Skip to content
Snippets Groups Projects
Select Git revision
  • 15c98973bd2055b802ab83129d44ce23aa73197a
  • main default protected
  • renovate/main-renovatebot-osv-offline-1.x
  • fix/36927-maven-tags
  • renovate/main-redis-5.x
  • next
  • revert-31645-feat/rename-gradle-wrapper-validation-action
  • fix/36615b-branch-reuse-no-cache
  • chore/punycode
  • refactor/pin-new-value
  • feat/36219--git-x509-signing
  • feat/structured-logger
  • hotfix/39.264.1
  • feat/skip-dangling
  • gh-readonly-queue/next/pr-36034-7a061c4ca1024a19e2c295d773d9642625d1c2be
  • hotfix/39.238.3
  • refactor/gitlab-auto-approve
  • feat/template-strings
  • gh-readonly-queue/next/pr-35654-137d934242c784e0c45d4b957362214f0eade1d7
  • fix/32307-global-extends-merging
  • fix/32307-global-extends-repositories
  • 41.37.7
  • 41.37.6
  • 41.37.5
  • 41.37.4
  • 41.37.3
  • 41.37.2
  • 41.37.1
  • 41.37.0
  • 41.36.2
  • 41.36.1
  • 41.36.0
  • 41.35.2
  • 41.35.1
  • 41.35.0
  • 41.34.1
  • 41.34.0
  • 41.33.0
  • 41.32.3
  • 41.32.2
  • 41.32.1
41 results

use-cases.md

Blame
    • user avatar
    docs: fix typo (#15006)
    HonkingGoose authored and GitHub committed
    15c98973
    History
    user avatar 15c98973
    History
    use-cases.md 8.94 KiB

    Use Cases

    This page describes common use cases for Renovate.

    Development dependency updates

    The original use case, and the most popular one, is for developers to automate dependency updating in their software projects.

    Updating of package files

    The term "package file" is used to describe files which have references to dependencies. Package files are managed by a "package manager".

    Example package files include:

    • package.json, managed by npm or Yarn
    • Gemfile, managed by Bundler
    • go.mod, managed by go modules

    How Renovate updates a package file

    Renovate:

    1. Scans your repositories to detect package files and their dependencies
    2. Checks if any newer versions exist
    3. Raises Pull Requests for available updates

    The Pull Requests patch the package files directly, and include Release Notes for the newer versions (if they are available).

    By default:

    • You'll get separate Pull Requests for each dependency
    • Major updates are kept separate from non-major updates

    Package managers with lock files

    Many package managers support "lock files", which "freeze" the entire dependency tree including transitive dependencies. npm, Yarn, Bundler, Composer, Poetry, Pipenv, and Cargo all support or use lock files.

    If you use a lock file then changes to your package file must come with a compatible change to the lock file. Renovate can patch/update package files directly, but a lock file is too complex to "reverse engineer". Therefore Renovate lets the package manager do the lock file update. A simplified example:

    1. The repository has a package.json and package-lock.json with version 1.0.0 of a dependency
    2. Renovate sees that version 1.1.0 is available
    3. Renovate patches the package.json to change the dependency's version from 1.0.0 to 1.1.0
    4. Renovate runs npm install to let npm update the package-lock.json
    5. Renovate commits the package.json and package-lock.json
    6. Renovate creates the PR

    Custom dependency extraction

    Renovate supports 60+ types of package files. Not all dependencies are detected by default, this can be because:

    • The package manager/file format is not supported, or
    • The file format is not a standard or is proprietary

    If your dependencies are not detected by default, you can use use our "regex" manager to set your own custom patterns to extract dependencies. You configure the regex manager by telling it:

    • Which file pattern(s) to match
    • How to find the dependency name and version from within the file
    • Which datasource (e.g. Docker registry, npm registry, etc) to use to look up new versions

    The end result is that Renovate can keep dependencies in custom file formats up-to-date as long as the dependency datasource is known to Renovate.

    DevOps tooling

    Renovate is increasingly used for purposes which are traditionally described as DevOps instead of Developer.

    DevOps / Infrastructure as Code updates

    It's common for repositories to have DevOps-related files like CI/CD configs, or "Infrastructure as Code" (IaC) files. Examples of IaC files are Docker, Kubernetes or Terraform files. Renovate handles IaC files as "package managers" and "package files" and can detect and update them.

    Docker-compatible images

    Docker-compatible images are a key building block of modern software. These images are commonly found in CI/CD pipeline configs or referenced in IaC files. Renovate detects these IaC files and then queries Docker registries to determine if newer tags or digests exists.