Automated updates of dependencies

Container image available

Not tightly integrated into GitLab


Pipeline-integrated optionally with official template

Cron job running separate from GitLab instance

Self-hosted Renovate (formerly paid product)

Hands-On: Pipeline-integrated

  1. Create personal access token with scopes api, read_user, write_repository
  2. Add unprotected CI variable called RENOVATE_TOKEN
  3. Add renovate.json to root of project
  4. Add new job called renovate
  5. Create schedule with non-empty variable RENOVATE
  6. Check job logs
  7. Check merge requests
  8. Check pipelines
  9. Merge at least one change

See new .gitlab-ci.yml:

git checkout origin/160_gitlab_ci/270_renovate -- '*'

(With proper configuration Renovate will automerge tested merge requests.)

Pro tip: Use renovate:slim image

Image is smaller and loads faster

Tools are installed on-demand

Natively or using container sidecars

  image: renovate/renovate:32.236.0-slim
  script: |
    renovate --platform gitlab \
        --endpoint${SEAT_INDEX} \
        --token ${RENOVATE_TOKEN} \
        --autodiscover true

Request tools version using constraints

Or use tool specific directives like engine for npm