For years, I have been ignoring Renovate because Dependabot was just there - it seems like it was build-into Github forever (it was not; Github acquired dependabot mid 2019).
As dependabot is not accepting support for new ecosystems, I decided to give Renovate a try, and OH BOY did I missed out on much. In comparison, it makes dependabot looks like toy for little kids. I have been using it for few weeks now and some pros.
If you’re running on Kubernetes, it’s extremely easy to self-host via the official Helm chart.
Even if you’re not, you can run it as part of your CI pipeline as a scheduled job.
It ships with its dashboard concept, which greatly improves visibility regarding outdated dependencies.
It is highly configurable when it comes to grouping updates - that includes grouping updates across different ecosystems (need to upgrade some Ruby & NPM packages in one go? Checked)
have great out-of-the-box support for popular ecosystems; updating both orbs and docker images in your CircleCI configuration? Checked
Have crazy feature called regexp manager, which in practice will allow you to update anything; the downside - it’s regular expression based
Regex matcher - Real-life example
Let’s say you’re using Terraform to manage a project in ArgoCD using the ArgoCD provider.
Renovate supports out of the box helm_release, but the ArgoCD provider defines its own application where you can specify helm attributes.
One way to work around the problem is to shove versions into variable file(s) and annotate those using comment so renovate can parse those.
resource "argocd_application" "kurded" {
# details ommited
spec {
source {
repo_url = "https://kubereboot.github.io/charts"
chart = "kured"
target_revision = var.kured_version
helm {
release_name = "kured"
values = yamlencode({
configuration = {
rebootDays = ["su"]
}
})
}
}
}
}
# variables-helm.tf
variable "kured_version" {
default = "5.3.2" // renovate: dep=kured chart=https://kubereboot.github.io/charts
}
We’re going to write custom matcher that will lookup variables-helm.tf file(s) and match whole default... // renovate: lines with capture groups
{
"customManagers": [
{
"customType": "regex",
"datasourceTemplate": "helm",
"fileMatch": [
"(^|/)variables\\-helm\\.tf$"
],
"matchStrings": [
"default = \"+(?<currentValue>[^'\" ]+)\" +\\/\\/ renovate: dep=(?<depName>[\\a-z\\\\]+)chart=(?<registryUrl>[^ \\n]+)"
]
}
]
}
The whole notation is quite cryptic at first glance and everything is well explained in Renovate’s official docs, but what we’re really doing here is telling Renovate “hey, this is a helm chart definition - grab name + version + chart url from the string using predefined capture groups”. Note: you might need to adapt depName matcher for you needs as it’s not very greedy.
This is pretty powerful feature as you can adapt Renovate for your own custom needs without writing any “real” code.
