Skip to content
Snippets Groups Projects
Select Git revision
  • main default protected
  • gh-readonly-queue/next/pr-35009-e87055a655c337959be79ea8baf3fa1f165aaa03
  • next
  • feat/21347-autodiscoverfilter-multiple-exclusions
  • feat/node-v22
  • fix/apply_static_config
  • fix/regex-handling
  • feat/24459-bun-workspaces-wip
  • ci/test-windows-2025
  • fix/32967-toml-templates
  • feat/24513-is-breaking
  • feat/scm-stats
  • feat/28300-enforce-top-level-options
  • feat/modern-encryption
  • feat/19980-renovate-compatibility
  • test/vitest
  • feat/i18n
  • archive/esm
  • 39.220.4
  • 39.220.3
  • 39.220.2
  • 39.220.1
  • 39.220.0
  • 39.219.3
  • 39.219.2
  • 39.219.1
  • 39.219.0
  • 39.218.1
  • 39.218.0
  • 39.217.0
  • 39.216.1
  • 39.216.0
  • 39.215.2
  • 39.215.1
  • 39.215.0
  • 39.214.0
  • 39.213.6
  • 39.213.5
38 results
Blame Permalink
  • Rhys Arkins's avatar
    d471ed83
    feat: deprecate platform tokens (#3067) · d471ed83
    Rhys Arkins authored 
    Deprecate use of “special” env var like `GITHUB_TOKEN` and instead standardize on `RENOVATE_*` environment variables instead.

Closes #2834

BREAKING CHANGE: For GitHub, GitLab, Bitbucket and VSTS you need to migrate `*_ENDPOINT` to `RENOVATE_ENDPOINT`, `*_TOKEN` to `RENOVATE_TOKEN`, and same for `BITBUCKET_USERNAME` and `BITBUCKET_PASSWORD`.
    d471ed83
    History
    feat: deprecate platform tokens (#3067)
    Rhys Arkins authored 
    Deprecate use of “special” env var like `GITHUB_TOKEN` and instead standardize on `RENOVATE_*` environment variables instead.

Closes #2834

BREAKING CHANGE: For GitHub, GitLab, Bitbucket and VSTS you need to migrate `*_ENDPOINT` to `RENOVATE_ENDPOINT`, `*_TOKEN` to `RENOVATE_TOKEN`, and same for `BITBUCKET_USERNAME` and `BITBUCKET_PASSWORD`.
self-hosting.md 6.74 KiB

Self-Hosting Renovate

Open Source vs Commercial versions

Although Renovate is now best known as a "service" via the GitHub App, that service is actually running this same open source project, so you can get the same functionality if running it yourself. The version you see here in this repository can be cloned or npm installed in seconds and give you the same core functionality as in the app.

There is also a commercially-licensed "Professional Edition" of Renovate available for GitHub Enterprise, that includes a stateful priority job queue, background scheduler and webhook listener. For details and documentation on Renovate Pro, please visit renovatebot.com/pro.

Installing Renovate OSS

npmjs

$ npm install -g renovate

Docker

Renovate is available for Docker via an automated build renovate/renovate. It builds latest based on the master branch and all semver tags are published too. All the following are valid:

$ docker run renovate/renovate
$ docker run renovate/renovate:13.1.1
$ docker run renovate/renovate:13.1
$ docker run renovate/renovate:13

(Please look up what the latest actual tags are though, do not use the above literally).

If you wish to configure Renovate using a config.js file then map it to /usr/src/app/config.js using Docker volumes.

Kubernetes

Renovate's official Docker image is compatible with Kubernetes. The following is an example manifest of running Renovate against a GitHub Enterprise server. First the Kubernetes manifest:

apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: renovate
spec:
  schedule: '@hourly'
  concurrencyPolicy: Forbid
  jobTemplate:
    spec:
      template:
        spec:
          containers:
            - name: renovate
              # Update this to the latest available and then enable Renovate on the manifest
              image: renovate/renovate:13.153.0
              # Environment Variables
              env:
                - name: RENOVATE_PLATFORM
                  valueFrom:
                    secretKeyRef:
                      key: renovate-platform
                      name: renovate-env
                - name: RENOVATE_ENDPOINT
                  valueFrom:
                    secretKeyRef:
                      key: renovate-endpoint
                      name: renovate-env
                - name: RENOVATE_TOKEN
                  valueFrom:
                    secretKeyRef:
                      key: renovate-token
                      name: renovate-env
                - name: GITHUB_COM_TOKEN
                  valueFrom:
                    secretKeyRef:
                      key: github-token
                - name: RENOVATE_AUTODISCOVER
                  valueFrom:
                    secretKeyRef:
                      key: renovate-autodiscover
                      name: renovate-env
          restartPolicy: Never

And also this accompanying secret.yaml:

apiVersion: v1
kind: Secret
metadata:
  name: renovate-env
type: Opaque
stringData:
  renovate-platform: 'github'
  renovate-endpoint: 'https://github.company.com/api/v3'
  renovate-token: 'your-github-enterprise-renovate-user-token'
  github-token: 'any-personal-user-token-for-github-com-for-fetching-changelogs'
  renovate-autodiscover: 'true'

Authentication

You need to select a repository user for renovate to assume the identity of, and generate a Personal Access Token. It's strongly recommended that you use a dedicated "bot" account for this to avoid user confusion and to avoid the Renovate bot mistaking changes you have made or PRs you have raised for its own.

You can find instructions for GitHub here (select "repo" permissions)

You can find instructions for GitLab here.

You can find instructions for Bitbucket AppPasswords here.

Note: you should also configure a GitHub token even if your source host is GitLab or Bitbucket, because Renovate will need to perform many queries to github.com in order to retrieve Release Notes.

You can find instructions for VSTS vsts.

This token needs to be configured via file, environment variable, or CLI. See docs/configuration.md for details. The simplest way is to expose it as RENOVATE_TOKEN.

For Bitbucket, you can configure RENOVATE_USERNAME and RENOVATE_PASSWORD.

Usage

The following example uses the Renovate CLI tool, which can be installed by running npm i -g renovate.

If running your own Renovate bot then you will need a user account that Renovate will run as. It's recommended to use a dedicated account for the bot, e.g. name it renovate-bot if on your own instance. Create and save a Personal Access Token for this account.

Create a Renovate config file, e.g. here is an example:

module.exports = {
  endpoint: 'https://self-hosted.gitlab/api/v4/',
  token: '**gitlab_token**',
  platform: 'gitlab',
  logFileLevel: 'warn',
  logLevel: 'info',
  logFile: '/home/user/renovate.log',
  onboarding: true,
  onboardingConfig: {
    extends: ['config:base'],
  },
  repositories: ['username/repo', 'orgname/repo'],
};

Here change the logFile and repositories to something appropriate. Also replace gitlab-token value with the one created during the previous step.

If running against GitHub Enterprise, change the above gitlab values to the equivalent github ones.

You can save this file as anything you want and then use RENOVATE_CONFIG_FILE env variable to tell Renovate where to find it.

Most people will run Renovate via cron, e.g. once per hour. Here is an example bash script that you can point cron to:

#!/bin/bash

export PATH="/home/user/.yarn/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH"
export RENOVATE_CONFIG_FILE="/home/user/renovate-config.js"
export RENOVATE_TOKEN="**some-token**" # GitHub, GitLab, Azure DevOps or BitBucket
export GITHUB_COM_TOKEN="**github-token**" # Delete this if using github.com

# Renovate
renovate

Note: the GitHub.com token in env is necessary in order to retrieve Release Notes that are usually hosted on github.com. You don't need to add it if you are already running the bot against github.com, but you do need to add it if you're using GitHub Enterprise, GitLab, Azure DevOps, or Bitbucket.

You should save and test out this script manually first, and add it to cron once you've verified it.

Deployment

See deployment docs for details.