Skip to content

Configure Renovate Bot for Automated Dependency Management #43

New issue
New issue
Open
Open
Configure Renovate Bot for Automated Dependency Management#43
@DanyHenriquez

Description

@DanyHenriquez
DanyHenriquez
opened on May 17, 2025

Overview

Implement and configure Renovate bot to automatically manage dependencies by merging updates to the "next" branch and grouping non-major updates.

Description

We could implement Renovate bot to automate our dependency management process. The bot could be configured to target our "next" branch for all updates and group non-major updates together to reduce PR noise.

Requirements

  • Automatically merge dependency updates to the "next" branch
  • Group all non-major updates together in a single PR (Dependabot cannot do this)
  • Separate major updates into individual PRs (due to potential breaking changes)
  • Run on a regular schedule

Implementation Details

1. Base Configuration

Create a renovate.json file in the repository root:

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "config:base"
  ],
  "baseBranches": ["next"],
  "labels": ["dependencies"],
  "schedule": ["every weekend"],
  "automerge": true,
  "automergeType": "branch",
  "platformAutomerge": true,
  "major": {
    "automerge": false
  },
  "dependencyDashboard": true,
  "packageRules": [
    {
      "matchUpdateTypes": ["minor", "patch", "pin", "digest"],
      "groupName": "all non-major dependencies",
      "groupSlug": "all-minor-patch"
    }
  ]
}

2. GitHub Repository Settings

  • Enable Renovate GitHub app on the repository
  • Configure branch protection rules for the "next" branch to ensure CI passes before merging
  • Set up required status checks that must pass before PR can be merged

3. Additional Configuration Options to Consider

  • Custom labels for different types of dependency updates
  • Configuring ignored dependencies (if any)
  • Path-specific rules (if needed?)
  • Custom commit message format

Expected Outcome

  • Renovate will create grouped PRs for all non-major updates targeting the "next" branch
  • These grouped PRs will be automatically merged if CI passes
  • Major updates will be created as separate PRs requiring manual review
  • A dependency dashboard issue can be maintained to track all updates

Testing Plan

  1. After implementation, verify Renovate creates PRs against the "next" branch
  2. Confirm that non-major updates are grouped together
  3. Verify that automatic merging works correctly
  4. Check that major updates are properly separated for manual review

Resources

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions