeremiahflaga/sample-nodejs-app`

12. Merge those merge requests… and we’re done :smiley:

Note: If you want the merge request to be directed to other branches, like development or production, you have to overwrite the renovate.json file in those target repositories like this:

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": ["config:base"],
  "dependencyDashboard": true,
  "baseBranches": ["development", "production"]
}

(Note: update the renovate.json in the main or master branch.)

Please refer to “Use Renovate to Manage Dependencies in Gitlab” by Joonas Venäläine for an explanation of these settings.


In the next minutes/hours/days, depending on the schedule of the CI/CD pipeline, the Renovate bot will create new merge requests like this:

GitLab: Other MR created by the Renovate bot