Skip to content
Snippets Groups Projects
Select Git revision
  • main default protected
  • fix/log-filtered-updates-count
  • gh-readonly-queue/next/pr-35009-e87055a655c337959be79ea8baf3fa1f165aaa03
  • next
  • feat/21347-autodiscoverfilter-multiple-exclusions
  • feat/node-v22
  • fix/apply_static_config
  • fix/regex-handling
  • feat/24459-bun-workspaces-wip
  • ci/test-windows-2025
  • fix/32967-toml-templates
  • feat/24513-is-breaking
  • feat/scm-stats
  • feat/28300-enforce-top-level-options
  • feat/modern-encryption
  • feat/19980-renovate-compatibility
  • test/vitest
  • feat/i18n
  • archive/esm
  • 39.218.1
  • 39.218.0
  • 39.217.0
  • 39.216.1
  • 39.216.0
  • 39.215.2
  • 39.215.1
  • 39.215.0
  • 39.214.0
  • 39.213.6
  • 39.213.5
  • 39.213.4
  • 39.213.3
  • 39.213.2
  • 40.0.0-next.26
  • 40.0.0-next.25
  • 39.213.1
  • 39.213.0
  • 39.212.2
  • 40.0.0-next.24
39 results
Blame Permalink
self-hosted-configuration.md 32.02 KiB 
title: Self-Hosted configuration
description: Self-Hosted configuration usable in config file, CLI or environment variables

Self-Hosted configuration options

You can only use these configuration options when you're self-hosting Renovate.

Please also see Self-Hosted Experimental Options.

!!! note Config options with type=string are always non-mergeable, so mergeable=false.

allowCustomCrateRegistries

allowPlugins

allowPostUpgradeCommandTemplating

Set to true to allow templating of dependency level post-upgrade commands.

Let's look at an example of configuring packages with existing Angular migrations.

Add two properties to config.js: allowPostUpgradeCommandTemplating and allowedPostUpgradeCommands:

module.exports = {
  allowPostUpgradeCommandTemplating: true,
  allowedPostUpgradeCommands: ['^npm ci --ignore-scripts$', '^npx ng update'],
};

In the renovate.json file, define the commands and files to be included in the final commit.

The command to install dependencies (npm ci --ignore-scripts) is needed because, by default, the installation of dependencies is skipped (see the skipInstalls global option).

{
  "packageRules": [
    {
      "matchPackageNames": ["@angular/core"],
      "postUpgradeTasks": {
        "commands": [
          "npm ci --ignore-scripts",
          "npx ng update {{{depName}}} --from={{{currentVersion}}} --to={{{newVersion}}} --migrate-only --allow-dirty --force"
        ],
        "fileFilters": ["**/**"]
      }
    }
  ]
}

With this configuration, the executable command for @angular/core looks like this:

npm ci --ignore-scripts
npx ng update @angular/core --from=10.0.0 --to=11.0.0 --migrate-only --allow-dirty --force

allowScripts

allowedPostUpgradeCommands

A list of regular expressions that decide which commands in postUpgradeTasks are allowed to run. If this list is empty then no tasks will be executed.

For example:

{
  "allowedPostUpgradeCommands": ["^tslint --fix$", "^tslint --[a-z]+$"]
}

autodiscover

When you enable autodiscover, by default, Renovate runs on every repository that the bot account can access. You can limit which repositories Renovate can access by using the autodiscoverFilter config option.

autodiscoverFilter

You can use this option to filter the list of repositories that the Renovate bot account can access through autodiscover. It takes a minimatch glob-style or regex pattern.

If you set multiple filters, then the matches of each filter are added to the overall result.

If you use an environment variable or the CLI to set the value for autodiscoverFilter, then commas , within filters are not supported. Commas will be used as delimiter for a new filter.

# DO NOT use commas inside the filter if your are using env or cli variables to configure it.
RENOVATE_AUTODISCOVER_FILTER="/myapp/{readme.md,src/**}"

# in this example you can use regex instead
RENOVATE_AUTODISCOVER_FILTER="/myapp/(readme\.md|src/.*)/"

Minimatch:

{
  "autodiscoverFilter": ["project/*"]
}

Regex:

All text inside the start and end / will be treated as a regular expression.

{
  "autodiscoverFilter": ["/project/.*/"]
}

You can negate the regex by putting an ! in front. Only use a single negation and don't mix with other filters because all filters are combined with or. If using negations, all repositories except those who match the regex are added to the result:

{
  "autodiscoverFilter": ["!/project/.*/"]
}

baseDir

By default Renovate uses a temporary directory like /tmp/renovate to store its data. You can override this default with the baseDir option.

For example:

{
  "baseDir": "/my-own-different-temporary-folder"
}

bbUseDevelopmentBranch

By default, Renovate will use a repository's "main branch" (typically called main or master) as the "default branch".

Configuring this to true means that Renovate will detect and use the Bitbucket development branch as defined by the repository's branching model.

If the "development branch" is configured but the branch itself does not exist (e.g. it was deleted), Renovate will fall back to using the repository's "main branch". This fall back behavior matches that of the Bitbucket Cloud web interface.

binarySource

Renovate often needs to use third-party binaries in its PRs, like npm to update package-lock.json or go to update go.sum. By default, Renovate uses a child process to run such tools, so they must be:

  • installed before running Renovate
  • available in the path

But you can tell Renovate to use "sidecar" containers for third-party tools by setting binarySource=docker. For this to work, docker needs to be installed and the Docker socket available to Renovate. Now Renovate uses docker run to create containers like Node.js or Python to run tools in as-needed.

Additionally, when Renovate is run inside a container built using containerbase, such as the official Renovate images on Docker Hub, then binarySource=install can be used. This mode means that Renovate will dynamically install the version of tools available, if supported.

Supported tools for dynamic install are:

  • bundler
  • cargo
  • composer
  • dotnet
  • flux
  • golang
  • gradle-wrapper
  • helm
  • jb
  • jsonnet-bundler
  • lerna
  • mix
  • node
  • npm
  • pip_requirements
  • pip-compile
  • pipenv
  • pnpm
  • poetry
  • python
  • rust
  • yarn

If all projects are managed by Hermit, you can tell Renovate to use the tooling versions specified in each project via Hermit by setting binarySource=hermit.

Tools not on this list fall back to binarySource=global.

cacheDir

By default Renovate stores cache data in a temporary directory like /tmp/renovate/cache. Use the cacheDir option to override this default.

The baseDir and cacheDir option may point to different directories. You can use one directory for the repo data, and another for the cache data.

For example:

{
  "baseDir": "/my-own-different-temporary-folder",
  "cacheDir": "/my-own-different-cache-folder"
}

cacheHardTtlMinutes

This experimental feature is used to implement the concept of a "soft" cache expiry for datasources, starting with npm. It should be set to a non-zero value, recommended to be at least 60 (i.e. one hour).

When this value is set, the npm datasource will use the cacheHardTtlMinutes value for cache expiry, instead of its default expiry of 15 minutes, which becomes the "soft" expiry value. Results which are soft expired are reused in the following manner:

  • The etag from the cached results will be reused, and may result in a 304 response, meaning cached results are revalidated
  • If an error occurs when querying the npmjs registry, then soft expired results will be reused if they are present

checkedBranches

This array will allow you to set the names of the branches you want to rebase/create, as if you selected their checkboxes in the Dependency Dashboard issue.

It has been designed with the intention of being run on one repository, in a one-off manner, e.g. to "force" the rebase of a known existing branch. It is highly unlikely that you should ever need to add this to your permanent global config.

Example: renovate --checked-branches=renovate/chalk-4.x renovate-reproductions/checked will rebase the renovate/chalk-4.x branch in the renovate-reproductions/checked repository.`

containerbaseDir

This directory is used to cache downloads when binarySource=docker or binarySource=install.

Use this option if you need such downloads to be stored outside of Renovate's regular cache directory (cacheDir).

customEnvVariables