Performing arbitrary executions with Renovate
For those who've not seen my blog recently, I've been doing a lot with Renovate recently for easing the maintenance of my dependencies. This works well when looking to manage dependency updates on your own terms, for instance with per-repository configuration, but sometimes you also want to force some updates across your projects.
As I mentioned in this GitHub Discussion:
For instance, let's say that in Go, there's a package called
github.com/<org>/grpc-models-go
and a Ruby gem calledgrpc-models
, and in v2.0.0 there's a required update that all repositories must update to, for some arbitrary reason.
Update 2023-07-31: I previously had released a package, @jamietanna/renovate-one-off
, for this, but it's not necessary.
This requires we set up the following config.js
:
module.exports = {
// --------------------------------------------------------------------------------
// required configuration, which makes sure that we don't require Renovate configuration, and even if it's there, we ignore it
"onboarding": false,
"requireConfig": "ignored",
// --------------------------------------------------------------------------------
//
// add any global `extends` here
// to only pin to certain package managers
enabledManagers: ["ruby", "gomod"],
packageRules: [
// make sure that everything but what we want to raise updates for is disabled
{
"matchPackagePatterns": [".*"],
"enabled": false
},
// for `grpc-models` the Ruby library, and github.com/<org>/grpc-models-go
{
"matchPackagePatterns": [".*grpc-models.*"],
"enabled": true,
"allowedVersions": ">=2.0.0"
},
]
};
From here, we can then run i.e.
npx renovate@latest --token $GITHUB_COM_TOKEN --autodiscover --autodiscover-filter '<org>/*'
Note that if you are running Renovate regularly using the same token as you're doing for this one-off, it may lead to closing existing Renovate PRs or Dependency Dashboards.