Renovate bot demo - keep your dependencies up to date

By Mindaugas Urbontaitis

2021-04-16

Hello

• Software Engineer

  • Digital Channels Sweden
  • Team

• Outdoor activities

  • My biggest achievement Paris - Brest - Paris 2019
  • My 365 days challenge

Renovate bot demo

• Why do we need automated dependency management?
• Automated dependency management tools
• What is Renovate bot?
• Configuring Renovate bot
• Checking and merging the Pull Requests

Why do we need automated dependency management?

• A lot of dependencies per project
• Time-consuming to check every dependency
• Security updates

• maven
• npm

• Dependabot ^1
  • Github
• Renovatebot ^2
  • Bitbucket (beta)
  • Github App
  • Gitlab App

Renovate

• cli
• selfhosted
• GitHub App / Azure DevOps Ext. ^3
• Supports different managers
  • maven
  • npm
  • helm
  • docker

How Renovate works

• checks for updates
• opens pull requests
• review and merge

Demo - managers

Demo - Package patterns

Demo - Allowed versions

Wrap up

• Pin your frontend dependencies
• Group your dependencies
• Limit PR commit count
• Start one by one project

Questions

Thanks

• Renovate docs ^4
• Preset group examples ^5
• Presentation ^6 https://www.urbontaitis.lt/renovatebot