I use the integrated Renovate bot in Gitlab to scan my Gitlab repository on dependent image updates. The bot scans the images used in my docker-compose.yml and looks at my private Azure Container Registry (ACR) if there are any dependent image updates. Currently this fails, as the image name used in my docker-compose.yml is not the same as the image name in my ACR. Renovate states that it cannot find my package. How do I solve this?
I know I have to usepackageRules and customManagers, but don't really understand how my renovate.json should look like implementing this.
Current setup
docker-compose.yml:
services:
prometheus:
image: <ACR_URL>/<TEAM>/prometheus:0.0.1
ACR image name:
<TEAM>/prometheus
Renovate bot logging:
{
"depName": "<ACR_URL>/<TEAM>/prometheus",
"currentValue": "0.0.1",
"replaceString": "<ACR_URL>/<TEAM>/prometheus:0.0.1",
"autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}",
"datasource": "docker",
"updates": [],
"packageName": "<ACR_URL>/<TEAM>/prometheus",
"versioning": "docker",
"warnings": [
{
"topic": "<ACR_URL>/<TEAM>/prometheus",
"message": "Failed to look up docker package <ACR_URL>/<TEAM>/prometheus"
}
]
},
This is my current renovate.json:
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:base"
],
"baseBranches": [
"main"
],
"hostRules": [
{
"matchHost": "$ACR_URL",
"username": "$ACR_USER",
"password": "$ACR_TOKEN"
}
],
"packageRules": [
{
"groupName": "all non-major dependencies",
"groupSlug": "all-minor-patch",
"matchPackagePatterns": [
"*"
],
"registryUrls": [
"$ACR_URL"
]
}
]
}
Working Renovate Configuration
Example .gitlab-ci.yml
image: renovate/renovate:37.382
stages:
- renovate
variables:
RENOVATE_BASE_DIR: $CI_PROJECT_DIR/renovate
RENOVATE_ENDPOINT: $CI_API_V4_URL
RENOVATE_EXTRA_FLAGS: --autodiscover=true
RENOVATE_HOST_RULES: |
[
{
"matchHost": "github.com",
"token": "$GITHUB_TOKEN"
},
{
"matchHost": "gitlab.<ENDPOINT>.com",
"token": "$GITLAB_ACCESS_TOKEN",
"authType": "Bearer"
},
{
"matchHost": "$ACR_URL",
"password": "$ACR_TOKEN",
"username": "$ACR_USER"
}
]
RENOVATE_ONBOARDING: "true"
RENOVATE_OPTIMIZE_FOR_DISABLED: "true"
RENOVATE_PLATFORM: gitlab
RENOVATE_REPOSITORY_CACHE: "true"
LOG_LEVEL: debug
.matrix:
parallel:
matrix:
- RENOVATE_AUTODISCOVER_FILTER: /<PARENT>/<SUBGROUPA>/.*/
- RENOVATE_AUTODISCOVER_FILTER: /<PARENT>/<SUBGROUPB>/<PROJECT>/
cache:
key: ${CI_COMMIT_REF_SLUG}-renovate
paths:
- $CI_PROJECT_DIR/renovate
run_renovate:
stage: renovate
resource_group: production
rules:
- if: '$CI_PIPELINE_SOURCE == "schedule"'
script:
- renovate $RENOVATE_EXTRA_FLAGS
extends: .matrix
renovate:
stage: renovate
script:
- renovate --dry-run $RENOVATE_EXTRA_FLAGS
extends: .matrix
With example renovate.json:
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:recommended"
],
"baseBranches": [
"main"
],
"packageRules": [
{
"groupName": "all non-major dependencies",
"matchPackagePatterns": [
"*"
],
"matchUpdateTypes": [
"minor",
"patch"
]
},
{
"groupName": "all major dependencies",
"matchPackagePatterns": [
"*"
],
"matchUpdateTypes": ["major"]
}
],
"pre-commit": {
"enabled": true
}
}
Working Renovate Configuration
Example .gitlab-ci.yml
image: renovate/renovate:37.382
stages:
- renovate
variables:
RENOVATE_BASE_DIR: $CI_PROJECT_DIR/renovate
RENOVATE_ENDPOINT: $CI_API_V4_URL
RENOVATE_EXTRA_FLAGS: --autodiscover=true
RENOVATE_HOST_RULES: |
[
{
"matchHost": "github.com",
"token": "$GITHUB_TOKEN"
},
{
"matchHost": "gitlab.<ENDPOINT>.com",
"token": "$GITLAB_ACCESS_TOKEN",
"authType": "Bearer"
},
{
"matchHost": "$ACR_URL",
"password": "$ACR_TOKEN",
"username": "$ACR_USER"
}
]
RENOVATE_ONBOARDING: "true"
RENOVATE_OPTIMIZE_FOR_DISABLED: "true"
RENOVATE_PLATFORM: gitlab
RENOVATE_REPOSITORY_CACHE: "true"
LOG_LEVEL: debug
.matrix:
parallel:
matrix:
- RENOVATE_AUTODISCOVER_FILTER: /<PARENT>/<SUBGROUPA>/.*/
- RENOVATE_AUTODISCOVER_FILTER: /<PARENT>/<SUBGROUPB>/<PROJECT>/
cache:
key: ${CI_COMMIT_REF_SLUG}-renovate
paths:
- $CI_PROJECT_DIR/renovate
run_renovate:
stage: renovate
resource_group: production
rules:
- if: '$CI_PIPELINE_SOURCE == "schedule"'
script:
- renovate $RENOVATE_EXTRA_FLAGS
extends: .matrix
renovate:
stage: renovate
script:
- renovate --dry-run $RENOVATE_EXTRA_FLAGS
extends: .matrix
With example renovate.json:
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:recommended"
],
"baseBranches": [
"main"
],
"packageRules": [
{
"groupName": "all non-major dependencies",
"matchPackagePatterns": [
"*"
],
"matchUpdateTypes": [
"minor",
"patch"
]
},
{
"groupName": "all major dependencies",
"matchPackagePatterns": [
"*"
],
"matchUpdateTypes": ["major"]
}
],
"pre-commit": {
"enabled": true
}
}