Use Gitea and Renovate bot to automatically monitor software packages

Nanguan Lin
3 min read

Introduction

Keeping your project's dependencies up-to-date is important to get bug fixes, new features and security updates. But manually checking and updating dozens of dependencies can be tedious. This tutorial will show you how to automate dependency updates using Gitea and Renovate bot.

There are various ways to use Renovate Bot in Gitea. You can set up your local Renovate bot instance or integrate it with third party CI/CD. In this tutorial, we will use Gitea Action(Gitea's built-in CI/CD) since it's probably the easiest out-of-the-box way.

Prerequisites

  • A Gitea server installed and running. If you don't have one, refer to the Gitea installation guide for your platform or you can try this on Gitea's Official Website.
  • Gitea Action enabled. If you don't know how to use Gitea Action for your local Gitea server, refer to the Quick Start or you can try this on Gitea's Official Website.
  • A repository in Gitea containing your project code.
  • Your project should have a package.json, requirements.txt or similar file defining its dependencies.

Step 1 - Create Renovate Bot Account

First, we need to create a Renovate bot account.

Renovate bot accout

Generate a token for this account for the Gitea Action secret.

generte token

Step 2 - Configure Repository Settings

We need to configure the Renovate bot for your repository.

Create a file called renovate.json in the root of your repository.

Add configuration options for Renovate:

{
  "extends": [
    "config:base"  
  ],
  "packageRules": [
    {
      "updateTypes": ["minor", "patch", "pin", "digest"],
      "automerge": true
    }
  ]
}

This enables minor and patch updates to be automatically merged once Renovate creates pull requests.

See Renovate official docs for more configuration details.

Then, add the Renovate Bot as a Collaborator.

Add Renovate bot as collaborator

Step 3 - Configure Renovate Bot

We create a repository to store our Renovate bot configurations, assuming called renovate-config.

In renovate-config, create a file config.js to configure Renovate:

module.exports = {
    "endpoint": "https://gitea.com/api/v1", // replace it with your actual endpoint
    "gitAuthor": "Renovate Bot <renovate-bot@yourhost.com>",
    "platform": "gitea",
    "onboardingConfigFileName": "renovate.json",
    "autodiscover": true,
    "optimizeForDisabled": true,
};

You can change the configuration according to the rules in Renovate official docs.

Step 4 - Configure Gitea Action

In the previous Renovate configuration repository, create a file renovate.yaml under .gitea/workflows:

name: renovate

on:
  schedule:
    - cron: "@daily"
  push:
    branches:
      - main

jobs:
  renovate:
    runs-on: ubuntu-latest
    container: ghcr.io/renovatebot/renovate:37.20.2
    steps:
      - uses: actions/checkout@v4
      - run: renovate
        env:
          RENOVATE_CONFIG_FILE: "/workspace/{{username}}/{{repo name}/config.js" # replace it with your config.js path
          LOG_LEVEL: "debug"
          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }} # your Revonate bot token

While Gitea Actions is designed with compatibility to GitHub Actions, there are some differences between the two. For a comprehensive understanding of these differences, you can refer to the Gitea Documentation.

Add the secret your defined in your renovate.yaml with your renovate bot token. so the renovate bot can have access to that account.

Add secret

Final

That's it! Just four simple steps to use the Renovate bot with Gitea Action.

Now just drink a cup of tea and wait for the Renovate bot to auto update dependencies.

Renovate bot