Performing arbitrary executions with Renovate

Featured image for sharing metadata for article

For those who've not seen my blog recently, I've been doing a lot with Renovate recently for easing the maintenance of my dependencies. This works well when looking to manage dependency updates on your own terms, for instance with per-repository configuration, but sometimes you also want to force some updates across your projects.

As I mentioned in this GitHub Discussion:

For instance, let's say that in Go, there's a package called<org>/grpc-models-go and a Ruby gem called grpc-models, and in v2.0.0 there's a required update that all repositories must update to, for some arbitrary reason.

In this case, there's no handy way to roll out a change across your repos as part of Renovate, while also ignoring existing Renovate PRs or Dependency Dashboards, which meant I needed to roll my own lightweight wrapper on top of Renovate, which is available in the new NPM package, @jamietanna/renovate-one-off.

As mentioned in the README, can be run like so:

renovate-one-off --token $GITHUB_COM_TOKEN --autodiscover --autodiscover-filter '<org>/*'

This works alongside a config.js:

module.exports = {
  // i.e.
  platform: "github",
  // if you pin to forks, for instance
  includeForks: true,

  // to only pin to certain package managers
  enabledManagers: ["ruby", "gomod"],

  packageRules: [
    // make sure that everything but what we want to raise updates for is disabled
      "matchPackagePatterns": [".*"],
      "enabled": false
    // for `grpc-models` the Ruby library, and<org>/grpc-models-go
      "matchPackagePatterns": [".*grpc-models.*"],
      "enabled": true,
      "allowedVersions": ">=2.0.0"

Which will then raise any relevant PRs your organisation for relevant package updates - straightforward, and only rolls out the changes as required!

Written by Jamie Tanna's profile image Jamie Tanna on , and last updated on .

Content for this article is shared under the terms of the Creative Commons Attribution Non Commercial Share Alike 4.0 International, and code is shared under the Apache License 2.0.

#blogumentation #renovate #open-source #security #typescript.

Also on:

This post was filed under articles.

Interactions with this post

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.