GitHub-based repositories can be kept version-updated using Renovate Bot.
Check out:
- the documentation: https://docs.renovatebot.com/
- the source code: https://github.com/renovatebot/renovate
The following is my renovate.json
template on using Renovate to update my GitHub-public repositories.
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:recommended",
"helpers:pinGitHubActionDigests",
":pinDevDependencies",
":pinDigestsDisabled"
],
"packageRules": [
{
"matchFileNames": [
".github/**/*.yml",
".tool-versions"
],
"groupName": "dev tools"
},
{
"matchFileNames": [
"rebar.config"
],
"groupName": "rebar.config deps"
},
{
"matchFileNames": [
"package.json",
".nvmrc"
],
"groupName": "package.json + .nvmrc deps"
},
{
"matchFileNames": [
"Dockerfile"
],
"groupName": "Docker deps"
},
{
"enabled": false,
"matchPackageNames": [
"minimum_otp_vsn{/,}**"
]
}
],
"customManagers": [
{
"description": "Match versions (per datasource and depName) in .github/**/*.yml",
"customType": "regex",
"fileMatch": [
".github/.*/.*\\.yml"
],
"matchStrings": [
"# renovate datasource: (?<datasource>[^,]+), depName: (?<depName>[^\\n]+)\\n.+?(?<currentValue>v?\\d+(\\.\\d+(\\.\\d+)?)?(-[^\\n]+)?)\\n"
]
},
{
"description": "Match versions in rebar.config",
"customType": "regex",
"fileMatch": [
"rebar.config"
],
"datasourceTemplate": "hex",
"matchStrings": [
"{(?<depName>[^,]+), \"(?<currentValue>\\d+\\.\\d+(\\.\\d+)?)\""
],
"versioningTemplate": "semver"
},
{
"description": "Match versions (per datasource and depName) in Dockerfile",
"customType": "regex",
"fileMatch": [
"Dockerfile"
],
"matchStrings": [
"# renovate datasource: (?<datasource>[^,]+), depName: (?<depName>[^\\n]+)\\nENV .+?_VERSION=\"(?<currentValue>[^\"]+)\""
],
"versioningTemplate": "loose"
}
]
}
These depend, potentially, on an updated rebar.lock
. I use the following GitHub workflow template (which is itself updated by Renovate every now and then).
---
name: Update rebar.lock
"on":
push:
branches:
- main
pull_request:
branches:
- "*"
workflow_dispatch: {}
merge_group:
concurrency:
group: ${{github.workflow}}-${{github.ref}}
cancel-in-progress: true
jobs:
branch:
outputs:
head_ref: ${{steps.branch.outputs.head_ref}}
runs-on: ubuntu-24.04
steps:
- id: branch
run: |
head_ref=${GITHUB_REF}
echo "head_ref is ${head_ref}"
[[ -z "${head_ref}" ]] && exit 1
echo "head_ref=${head_ref}" > "${GITHUB_OUTPUT}"
update:
name: Update rebar.lock
needs: [branch]
if: endsWith(needs.branch.outputs.head_ref, 'rebar.config-deps')
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
ref: ${{needs.branch.outputs.head_ref}}
- uses: erlef/setup-beam@a6e26b22319003294c58386b6f25edbc7336819a # v1.18.0
with:
version-type: strict
version-file: .tool-versions
- run: |
rebar3 upgrade --all
if ! git diff --exit-code >/dev/null; then
# there's stuff to push
git config user.name "GitHub Actions"
git config user.email "actions@user.noreply.github.com"
git add rebar.lock
git commit -m "[automation] update \`rebar.lock\` after Renovate"
git push
fi
env:
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}