okaryo.log

Trying Out Renovate, Better Late Than Never | okaryo.log

Trying Out Renovate, Better Late Than Never

    #renovate#CI/CD

Introduction

While browsing various GitHub repositories, I often noticed the Renovate bot appearing in the contributors’ list.

Recently, while updating the dependent libraries of a tool I’m developing, I found manual work quite tedious. So, I decided to give Renovate a shot.

Configuration

First, install the Renovate app on GitHub.

Build software better, together
GitHub is where people build software. More than 100 million people use GitHub to discover, fork, and contribute to over 420 million projects.
favicongithub.com
ogImage

Once installed, Renovate immediately creates a configuration file and sends a Pull Request (PR) to the repository. By default, this file resides at the root level. However, I prefer to organize my CI-related files, so I moved it to the .github directory. Renovate works just fine from this location.

Once the configuration file is in place, Renovate creates PRs like the one shown below, updating libraries according to the specified settings.

Renovate PR

Here’s the configuration file for TabTabTab, a Chrome extension I’ve been developing.

// .github/renovate.json

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": ["config:base"],
  "schedule": ["every weekend"],
  "labels": ["maintenance"],
  "timezone": "Asia/Tokyo",
  "automerge": false,
  "rangeStrategy": "bump",
  "dependencyDashboard": false,
  "branchConcurrentLimit": 0,
  "prHourlyLimit": 0,
  "packageRules": [
    {
      "groupName": "react",
      "matchPackageNames": ["@types/react", "@types/react-dom"],
      "matchPackagePrefixes": ["react"]
    },
    {
      "groupName": "eslint",
      "matchPackagePrefixes": ["@typescript-eslint/", "eslint"]
    },
    {
      ...omitted...
    },
    {
      "matchUpdateTypes": ["minor", "patch"],
      "matchCurrentVersion": "!/^0/",
      "automerge": true
    }
  ]
}

Main configuration policies are as follows:

  • Update libraries in batches over the weekend.
  • Group major libraries together.
  • Automerge updates, except for major and 0.x.x versions.
  • No restrictions on the number of PRs created.

Update Libraries Over the Weekend

I don’t want to be notified every time there’s an update, and some PRs require manual merging. Hence, I set updates to batch over the weekend.

To initiate updates late on Saturdays, use the following configuration:

{
  "schedule": ["every weekend"],
  "timezone": "Asia/Tokyo",
}

Group Major Libraries

Without additional settings, Renovate creates a PR for each library update, which can get overwhelming. Grouping related libraries reduces the number of PRs.

{
  "packageRules": [
    {
      "groupName": "react",
      "matchPackageNames": ["@types/react", "@types/react-dom"],
      "matchPackagePrefixes": ["react"]
    }
  ]
}

To make it easier to pinpoint the cause in case an issue arises after an update, I’ve set up groupings based on related libraries. However, if you have many dependent libraries, or if you want to reduce the number of PRs created, you can group them in broader categories.

For example, in the following configuration, I’ve grouped them based on npm’s dependencies and devDependencies. I’ve also experimentally set up the renovate configuration for this blog’s repository in the same way, and so far, there haven’t been any issues. This might be sufficient if you don’t want to differentiate or check the update details too meticulously.

{
  "packageRules": [
    {
      "matchDepTypes": ["devDependencies"],
      "groupName": "devDependencies"
    },
    {
      "matchDepTypes": ["dependencies"],
      "groupName": "dependencies"
    }
  ]
}

Automerge Updates, Except Major and 0.x.x Versions

Renovate can auto-merge PRs based on settings. Initially, I was wary of auto-merging, but since tests run when PRs are created and I review them all at once, I no longer see the need for manual merging.

However, major library updates can introduce breaking changes, and 0.x.x versions can be unstable. I set these to avoid auto-merging.

{
  "automerge": false,
  "packageRules": [
    {
      "matchUpdateTypes": ["minor", "patch"],
      "matchCurrentVersion": "!/^0/",
      "automerge": true
    }
  ]
}

No Restrictions on PRs

Depending on your CI settings, you might want to limit the number and manner of PRs that Renovate creates. For example, if your CI workflow involves an external API, you must operate within its rate limits.

But in my case, there were no such concerns. The config:base preset has a limit of 2 PRs per hour, which I overrode with the following:

{
  "branchConcurrentLimit": 0,
  "prHourlyLimit": 0,
}

Conclusion

A few weeks into using Renovate, and I’m thrilled. It has eliminated the chore of updating libraries, ensuring they’re always up to date. Plus, the PRs Renovate creates contain release notes for the updated libraries and links to the differences, which is very handy.

Despite the “Better Late Than Never” in the title, Renovate remains a timely and invaluable tool.

Related Posts
Related Posts
Promotion

Copyright © 2024 OKARYO

This site uses Google Analytics.