top of page

Renovate JS: Automated Dependencies Update

Updated: Feb 25, 2022

In Software Development keeping up to date with technology updates is crucial. This is true both for developers as they learn and renew their skills, and also for the projects they work on and maintain.

When the project grows, new features and libraries are added. But the versions of the libraries and packages remain the same the team never updates them. That is why Renovate was born.



What is Renovate?

Renovate is an Open Source tool to automate:

  • Detecting dependencies in a repository (Open Source and private/closed source)

  • Checking if there are dependency updates

  • Creating commits and Merge/Pull Requests to update dependencies

  • Showing the release notes


Why use Renovate?

  • Get automated Pull Requests to update your dependencies

  • Solving problems from old versions.

  • Decreasing the time needed to fix vulnerabilities

  • Increasing the overall performance.

  • Adding new features.

  • Open-source (installable via npm/Yarn or Docker Hub) so can be self-hosted or used via GitHub App

  • ...


How to use Renovate?


Install via npm

npm install --save-dev renovate

Create a renovate.json file and place it in the root directory of your repo. If you are using nx to develop front-end, you can ignore nx packages because they are managed automatically by nx framework. You can refer to this document if you want to customize the settings



{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": ["config:base", "group:allNonMajor"],
  "baseBranches": ["develop"],
  "packageRules": [
    {
      "matchDepTypes": ["engines"],
      "enabled": false
    }
  ],
  "ignoreDeps": [
    "@nrwl/angular",
    "@nrwl/cli",
    "@nrwl/create-nx-plugin",
    "@nrwl/create-nx-workspace",
    "@nrwl/cypress",
    "@nrwl/detox",
    "@nrwl/devkit",
    "@nrwl/eslint-plugin-nx",
    "@nrwl/express",
    "@nrwl/gatsby",
    "@nrwl/jest",
    "@nrwl/js",
    "@nrwl/linter",
    "@nrwl/nest",
    "@nrwl/next",
    "@nrwl/node",
    "@nrwl/nx-plugin",
    "@nrwl/nx",
    "@nrwl/react-native",
    "@nrwl/react",
    "@nrwl/storybook",
    "@nrwl/tao",
    "@nrwl/web"
  ]
}

Please remember to push the renovate commit to the default branch beforing runing renovate command


npx renovate --token ${{ github_secret_token }} --platform github --endpoint https://github.com/api/v3/ ${{ github.repository }}

Open the PR in your repository and you will see there are a lot of dependencies that need to be updated

With the above renovate configuration.

  • All non-major packages will be combined updating in only one Pull Request.

  • The major version will be updated in another separated Pull Request


Inside every Pull Request will have

  • List of the package(s) need to be updated with Change version


  • Release notes and also the Vulnerability Alerts


After reviewing the PRs, you are able to merge them to your defined base branch



That's all for Renovate. Hope you enjoy trying!

There are a dozen of features you may want to try here

89 views0 comments

Comments


bottom of page