Skip to main content
IanB

streamlining docker compose file updates wit gitlab CI/CD and renovate

·255 words·2 mins
Author
Ian Blockmans
I make things and also virtual things
Table of Contents

Keeping track of updates is a pain
#

CI/CD and Renovate
#

Configuration
#

renovate selfhosted
#

docker compose file running renovate locally.

services:
  renovate:
    image: ghcr.io/mend/renovate-ce:13.6.0
    environment:
      - LOG_LEVEL=DEBUG
      - MEND_RNV_ACCEPT_TOS=y
      - MEND_RNV_LICENSE_KEY=${MEND_RNV_LICENSE_KEY}
      #gitlab config
      - MEND_RNV_PLATFORM=gitlab
      - MEND_RNV_ENDPOINT=${MEND_RNV_ENDPOINT}
      - MEND_RNV_GITLAB_PAT=${MEND_RNV_GITLAB_PAT}
      - MEND_RNV_ADMIN_TOKEN=${MEND_RNV_GITLAB_PAT}
      - MEND_RNV_WEBHOOK_SECRET=${MEND_RNV_WEBHOOK_SECRET}
      #github
      - GITHUB_COM_TOKEN=${GITHUB_COM_TOKEN}
    #    volumes:
    #      - /nfs/configs/renovate/config.js:/usr/src/app/config.js
    ports:
      - 8543:8080
    volumes:
      - /tmp/renovate-db/:/db/

GitLab
#

Base config
#

Impersonate renovate bot and create an access token. It should have the following scopes: api, read_user, write_repository. Then in the admin area create a system webhook fill in URL: http://10.0.10.7:8543/webhook, Secret token: MEND_RNV_WEBHOOK_SECRET, tick repository events, push events and merge requests and disable ssl.

Gitlab CI/CD
#

First i need ro be able to update the docker container with a simple git push.

here is an example for my selfhosted renovate .gitlab-ci.yml file.

stages:
  - deploy-renovate

deploy_renovate:
  stage: deploy-renovate
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
  image: 
    name: docker:latest
    pull_policy: if-not-present
  tags:
    - docker
    - router

  before_script:
    ## Install packages
    - apk add nfs-utils

    # add nfs share
    - mkdir /nfs
    - mount -t nfs -o nolock 10.0.10.5:/mnt/spark/NFSdocker/nfsdckr /nfs 
  script:
    - cp -f compose.yaml /nfs/configs/dockge/dockge-router/stacks/renovate/
    - cp -f .env /nfs/configs/dockge/dockge-router/stacks/renovate/
    - cd /nfs/configs/dockge/dockge-router/stacks/renovate/
    - docker-compose up -d

per repo renovate config
#

gitlab webhooks for issue events are on a repository basis so every repository that has renovate enabled should also have extra webhooks configured. go to Settings -> Webhooks -> add new webhook. Then fill in URL: http://10.0.10.7:8543/webhook, Secret token: MEND_RNV_WEBHOOK_SECRET, tick Issue events, disable ssl and then add webhook.

Related