Performing arbitrary executions with Renovate

Featured image for sharing metadata for article

For those who've not seen my blog recently, I've been doing a lot with Renovate recently for easing the maintenance of my dependencies. This works well when looking to manage dependency updates on your own terms, for instance with per-repository configuration, but sometimes you also want to force some updates across your projects.

As I mentioned in this GitHub Discussion:

For instance, let's say that in Go, there's a package called<org>/grpc-models-go and a Ruby gem called grpc-models, and in v2.0.0 there's a required update that all repositories must update to, for some arbitrary reason.

Update 2023-07-31: I previously had released a package, @jamietanna/renovate-one-off, for this, but it's not necessary.

This requires we set up the following config.js:

module.exports = {
  // --------------------------------------------------------------------------------
  // required configuration, which makes sure that we don't require Renovate configuration, and even if it's there, we ignore it
  "onboarding": false,
  "requireConfig": "ignored",

  // --------------------------------------------------------------------------------
  // add any global `extends` here

  // to only pin to certain package managers
  enabledManagers: ["ruby", "gomod"],

  packageRules: [
    // make sure that everything but what we want to raise updates for is disabled
      "matchPackagePatterns": [".*"],
      "enabled": false
    // for `grpc-models` the Ruby library, and<org>/grpc-models-go
      "matchPackagePatterns": [".*grpc-models.*"],
      "enabled": true,
      "allowedVersions": ">=2.0.0"

From here, we can then run i.e.

npx renovate@latest --token $GITHUB_COM_TOKEN --autodiscover --autodiscover-filter '<org>/*'

Note that if you are running Renovate regularly using the same token as you're doing for this one-off, it may lead to closing existing Renovate PRs or Dependency Dashboards.

Written by Jamie Tanna's profile image Jamie Tanna on , and last updated on .

Content for this article is shared under the terms of the Creative Commons Attribution Non Commercial Share Alike 4.0 International, and code is shared under the Apache License 2.0.

#blogumentation #renovate #open-source #security #typescript.

This post was filed under articles.

Interactions with this post

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.