Track your development dependencies using Renovate and Gitlab

New projects are using a lot of dependencies. From the simple Hello world example to your production application, a tons of dependencies are installed.

To keep them updated, having a reminder like a Merge request is helping you to keep them up to date.

The best tool I know for this kind of work is Renovate. Used by some major Open source projects, it works for NPM, PHP, Docker, Python and other programming language. It also support private registry and that's awesome!

Using a cronjob it can every hour check if a new version of your dependency was released.

Here is an exemple for Kubernetes.

apiVersion: v1
kind: Secret
metadata:
  name: renovate-env
  namespace: default
type: Opaque
stringData:
  renovate-platform: 'gitlab'
  renovate-endpoint: 'https://gitlab.evilcorp.com/api/v4'
  renovate-token: '****'
  github-token: '****'
  renovate-autodiscover: 'false'

---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: renovate
  namespace: default
spec:
  schedule: "@hourly"
  concurrencyPolicy: Forbid
  jobTemplate:
    spec:
      template:
        spec:
          containers:
            - name: renovate
              image: renovate/renovate:latest
              imagePullPolicy: IfNotPresent
              args:
                - evilcorp/evil-project
                - evilcorp/white-rose
              env:
                - name: RENOVATE_PLATFORM
                  valueFrom:
                    secretKeyRef:
                      key: renovate-platform
                      name: renovate-env
                - name: RENOVATE_ENDPOINT
                  valueFrom:
                    secretKeyRef:
                      key: renovate-endpoint
                      name: renovate-env
                - name: RENOVATE_TOKEN
                  valueFrom:
                    secretKeyRef:
                      key: renovate-token
                      name: renovate-env
                - name: GITHUB_COM_TOKEN
                  valueFrom:
                    secretKeyRef:
                      key: github-token
                      name: renovate-env
                - name: RENOVATE_AUTODISCOVER
                  valueFrom:
                    secretKeyRef:
                      key: renovate-autodiscover
                      name: renovate-env
                - name: NO_PROXY
                  value: "mycustom-registry.localhost"
                - name: NODE_TLS_REJECT_UNAUTHORIZED
                  value: "0"
          restartPolicy: Never

You will then have an awesome bot creating MR on your project.