From 193c449e650c82a8d0ce28cff1ecd76eb0944fbe Mon Sep 17 00:00:00 2001 From: Vincent Mahnke Date: Tue, 7 Apr 2026 21:26:01 +0200 Subject: [PATCH] chore: Initial commit --- 1-setup/README.md | 50 ++++++++++++ 2-dockerfile-dry-run/Dockerfile | 7 ++ 2-dockerfile-dry-run/README.md | 135 ++++++++++++++++++++++++++++++++ README.md | 15 ++++ 4 files changed, 207 insertions(+) create mode 100644 1-setup/README.md create mode 100644 2-dockerfile-dry-run/Dockerfile create mode 100644 2-dockerfile-dry-run/README.md create mode 100644 README.md diff --git a/1-setup/README.md b/1-setup/README.md new file mode 100644 index 0000000..d6b3122 --- /dev/null +++ b/1-setup/README.md @@ -0,0 +1,50 @@ +# Scenario 1: Setting up Renovate + +Renovate is heavily opionated and brings a lot of defaults. To explore how Renovate works, we will restrict execution to the bare minimum and build up each scenario. + +## Requirements + +- Node.js 25.x + +## How to Run + +### 1. Run Renovate + +```bash +$ npx renovate + +Need to install the following packages: +renovate@37.440.7 +Ok to proceed? (y) y + +FATAL: You must configure a GitHub token + INFO: Renovate was run at log level "info". Set LOG_LEVEL=debug in environment variables to see extended debug logs. + INFO: Renovate is exiting with a non-zero code due to the following logged errors + "loggerErrors": [ + { + "name": "renovate", + "level": 60, + "logContext": "lSbx4z8Fg9mvnJ44Hk3Ji", + "msg": "You must configure a GitHub token" + } + ] +``` + +This error is expected. Renovate needs a GitHub Personal Access Token (PAT), as Renovate initially wants to create Pull Requests for any pending updates. + +### 2. Create a GitHub PAT + +See [official documentation](https://docs.renovatebot.com/modules/platform/github/#running-using-a-fine-grained-token). + +```bash +$ npx renovate --token= --dry-run + + WARN: cli config dryRun property has been changed to full + WARN: No repositories found - did you want to run with flag --autodiscover? + INFO: Renovate was run at log level "info". Set LOG_LEVEL=debug in environment variables to see extended debug logs. +``` + + +## Next Steps + +Move to the next scenario: [2-dockerfile-dry-run](../2-dockerfile-dry-run) diff --git a/2-dockerfile-dry-run/Dockerfile b/2-dockerfile-dry-run/Dockerfile new file mode 100644 index 0000000..3e5c0cf --- /dev/null +++ b/2-dockerfile-dry-run/Dockerfile @@ -0,0 +1,7 @@ +FROM paperlessngx/paperless:1.10.0 + +RUN apt-get update && apt-get install -y \ + curl \ + && rm -rf /var/lib/apt/lists/* + +CMD ["python", "-m", "paperless", "server"] diff --git a/2-dockerfile-dry-run/README.md b/2-dockerfile-dry-run/README.md new file mode 100644 index 0000000..45c748b --- /dev/null +++ b/2-dockerfile-dry-run/README.md @@ -0,0 +1,135 @@ +# Scenario 2: Dockerfile with Dry Run + +## Overview + +This scenario demonstrates how Renovate detects outdated versions in a Dockerfile. + +Take a look at the included [Dockerfile](./Dockerfile). + +## Run Renovate with some defaults disabled + +```bash +npx renovate \ + --platform=local \ # our directory has no git repo (yet) + --token= \ # authorization against GitHub + --dry-run \ # do not take any actions (create Issues, Pull Requests, etc.) + --onboarding=false \ # do not create an onboarding PR + --require-config=ignored \ # do not require a config file + --base-dir=. # limit discovery to this directory (would default to the entire repository) +``` + +The log below shows: +- Renovate **detects the Dockerfile** and one dependency (the base image) +- Renovate tries to **look up the base image on Docker Hub**, but fails with a 401 Unauthorized error due to no credentials +- Renovate tries to **update a Dependency Dashboard**: Renovate would [create a GitHub Issue giving an overview of all dependencies](https://github.com/renovatebot/renovate/issues/2958) + +```bash + WARN: cli config dryRun property has been changed to full + INFO: Repository started (repository=local) + "renovateVersion": "37.440.7" + INFO: Dependency extraction complete (repository=local) + "stats": { + "managers": {"dockerfile": {"fileCount": 1, "depCount": 1}}, + "total": {"fileCount": 1, "depCount": 1} + } + INFO: Docker Hub lookup failure (repository=local) + "err": { + "name": "HTTPError", + "code": "ERR_NON_2XX_3XX_RESPONSE", + "timings": { + "start": 1775591574057, + "socket": 1775591574057, + "lookup": 1775591574057, + "connect": 1775591574057, + "secureConnect": 1775591574057, + "upload": 1775591574057, + "response": 1775591574166, + "end": 1775591574167, + "phases": { + "wait": 0, + "dns": 0, + "tcp": 0, + "tls": 0, + "request": 0, + "firstByte": 109, + "download": 1, + "total": 110 + } + }, + "message": "Response code 401 (Unauthorized)", + "stack": "HTTPError: Response code 401 (Unauthorized)\n at Request. (/Users/vincent.mahnke/.npm/_npx/05eeecd92f4e18e0/node_modules/got/dist/source/as-promise/index.js:118:42)\n at processTicksAndRejections (node:internal/process/task_queues:104:5)", + "options": { + "headers": { + "user-agent": "RenovateBot/37.440.7 (https://github.com/renovatebot/renovate)", + "accept": "application/json", + "authorization": "***********", + "accept-encoding": "gzip, deflate, br" + }, + "url": "https://index.docker.io/v2/paperlessngx/paperless/tags/list?n=10000", + "hostType": "docker", + "username": "", + "password": "", + "method": "GET", + "http2": false + }, + "response": { + "statusCode": 401, + "statusMessage": "Unauthorized", + "body": { + "errors": [ + { + "code": "UNAUTHORIZED", + "message": "authentication required", + "detail": [ + { + "Type": "repository", + "Class": "", + "Name": "paperlessngx/paperless", + "Action": "pull" + } + ] + } + ] + }, + "headers": { + "date": "Tue, 07 Apr 2026 19:52:54 GMT", + "content-type": "application/json", + "content-length": "165", + "connection": "keep-alive", + "docker-distribution-api-version": "registry/2.0", + "www-authenticate": "Bearer realm=\"https://auth.docker.io/token\",service=\"registry.docker.io\",scope=\"repository:paperlessngx/paperless:pull\",error=\"insufficient_scope\"", + "strict-transport-security": "max-age=31536000" + }, + "httpVersion": "1.1", + "retryCount": 0 + } + } + INFO: DRY-RUN: Would close Dependency Dashboard (repository=local) + "title": "Dependency Dashboard" +ERROR: Repository has unknown error (repository=local) + "err": { + "message": "Cannot read properties of undefined (reading 'renovate/reconfigure')", + "stack": "TypeError: Cannot read properties of undefined (reading 'renovate/reconfigure')\n at getBranchCommit (/Users/vincent.mahnke/.npm/_npx/05eeecd92f4e18e0/node_modules/renovate/lib/util/git/index.ts:504:30)\n at validateReconfigureBranch (/Users/vincent.mahnke/.npm/_npx/05eeecd92f4e18e0/node_modules/renovate/lib/workers/repository/reconfigure/index.ts:61:36)\n at processTicksAndRejections (node:internal/process/task_queues:104:5)\n at finalizeRepo (/Users/vincent.mahnke/.npm/_npx/05eeecd92f4e18e0/node_modules/renovate/lib/workers/repository/finalize/index.ts:20:3)\n at Object.renovateRepository (/Users/vincent.mahnke/.npm/_npx/05eeecd92f4e18e0/node_modules/renovate/lib/workers/repository/index.ts:105:7)\n at attributes.repository (/Users/vincent.mahnke/.npm/_npx/05eeecd92f4e18e0/node_modules/renovate/lib/workers/global/index.ts:218:11)\n at start (/Users/vincent.mahnke/.npm/_npx/05eeecd92f4e18e0/node_modules/renovate/lib/workers/global/index.ts:203:7)\n at /Users/vincent.mahnke/.npm/_npx/05eeecd92f4e18e0/node_modules/renovate/lib/renovate.ts:18:22" + } + INFO: Repository finished (repository=local) + "cloned": undefined, + "durationMs": 806 + INFO: Renovate was run at log level "info". Set LOG_LEVEL=debug in environment variables to see extended debug logs. + INFO: Renovate is exiting with a non-zero code due to the following logged errors + "loggerErrors": [ + { + "name": "renovate", + "level": 50, + "logContext": "zpmkFh2liN0xgt7FoPX1h", + "repository": "local", + "err": { + "message": "Cannot read properties of undefined (reading 'renovate/reconfigure')", + "stack": "TypeError: Cannot read properties of undefined (reading 'renovate/reconfigure')\n at getBranchCommit (/Users/vincent.mahnke/.npm/_npx/05eeecd92f4e18e0/node_modules/renovate/lib/util/git/index.ts:504:30)\n at validateReconfigureBranch (/Users/vincent.mahnke/.npm/_npx/05eeecd92f4e18e0/node_modules/renovate/lib/workers/repository/reconfigure/index.ts:61:36)\n at processTicksAndRejections (node:internal/process/task_queues:104:5)\n at finalizeRepo (/Users/vincent.mahnke/.npm/_npx/05eeecd92f4e18e0/node_modules/renovate/lib/workers/repository/finalize/index.ts:20:3)\n at Object.renovateRepository (/Users/vincent.mahnke/.npm/_npx/05eeecd92f4e18e0/node_modules/renovate/lib/workers/repository/index.ts:105:7)\n at attributes.repository (/Users/vincent.mahnke/.npm/_npx/05eeecd92f4e18e0/node_modules/renovate/lib/workers/global/index.ts:218:11)\n at start (/Users/vincent.mahnke/.npm/_npx/05eeecd92f4e18e0/node_modules/renovate/lib/workers/global/index.ts:203:7)\n at /Users/vincent.mahnke/.npm/_npx/05eeecd92f4e18e0/node_modules/renovate/lib/renovate.ts:18:22" + }, + "msg": "Repository has unknown error" + } + ] +``` + +Running on GitHub, [Renovate only needs a token to work](https://github.com/ViMaSter/terraform-provider-allinkl/blob/main/.github/workflows/renovate.yml#L21-L27). +Self-hosting Renovate, please read the [security implications](https://docs.renovatebot.com/security-and-permissions/#security-awareness-for-self-hosted-renovate-instances). \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..1460fcc --- /dev/null +++ b/README.md @@ -0,0 +1,15 @@ +# Renovate Showcase + +Demonstrates usage of [Renovate](https://www.whitesourcesoftware.com/free-developer-tools/renovate/), a tool that automatically updates dependencies in your code. + +Reference presentation: [https://slides.by.vincent.mahn.ke/#/10](https://slides.by.vincent.mahn.ke/#/10) + +## Scenarios + +This repository contains 4 different scenarios: + +### 1. [Setup](./1-setup) +Basic setup showing Renovate can be run with nothing to update. + +### 2. [Dockerfile with Dry Run](./2-dockerfile-dry-run) +Shows how Renovate detects outdated versions in a Dockerfile and how a dry run would create a pull request. \ No newline at end of file