Skip to main content
Skip table of contents

Common Practices for Renovate Configuration

Default Settings

Once in enabled, Renovate will create an onboarding pull request for the renovate.json configuration file. The default configuration comes with the preset config:recommended. This preset will enable the dependency dashboard for all supported integrations and group known mono-repo packages into a single PR. All configurations under config:recommended can be found in the Renovate documentation.

JSON 
{
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "extends": [
      "config:recommended"
   ]
}

Configuration Presets

Presets allow you to share Renovate configurations across all your repositories. Presets must be a JSON file committed to a repository in order to be referenced from other configurations.

Example

Preset named minor-updates.json stored in Mend-renovate-app/MyPresets repository:

minor-updates.json
JSON 
{
  "packageRules": [
     {
         "groupName": "Non-major dependency updates",
         "matchUpdateTypes": ["minor", "patch"]
     }
   ]
}

In your desired repository, add [SCM]>Mend-renovate-app/MyPresets:minor-updates to the extends section of your renovate.json file.

renovate.json inheriting from Github repository
JSON 
{
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "extends": [
      "config:recommended",
      "github>Mend-renovate-app/MyPresets:minor-updates"
   ]
}

For additional examples of referencing a preset in other SCM environments, see Preset Hosting in the Renovate documentation.

Commonly Set Parameters

  • prHourlyLimit - Sets the number of pull requests to be created per hour.

    • Setting to 0 means no limit.

    • Default value of 2

  • prConcurrentLimit - Limits the number of concurrent pull requests open at any time to reduce noise

    • Default value of 10

  • packageRules - Rules for matching packages and changing behavior.

    • dependencyDashboardApproval- tells Renovate to wait for approval from dependency dashboard before creating a pull request

    • matchUpdateTypes - Match rules against types of updates such as major, minor, patch

    • matchPackagePatterns - Package name patterns to match

    • labels - Add labels to Renovate pull requests

Only create pull requests for minor or patch versions of angular packages
JSON 
{
 "$schema": "https://docs.renovatebot.com/renovate-schema.json",
 "extends": ["config:recommended"],
 "packageRules": [
           {
       "matchPackagePatterns": ["^angular"],
       "matchUpdateTypes": ["minor", "patch"]
  }
 ]
}
Require dependency dashboard approval for all major angular packages
JSON 
{
 "$schema": "https://docs.renovatebot.com/renovate-schema.json",
 "extends": ["config:recommended"],
 "packageRules": [
     {
       "matchPackagePatterns": ["^angular"],
       "matchUpdateTypes": ["major"],
       "dependencyDashboardApproval": true
  }
 ]
}

Merge Confidence

Merge Confidence provides information to developers about how likely the proposed package update is to break their build right in the pull request. It analyzes adoption data from all Renovate users to provide the age of the package, the passing rate for tests, how many users are using the proposed package.

Merge Confidence can be leveraged with Smart Merge Control to reduce the amount of pull requests opened by Renovate.

image-20240517-183453.png
Enable Merge Confidence
JSON 
{
 "$schema": "https://docs.renovatebot.com/renovate-schema.json",
 "extends": ["config:recommended",
              "mergeConfidence:all-badges" ]
}

Supported Language

Not all languages supported by Renovate support merge confidence. The supported languages can be found within the Renovate documentation.

Lock File Maintenance

Lock File Maintenance is an optional setting that will keep the lock files in your repository up-to-date. When lock file maintenance is performed Renovate will do the following:

  • The lock file is deleted and the relevant package manager is executed.

  • That package manager creates a new lock file, where all dependencies are updated to the latest version.

  • Renovate then commits that lock file to the update branch and creates the update PR.

By default this is scheduled to occur before 4am every Monday. This can be changed by setting the schedule based on the Renovate Scheduling Syntax.

Lock File Maintenance every Sunday after 9pm
JSON 
{
 "$schema": "https://docs.renovatebot.com/renovate-schema.json",
 "extends": ["config:recommended"],
 "lockFileMaintenance": {
   "enabled": true,
   "schedule":["after 9pm on sunday"]
 }
}

Supported Lock Files

Supported lock files for lock file maintenance can be found in the Renovate Documentation.

Docker Images

Renovate supports upgrading dependencies in various Docker Definition Files. By Default, Renovate will preserves the precision of the version referenced in the definition file. The can be customized within the configuration. The recommended versioning is “loose” which will give Renovate more flexibility to identify the correct version.

Docker Updates with "loose" versioning
CODE 
{
 "$schema": "https://docs.renovatebot.com/renovate-schema.json",
 "extends": ["config:recommended"],
 "packageRules": [
   {
     "matchDatasources": ["docker"],
     "versioning": "loose"
   }
}

Smart Merge Control

Smart Merge Control is only available for Renovate EE and Mend SCA customers

Group Pull Requests

Renovate can group pull requests together to reduce the amount of pull requests being opened and make it easier to manage your dependencies. This is commonly done by merge confidence or the type of update.

Group High confidence Minor and Patch updates
JSON 
{
 "$schema": "https://docs.renovatebot.com/renovate-schema.json",
 "extends": ["config:recommended"],
  "packageRules": [
     {
      	 "groupName": "Mend: high confidence minor and patch dependency updates",
      	 "matchUpdateTypes": ["minor", "patch"],
      	 "matchConfidence": ["very high", "high"]
     }
 ]
}

Automerge

Renovate has the ability automatically merge package updates into the default branch if all tests past after the update. This can be useful for minor or patch updates which rarely have breaking changes or for lock file maintenance

Automerge minor or patch angular packages
JSON 
{
 "$schema": "https://docs.renovatebot.com/renovate-schema.json",
 "extends": ["config:recommended"],
 "packageRules": [
     {
       "matchPackagePatterns": ["^angular"],
       "matchUpdateTypes": ["minor", "patch"],
       "automerge": true
  }
 ]
}
Automerge Lock File Maintenance
CODE 
{
 "$schema": "https://docs.renovatebot.com/renovate-schema.json",
 "extends": ["config:recommended"],
 "lockFileMaintenance": {
   "enabled": true,
   "automerge": true
 }
}

Additional Smart Merge Control Information

Boost your pull request confidence using Mend Renovate’s Smart Merge Control

Renovate Smart Merge Control Implementation Examples

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close