Mend Renovate
Renovate has its own documentation site that explains many of the different configurations that will be discussed in this document. For more in-depth reading, we highly suggest checking that site out: https://docs.renovatebot.com.
Introduction
Mend Renovate is a tool that allows developers to easily detect, test, and merge dependency updates as needed. There are three main strategies in managing dependency updates: Renovate Standalone on a Pipeline, Renovate Cloud either through the GitHub Marketplace App, through a Repository Integration, or through Renovate Enterprise, and Smart Merge Control.
Renovate Standalone on a Pipeline
At its core, Renovate is a JavaScript process that gets important dependency files from a repository, downloads version update information and changelogs, and then suggests updates to a dependency file through the use of a Pull Request. This process can be run as a pipeline in almost any Pipeline System with the use of the npx command. The Renovate Documentation contains information on how to run Renovate as a Pipeline for Azure DevOps and Azure DevOps Server, but this can be easily ported to other platforms. Customers tend to use this option if they are not scanning with any Mend Repository Integration solutions.
Pros | Cons |
|---|---|
Allows for configuration in most pipeline systems | Is not included in any Mend.io Technical Support contracts |
Allows for a “global configuration” using a | Does not inherently run on a cron job, but can be configured to do so from the pipeline level. |
Does not include Smart Merge Control as a feature. | |
Other Renovate features may not be supported depending on the platform the pipeline is running on. |
Renovate in the Cloud
Renovate can also be run as part of a Cloud-Hosted Repository Integration, or from a GitHub marketplace app. These methods consist of Mend hosting infrastructure to run Renovate as needed. The major differentiator between Renovate in the Cloud, and self-hosted renovate is that a global configuration with a config.js file is not possible. Instead, any configurations you want to inherit from should be added to a Shareable Config Preset. Customers will typically use this solution if they are using the Mend Repository Integrations to scan their repositories.
Pros | Cons |
|---|---|
Easy setup | Repository Integration is a part of Mend’s paid offering |
Mend-Hosted Infrastructure | Not a part of any Mend.io Technical Support contract |
Repository integration includes all features of Renovate Enterprise | No global configuration with a |
Can be self-hosted with the Self-Hosted Repository Integrations | Supports a limited number of SCM systems. |
Renovate Enterprise
Renovate Enterprise is Mend.io’s paid version of Renovate that allows customers to self-host a Renovate server with multiple workers. This setup allows customers full control over their Renovate environment, and is also included in Mend.io’s Technical Support Contract. This option is chosen when updated dependencies in repositories
Pros | Cons |
|---|---|
Full Control of Renovate Setup | Requires infrastructure on a scaling environment (such as K8s) |
Technical Support | |
Scaling | |
Has full feature support |