Post

Automate dependency updates with Renovate

Posted Updated
Preview Image
By Bill Schenk 2 min read

This post covers setting up Renovate with Portainer to automate dependency updates in GitLab projects. I’ll walk through deploying the Renovate docker container and connecting it to a self-hosted GitLab instance.

Setup Renovate

Create GitLab Personal Access Token

  1. Log in to your GitLab instance
  2. Navigate to Settings → Access Tokens
  3. Click “Create Token”
  4. Give your token a name (e.g., “renovate”)
  5. Select the required scopes: api, read_repository, and write_repository
  6. Click “Create Token”
  7. Copy and save your token securely

Create Docker Compose File

1
2
3
4
5
6
7
8
9
10
11
12
13
14

services:
  renovate:
    image: renovate/renovate:39.164.0
    container_name: renovate
    restart: unless-stopped
    environment:
      - LOG_LEVEL=debug
      - RENOVATE_TOKEN=${RENOVATE_TOKEN}
      - RENOVATE_PLATFORM=gitlab
      - RENOVATE_ENDPOINT=https://gitlab.schenk.tech/api/v4
      - RENOVATE_GIT_AUTHOR=Renovate Bot <renovatebot@schenk.tech>
      - RENOVATE_DEPENDENCY_DASHBOARD=true
      - RENOVATE_AUTODISCOVER=true
      - ASSIGNEE_USER=wschenk

Deploy to Portainer

  1. Log in to your Portainer instance
  2. Navigate to Stacks
  3. Click “Add stack”
  4. Name your stack (e.g., “renovate”)
  5. Paste the Docker Compose content

  6. Add your environment variables:

    1

    RENOVATE_TOKEN=your-gitlab-personal-access-token
  7. Click “Deploy the stack”

How it Works

Once deployed, Renovate will:

  1. Scan your GitLab repositories for dependencies
  2. Create a “Configure Renovate” merge request in each repository
  3. After merging the onboarding merge request, Renovate will:
    • Monitor your dependencies for updates
    • Create merge requests for outdated dependencies
    • Automatically merge minor and patch updates (based on configuration)

Example Merge Request

Renovate automatically creating a merge request to update Ruby Docker image

Ruby Docker image updated in GitLab

Monitoring

You can monitor Renovate’s activity through:

  1. Container logs in Portainer
  2. GitLab merge requests
  3. The Renovate Dashboard

Renovate Dashboard

After merging the onboarding merge request, Renovate creates a “Dependency Dashboard” issue in your repository. This dashboard issue provides:

  • A list of all detected dependencies
  • Update status for each dependency
  • Pending updates and their status
  • Configuration validation
  • Recent update history
  • Dependency update schedule
  • Package rules in effect

You can access this dashboard by viewing the issue labeled “Dependency Dashboard” in your repository’s issue tracker. The dashboard issue is automatically updated whenever Renovate runs, providing real-time visibility into your dependency status.

Renovate Dependency Dashboard

Note: The Dependency Dashboard is enabled in our configuration via the RENOVATE_DEPENDENCY_DASHBOARD=true environment variable in the docker-compose file.

Managing Renovate

To automate Renovate management, I updated my Portainer stack to use a git repository for the docker-compose.yml file. This enables GitOps workflow - when Renovate creates a merge request for itself, it triggers a webhook that pulls the latest docker-compose.yml and redeploys the container with updated settings.

Conclusion

Using Renovate with Portainer provides an efficient way to automate dependency updates across GitLab projects. The configuration is flexible enough to accommodate different update strategies while maintaining control over the update process. This approach helps keep dependencies up to date and reduces security vulnerability risks.

For more information about customizing Renovate for your needs, check out the Renovate documentation.

gitlab, renovate, updates
gitlab renovate
This post is licensed under CC BY 4.0 by the author.