Skip to content

Instantly share code, notes, and snippets.

@paulo-ferraz-oliveira
Last active August 22, 2024 15:23
Show Gist options
  • Save paulo-ferraz-oliveira/68e04915037d1e78eb815a90f491f97d to your computer and use it in GitHub Desktop.
Save paulo-ferraz-oliveira/68e04915037d1e78eb815a90f491f97d to your computer and use it in GitHub Desktop.
Renovate your GitHub repositories

Renovate your GitHub repositories

GitHub-based repositories can be kept version-updated using Renovate Bot.

Check out:

My JSON template

The following is my renovate.json template on using Renovate to update my GitHub-public repositories.

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "config:recommended",
    "helpers:pinGitHubActionDigests",
    ":pinDevDependencies",
    ":pinDigestsDisabled"
  ],
  "packageRules": [
    {
      "matchFileNames": [
        ".github/**/*.yml",
        ".tool-versions"
      ],
      "groupName": "dev tools"
    },
    {
      "matchFileNames": [
        "rebar.config"
      ],
      "groupName": "rebar.config deps"
    },
    {
      "matchFileNames": [
        "package.json",
        ".nvmrc"
      ],
      "groupName": "package.json + .nvmrc deps"
    },
    {
      "matchFileNames": [
        "Dockerfile"
      ],
      "groupName": "Docker deps"
    },
    {
      "enabled": false,
      "matchPackageNames": [
        "minimum_otp_vsn{/,}**"
      ]
    }
  ],
  "customManagers": [
    {
      "description": "Match versions (per datasource and depName) in .github/**/*.yml",
      "customType": "regex",
      "fileMatch": [
        ".github/.*/.*\\.yml"
      ],
      "matchStrings": [
        "# renovate datasource: (?<datasource>[^,]+), depName: (?<depName>[^\\n]+)\\n.+?(?<currentValue>v?\\d+(\\.\\d+(\\.\\d+)?)?(-[^\\n]+)?)\\n"
      ]
    },
    {
      "description": "Match versions in rebar.config",
      "customType": "regex",
      "fileMatch": [
        "rebar.config"
      ],
      "datasourceTemplate": "hex",
      "matchStrings": [
        "{(?<depName>[^,]+), \"(?<currentValue>\\d+\\.\\d+(\\.\\d+)?)\""
      ],
      "versioningTemplate": "semver"
    },
    {
      "description": "Match versions (per datasource and depName) in Dockerfile",
      "customType": "regex",
      "fileMatch": [
        "Dockerfile"
      ],
      "matchStrings": [
        "# renovate datasource: (?<datasource>[^,]+), depName: (?<depName>[^\\n]+)\\nENV .+?_VERSION=\"(?<currentValue>[^\"]+)\""
      ],
      "versioningTemplate": "loose"
    }
  ]
}

rebar3 dependencies

These depend, potentially, on an updated rebar.lock. I use the following GitHub workflow template (which is itself updated by Renovate every now and then).

---
name: Update rebar.lock

"on":
  push:
    branches:
      - main
  pull_request:
    branches:
      - "*"
  workflow_dispatch: {}
  merge_group:

concurrency:
  group: ${{github.workflow}}-${{github.ref}}
  cancel-in-progress: true

jobs:
  branch:
    outputs:
      head_ref: ${{steps.branch.outputs.head_ref}}

    runs-on: ubuntu-24.04

    steps:
      - id: branch
        run: |
          head_ref=${GITHUB_REF}
          echo "head_ref is ${head_ref}"
          [[ -z "${head_ref}" ]] && exit 1
          echo "head_ref=${head_ref}" > "${GITHUB_OUTPUT}"

  update:
    name: Update rebar.lock

    needs: [branch]

    if: endsWith(needs.branch.outputs.head_ref, 'rebar.config-deps')

    runs-on: ubuntu-24.04

    steps:
      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          ref: ${{needs.branch.outputs.head_ref}}

      - uses: erlef/setup-beam@a6e26b22319003294c58386b6f25edbc7336819a # v1.18.0
        with:
          version-type: strict
          version-file: .tool-versions

      - run: |
          rebar3 upgrade --all
          if ! git diff --exit-code >/dev/null; then
              # there's stuff to push
              git config user.name "GitHub Actions"
              git config user.email "actions@user.noreply.github.com"
              git add rebar.lock
              git commit -m "[automation] update \`rebar.lock\` after Renovate"
              git push
          fi
        env:
          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment