How to setup Renovate? #2108

kierun commented 2025年08月27日 12:11:56 +02:00

Comment

I am trying to set up CI (Woodpecker) to run Renovate and cannot figure out what I am missing.

• My current attempt is here... It's not working.
• I have seen this example repo, but it's just uncommented source code which does not help much.
• I have read the Renovate docs, but again I am struggling to figure out all the moving parts.
• This blog post suggest using a command line with a token.... What token? Where do I get it from? Why is it utterly different from this?

I am 💯happy to create the documentation once I have got it working, but I need some help before that happens.

### Comment I am trying to set up CI (Woodpecker) to run Renovate and cannot figure out what I am missing. - [My current attempt is here](https://codeberg.org/kierun/pynpc/src/branch/feat/renovate)... It's not working. - I have seen [this example repo](https://codeberg.org/woodpecker-plugins/renovate-config), but it's just uncommented source code which does not help much. - I have read the [Renovate docs](https://docs.renovatebot.com/modules/platform/forgejo/), but again I am struggling to figure out all the moving parts. - [This blog post suggest using a command line with a token...](https://dille.name/blog/2023/01/15/using-renovate-with-codeberg/). What token? Where do I get it from? Why is it utterly different from [this](https://codeberg.org/woodpecker-plugins/renovate-config)? I am 💯happy to create the documentation once I have got it working, but I need some help before that happens.

kierun commented 2025年08月27日 13:43:32 +02:00

@kierun wrote in #2108 (comment):

• I have seen this example repo, but it's just uncommented source code which does not help much.

Apparently, I should not be using this at all which is fine.

This does leave me even more confused.

@kierun wrote in https://codeberg.org/Codeberg/Community/issues/2108#issue-2240830: > * I have seen [this example repo](https://codeberg.org/woodpecker-plugins/renovate-config), but it's just uncommented source code which does not help much. Apparently, [I should not be using this at all](https://codeberg.org/woodpecker-plugins/renovate-config/issues/10#issuecomment-6733420) which is fine. This does leave me even more confused.

gedankenstuecke commented 2025年08月27日 14:50:47 +02:00

As far as I know, there is no Codeberg-wide bot for running Renovate for users, so you would have to setup your own, which is also why you would need a Personal Access Token, which allows Renovate to interact with Forgejo/Codeberg on that accounts behalf: https://docs.renovatebot.com/modules/platform/forgejo/

This also means that you'd have to host your own instance of Renovate somewhere for the regular checks as far as I can tell: https://docs.renovatebot.com/examples/self-hosting/

As far as I know, there is no Codeberg-wide bot for running Renovate for users, so you would have to setup your own, which is also why you would need a Personal Access Token, which allows Renovate to interact with Forgejo/Codeberg on that accounts behalf: https://docs.renovatebot.com/modules/platform/forgejo/ This also means that you'd have to host your own instance of Renovate somewhere for the regular checks as far as I can tell: https://docs.renovatebot.com/examples/self-hosting/

KhalidAlansary commented 2025年10月30日 14:23:01 +01:00

Hi @kierun . Did you manage to set it up for yourself? If so, can you share an example or steps?

Hi @kierun . Did you manage to set it up for yourself? If so, can you share an example or steps?

kierun commented 2025年10月30日 15:05:20 +01:00

@KhalidAlansary wrote in #2108 (comment):

Hi @kierun . Did you manage to set it up for yourself? If so, can you share an example or steps?

No, I am afraid not.

@KhalidAlansary wrote in https://codeberg.org/Codeberg/Community/issues/2108#issuecomment-8003228: > Hi @kierun . Did you manage to set it up for yourself? If so, can you share an example or steps? No, I am afraid not.

mrrfv commented 2025年11月15日 20:39:44 +01:00

I've just set it up on my server running Docker (mrrenovation-bot). We'll see how it fares in the long run.

What's interesting is that there was no confirmation when adding the bot as a collaborator. In theory, this means anyone can add mrrenovation-bot as one and benefit from the updates. If this has no security implications, I'm happy to host this for anyone not willing to manage their own bot.

Anyway, here are the instructions:

First, you need to create a new Codeberg account for your Renovate bot, and then set up a Personal Access Token (Settings -> Applications) according to the documentation. Add your bot as a collaborator in your repository so the autodiscover feature works.

Self-hosted Renovate reads configuration from a config.js file, so you need to create one and populate it with all necessary settings. Below is a minimal example.

module.exports = {
 platform: 'forgejo',
 endpoint: 'https://codeberg.org',
 token: '<YOUR_PAT_HERE>',
 gitAuthor: 'BOT_NAME_HERE <BOT_EMAIL_HERE>',
 autodiscover: true
}

See the self-hosted configuration docs for more options.

Finally, spin up a Renovate Docker container, with e.g.:

services:renovate:image:renovate/renovatevolumes:- ./config.js:/usr/src/app/config.js# Edit: Renovate appears to exit after a successful check. Instead of this, run it via cron.# restart: always

If you did everything right, you should see a "Configure Renovate" PR soon.

I've just set it up on my server running Docker ([`mrrenovation-bot`](https://codeberg.org/mrrenovation-bot)). We'll see how it fares in the long run. What's interesting is that there was no confirmation when adding the bot as a collaborator. In theory, this means anyone can add `mrrenovation-bot` as one and benefit from the updates. If this has no security implications, I'm happy to host this for anyone not willing to manage their own bot. Anyway, here are the instructions: First, you need to create a new Codeberg account for your Renovate bot, and then set up a Personal Access Token (Settings -> Applications) according to the [documentation](https://docs.renovatebot.com/modules/platform/forgejo/). Add your bot as a collaborator in your repository so the autodiscover feature works. Self-hosted Renovate reads configuration from a config.js file, so you need to create one and populate it with all necessary settings. Below is a minimal example. ```js module.exports = { platform: 'forgejo', endpoint: 'https://codeberg.org', token: '<YOUR_PAT_HERE>', gitAuthor: 'BOT_NAME_HERE <BOT_EMAIL_HERE>', autodiscover: true } ``` See the self-hosted configuration [docs](https://docs.renovatebot.com/self-hosted-configuration/) for more options. Finally, spin up a Renovate Docker container, with e.g.: ```yaml services: renovate: image: renovate/renovate volumes: - ./config.js:/usr/src/app/config.js # Edit: Renovate appears to exit after a successful check. Instead of this, run it via cron. # restart: always ``` If you did everything right, you should see a "Configure Renovate" PR soon.

kierun commented 2025年11月18日 14:36:11 +01:00

@mrrfv I just tried your setup and got a "Configure Renovate" PR.

It had a warning: Failed to look up python-version package python which I ignored since it does not feel like it was needed as I have requires-python = ">=3.11,<4.0" in py pyproject.toml file. A .python-version exists, but is in .gitignore so I guess it should be local? ̄_(ツ)_/ ̄

I ran the docker-compose a few times, but did not get a new PR, despite having plenty of dependencies out of date. 🤔

✓ python-3.14 (main|✓) ; uv sync --upgrade --dry-run
Would use project environment at: .direnv/python-3.14
Resolved 89 packages in 1.07s
Would update lockfile at: uv.lock
Would download 24 packages
Would uninstall 23 packages
Would install 24 packages
[...]

The logs I got are below:

✓ ; docker compose up 
Attaching to renovate-1
renovate-1 | (node:9) [DEP0169] DeprecationWarning: `url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities.
renovate-1 | (Use `node --trace-deprecation ...` to show where the warning was created)
renovate-1 | INFO: Autodiscovered repositories
renovate-1 | "length": 1,
renovate-1 | "repositories": ["kierun/pynpc"]
renovate-1 | INFO: Repository started (repository=kierun/pynpc)
renovate-1 | "renovateVersion": "42.14.1"
renovate-1 | INFO: Dependency extraction complete (repository=kierun/pynpc, baseBranch=main)
renovate-1 | "stats": {
renovate-1 | "managers": {
renovate-1 | "pep621": {"fileCount": 1, "depCount": 30},
renovate-1 | "woodpecker": {"fileCount": 5, "depCount": 7}
renovate-1 | },
renovate-1 | "total": {"fileCount": 6, "depCount": 37}
renovate-1 | }
renovate-1 | INFO: Repository finished (repository=kierun/pynpc)
renovate-1 | "cloned": true,
renovate-1 | "durationMs": 2685,
renovate-1 | "result": "done",
renovate-1 | "status": "onboarded",
renovate-1 | "enabled": true,
renovate-1 | "onboarded": true
renovate-1 | INFO: Renovate was run at log level "info". Set LOG_LEVEL=debug in environment variables to see extended debug logs.
renovate-1 exited with code 0

Am I doing something wrong?

@mrrfv I just tried your setup and got a "Configure Renovate" PR. It had a warning: `Failed to look up python-version package python` which I ignored since it does not feel like it was needed as I have `requires-python = ">=3.11,<4.0"` in py `pyproject.toml` file. A `.python-version` exists, but is in `.gitignore` so I guess it should be local? ̄\_(ツ)_/ ̄ I ran the docker-compose a few times, but did not get a new PR, despite having plenty of dependencies out of date. 🤔 ```bash ✓ python-3.14 (main|✓) ; uv sync --upgrade --dry-run Would use project environment at: .direnv/python-3.14 Resolved 89 packages in 1.07s Would update lockfile at: uv.lock Would download 24 packages Would uninstall 23 packages Would install 24 packages [...] ``` The logs I got are below: ```bash ✓ ; docker compose up Attaching to renovate-1 renovate-1 | (node:9) [DEP0169] DeprecationWarning: `url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities. renovate-1 | (Use `node --trace-deprecation ...` to show where the warning was created) renovate-1 | INFO: Autodiscovered repositories renovate-1 | "length": 1, renovate-1 | "repositories": ["kierun/pynpc"] renovate-1 | INFO: Repository started (repository=kierun/pynpc) renovate-1 | "renovateVersion": "42.14.1" renovate-1 | INFO: Dependency extraction complete (repository=kierun/pynpc, baseBranch=main) renovate-1 | "stats": { renovate-1 | "managers": { renovate-1 | "pep621": {"fileCount": 1, "depCount": 30}, renovate-1 | "woodpecker": {"fileCount": 5, "depCount": 7} renovate-1 | }, renovate-1 | "total": {"fileCount": 6, "depCount": 37} renovate-1 | } renovate-1 | INFO: Repository finished (repository=kierun/pynpc) renovate-1 | "cloned": true, renovate-1 | "durationMs": 2685, renovate-1 | "result": "done", renovate-1 | "status": "onboarded", renovate-1 | "enabled": true, renovate-1 | "onboarded": true renovate-1 | INFO: Renovate was run at log level "info". Set LOG_LEVEL=debug in environment variables to see extended debug logs. renovate-1 exited with code 0 ``` Am I doing something wrong?

kierun commented 2025年11月18日 15:49:25 +01:00

Running with debug, I get these:

renovate-1 | {
renovate-1 | "packageName": "pytest",
renovate-1 | "depName": "pytest",
renovate-1 | "datasource": "pypi",
renovate-1 | "depType": "dependency-groups",
renovate-1 | "currentValue": ">=8.4.0",
renovate-1 | "managerData": {"depGroup": "dev"},
renovate-1 | "lockedVersion": "8.4.2",
renovate-1 | "updates": [],
renovate-1 | "versioning": "pep440",
renovate-1 | "warnings": [],
renovate-1 | "sourceUrl": "https://github.com/pytest-dev/pytest",
renovate-1 | "registryUrl": "https://pypi.org/pypi",
renovate-1 | "changelogUrl": "https://docs.pytest.org/en/stable/changelog.html",
renovate-1 | "mostRecentTimestamp": "2025年11月12日T13:05:07.000Z",
renovate-1 | "currentVersion": "8.4.2",
renovate-1 | "currentVersionTimestamp": "2025年11月12日T13:05:07.000Z",
renovate-1 | "currentVersionAgeInDays": 6,
renovate-1 | "fixedVersion": "8.4.2"
renovate-1 | },

So the current version is 8.4.2 (correct) and there is a new version 9.0.1 which was not detected. uv sync --upgrade --dry-run did detect it.

🤔

Running with debug, I get these: ``` renovate-1 | { renovate-1 | "packageName": "pytest", renovate-1 | "depName": "pytest", renovate-1 | "datasource": "pypi", renovate-1 | "depType": "dependency-groups", renovate-1 | "currentValue": ">=8.4.0", renovate-1 | "managerData": {"depGroup": "dev"}, renovate-1 | "lockedVersion": "8.4.2", renovate-1 | "updates": [], renovate-1 | "versioning": "pep440", renovate-1 | "warnings": [], renovate-1 | "sourceUrl": "https://github.com/pytest-dev/pytest", renovate-1 | "registryUrl": "https://pypi.org/pypi", renovate-1 | "changelogUrl": "https://docs.pytest.org/en/stable/changelog.html", renovate-1 | "mostRecentTimestamp": "2025年11月12日T13:05:07.000Z", renovate-1 | "currentVersion": "8.4.2", renovate-1 | "currentVersionTimestamp": "2025年11月12日T13:05:07.000Z", renovate-1 | "currentVersionAgeInDays": 6, renovate-1 | "fixedVersion": "8.4.2" renovate-1 | }, ``` So the current version is `8.4.2` (correct) and there is a new version `9.0.1` which was not detected. `uv sync --upgrade --dry-run` did detect it. 🤔

kierun commented 2025年11月19日 11:02:53 +01:00

More weirdness, this time the warning is WARN: No tool releases found. ...

[More weirdness](https://github.com/renovatebot/renovate/discussions/39399), this time the warning is `WARN: No tool releases found.` ...