Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found
Select Git revision

Target

Select target project
  • smartdatalab/public/applications/renovate
1 result
Select Git revision
Show changes
Commits on Source (1000)
900 additional commits have been omitted to prevent performance issues.
Show whitespace changes
Inline Side-by-side
Showing
with 292 additions and 153 deletions
.github/ISSUE_TEMPLATE/1-Security.md 0 → 100644
View file @ 3d1a715d
---
name: Security problem
about: Don't raise security issues here. Please email security@renovatebot.com instead.
---
Stop! Don't raise an issue here! Please email security@renovatebot.com instead
.github/ISSUE_TEMPLATE/2-Config_help.md 0 → 100644
View file @ 3d1a715d
---
name: Configuration help
about: Please create an issue in renovatebot/config-help instead
---
Stop!
Configuration help questions for Renovate are very welcome! However, please raise them in the https://github.com/renovatebot/config-help repository instead.
Maybe you might already find your question answered there by a past issue. If not, please [create a new issue](https://github.com/renovatebot/config-help/issues/new).
.github/ISSUE_TEMPLATE/3-Bug_report.md 0 → 100644
View file @ 3d1a715d
---
name: Bug report
about: You've found a bug with Renovate
---
**What Renovate type are you using?**
Renovate CLI, Renovate GitHub App, or Renovate Pro?
**Describe the bug**
A clear and concise description of what the bug is.
**To Reproduce**
Steps to reproduce the behavior:
1. Create repository with '...'
2. Configure '....'
**Expected behavior**
A clear and concise description of what you expected to happen.
**Screenshots**
If applicable, add screenshots to help explain your problem.
**Additional context**
Add any other context about the problem here.
.github/ISSUE_TEMPLATE/4-Feature_request.md 0 → 100644
View file @ 3d1a715d
---
name: Feature request
about: Suggest an idea for this project
---
**What would you like Renovate to be able to do?**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe the solution you'd like**
A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
**Additional context**
Add any other context or screenshots about the feature request here.
.github/contributing.md
View file @ 3d1a715d
......@@ -2,7 +2,7 @@
## Security
If you think you've found a **security issue**, please do not mention it in this repository. Instead, email security@renovateapp.com with as much details as possible so that it can be handled confidentially.
If you think you've found a **security issue**, please do not mention it in this repository. Instead, email security@renovatebot.com with as much details as possible so that it can be handled confidentially.
## Support
......@@ -14,7 +14,7 @@ If you've found a **bug** or have a **feature request** then please create an is
## Code
If you would like to fix a bug or implement a feature, please fork the repository and create a Pull Request. More information on getting set up locally can be found in [docs/local-development.md](https://github.com/renovateapp/renovate/blob/master/docs/local-development.md).
If you would like to fix a bug or implement a feature, please fork the repository and create a Pull Request. More information on getting set up locally can be found in [docs/local-development.md](https://github.com/renovatebot/renovate/blob/master/docs/local-development.md).
Before you start any Pull Request, it's recommended that you create an issue to discuss
first if you have any doubts about requirement or implementation. That way you can be sure that the maintainer(s)
......@@ -25,8 +25,6 @@ Pull Requests can only be merged once all status checks are green, which means `
## Legal
By submitting a Pull Request, you disavow any rights or claims to any changes submitted to the Renovate project and assign the copyright of those changes to Key Location Pte Ltd.
Pull Request authors must sign the [Renovate CLA](https://cla-assistant.io/renovateapp/renovate).
If you cannot or do not want to reassign those rights (your employment contract for your employer may not allow this), you should not submit a PR. Open an issue and someone else can do the work.
This is a legal way of saying "If you submit a PR to us, that code becomes ours". 99.9% of the time that's what you intend anyways; we hope it doesn't scare you away from contributing.
If you cannot or do not want to sign this CLA (e.g. your employment contract for your employer may not allow this), you should not submit a PR. Open an issue and someone else can do the work.
.github/issue_template.md
View file @ 3d1a715d
<!--
Is this about a security problem?
DO NOT RAISE AN ISSUE - please email security@renovateapp.com instead
DO NOT RAISE AN ISSUE - please email security@renovatebot.com instead
Is this question about config help?
If so, please open an issue in https://github.com/renovateapp/config-help instead
-->
<!-- Mark an 'x' in the applicable boxes below, e.g. like [x] -->
#### This is a:
* [ ] Bug report (non-security related)
* [ ] Feature request
* [ ] I'm not sure which of those it is
- [ ] Bug report (non-security related)
- [ ] Feature request
- [ ] I'm not sure which of those it is
#### I'm using:
* [ ] The Renovate GitHub App
* [ ] Self-hosted GitHub
* [ ] Self-hosted GitLab
* [ ] Self-hosted VSTS
- [ ] The Renovate GitHub App
- [ ] Self-hosted GitHub
- [ ] Self-hosted GitLab
- [ ] Self-hosted VSTS
#### Please describe the issue:
.github/pull_request_template.md 0 → 100644
View file @ 3d1a715d
<!--
Before submitting a Pull Request, please ensure you have signed the CLA using this GitHub App:
https://cla-assistant.io/renovateapp/renovate
-->
<!-- Replace this text with a description of what this PR fixes or adds -->
Closes # <!-- Ideally each PR should be closing an open issue -->
.gitignore
View file @ 3d1a715d
......@@ -8,3 +8,4 @@
/*.log
/.vscode
/.idea
package-lock.json
.travis.yml
View file @ 3d1a715d
......@@ -4,13 +4,14 @@ notifications:
language: node_js
node_js:
- "8"
- "8.11.1"
sudo: false
branches:
only:
- master
- stable
if: tag IS blank
......@@ -18,6 +19,9 @@ before_install:
- curl -o- -L https://yarnpkg.com/install.sh | bash
- export PATH="$HOME/.yarn/bin:$PATH"
install:
- yarn install --frozen-lockfile
cache:
yarn: true
directories:
......@@ -26,16 +30,16 @@ cache:
- "node_modules"
script:
- yarn run prettier -- --list-different
- yarn run lint
- yarn run jest --maxWorkers=4
- yarn prettier --list-different
- yarn lint
- yarn jest --maxWorkers=4
after_success:
- yarn run codecov
- yarn codecov
deploy:
provider: script
script: yarn run semantic-release
script: curl -X POST -d '{}' $NETLIFY_DEPLOY_WEBHOOK && yarn semantic-release
skip_cleanup: true
on:
branch: master
Dockerfile
View file @ 3d1a715d
FROM node:8.10.0-alpine@sha256:a55d3e87802b2a8464b3bfc1f8c3c409f89e9b70a31f1dccce70bd146501f1a0
FROM node:8.11.4-alpine@sha256:cf4ea9156ef964eaf0c4df65da3f4fed7358dbe31149ca105c7684a5858195d8
LABEL maintainer="Rhys Arkins <rhys@arkins.net>"
LABEL name="renovate"
WORKDIR /src
WORKDIR /usr/src/app/
RUN apk add --quiet --no-cache git openssh-client
COPY package.json .
COPY yarn.lock .
RUN yarn install --production && yarn cache clean
COPY lib ./lib
RUN chown -R node:node /src
COPY lib lib
USER node
ENTRYPOINT ["node", "/src/lib/renovate.js"]
ENTRYPOINT ["node", "/usr/src/app/lib/renovate.js"]
CMD ["--help"]
bin/clean-cache.js
View file @ 3d1a715d
......@@ -2,6 +2,6 @@ const fs = require('fs-extra');
const os = require('os');
(async () => {
await fs.remove(os.tmpdir() + '/renovate-changelog-cache');
await fs.remove(os.tmpdir() + '/renovate-cache-changelog-v3');
await fs.remove(os.tmpdir() + '/renovate-npm-cache');
})();
bin/config-validator.js
View file @ 3d1a715d
......@@ -2,13 +2,17 @@
const fs = require('fs-extra');
const { validateConfig } = require('../lib/config/validation');
const { massageConfig } = require('../lib/config/massage');
const { initLogger } = require('../lib/logger');
initLogger();
/* eslint-disable no-console */
let returnVal = 0;
function validate(desc, config) {
const res = validateConfig(config);
async function validate(desc, config, isPreset = false) {
const res = await validateConfig(massageConfig(config), isPreset);
if (res.errors.length) {
console.log(
`${desc} contains errors:\n\n${JSON.stringify(res.errors, null, 2)}`
......@@ -23,6 +27,7 @@ function validate(desc, config) {
}
}
(async () => {
const renovateConfigFiles = [
'renovate.json',
'.renovaterc',
......@@ -34,7 +39,7 @@ for (const file of renovateConfigFiles) {
console.log(`Validating ${file}`);
try {
const jsonContent = JSON.parse(rawContent);
validate(file, jsonContent);
await validate(file, jsonContent);
} catch (err) {
console.log(`${file} is not valid JSON`);
returnVal = 1;
......@@ -47,13 +52,13 @@ try {
const pkgJson = JSON.parse(fs.readFileSync('package.json', 'utf8'));
if (pkgJson.renovate) {
console.log(`Validating package.json > renovate`);
validate('package.json > renovate', pkgJson.renovate);
await validate('package.json > renovate', pkgJson.renovate);
}
if (pkgJson['renovate-config']) {
console.log(`Validating package.json > renovate-config`);
Object.values(pkgJson['renovate-config']).forEach(presetConfig => {
validate('package.json > renovate-config', presetConfig);
});
for (const presetConfig of Object.values(pkgJson['renovate-config'])) {
await validate('package.json > renovate-config', presetConfig, true);
}
}
} catch (err) {
// ignore
......@@ -62,3 +67,4 @@ if (returnVal !== 0) {
process.exit(returnVal);
}
console.log('OK');
})();
codecov.yml 0 → 100644
View file @ 3d1a715d
comment: off
docs/adding-a-package-manager.md 0 → 100644
View file @ 3d1a715d
# Adding a Package Manager
This document describes the steps to take if you are interest in adding new language/package manager support.
### Background
Renovate began life as a JavaScript-only, specifically for the npmjs ecosystem.
Over time, additional "package managers" (e.g. Meteor.js, Dockerfile, nvm) have been added and the codebase incrementally refactored and improved with many of those to make it easier to add newer ones in future.
### Code structure
Each package manager lives under `lib/manager/*`, and are often tightly coupled to datasources under `lib/datasource/*`.
Versioning logic (e.g. semver, pep440) lives under `lib/versioning/*`.
Common logic for Renovate - not specific to particular managers - generally lives under `lib/workers/*`.
### Manager requirements
Each manager needs its own subdirectory under `lib/managers` and to be added to the list of managers in `lib/managers/index.js`.
The manager's `index.js` file supports the following values/functions:
- extractDependencies
- getRangeStrategy (optional)
- language (optional)
- postExtract (optional)
- supportsLockFileMaintenance (optional)
- updateDependency
##### `extractDependencies(content, packageFile, config)` (async, mandatory)
This function is mandatory. It takes a file content and optionally the packageFile name/config, and returns an array of detected/extracted dependencies, including:
- dependency name
- dependency type (e.g. dependencies, devDependencies, etc)
- currentValue
- version scheme used (e.g. semver, pep440)
The fields returned here can be customised to suit the package manager, e.g. Docker uses `currentFrom`
This function doesn't necessarily need to _understand_ the file or even syntax that it is passed, instead it just needs to understand enough to extract the list of dependencies.
As a general approach, we want to extract _all_ dependencies from each dependency file, even if they contain values we don't support. For any that have unsupported values that we cannot renovate, this `extractDependencies` function should set a `skipReason` to a value that would be helpful to someone reading the logs.
Also, if a file is passed to `extractDependencies` that is a "false match" (e.g. not an actual package file, or contains no dependencies) then this function can return `null` to have it ignored and removed from the list of package files. A common case for this is in Meteor, where its `package.js` file name is not unique and there many be many non-Meteor paojects using that filename.
#### `getRangeStrategy(config)` (optional)
This optional function should be written if you wish the manager to support "auto" range strategies, e.g. pinning or not pinning depending on other values in the package file. `npm` uses this to pin `devDependencies` but not `dependencies` unless the package file is detected as an app.
If left undefined, then a default `getRangeStrategy` will be used that always returns "replace".
##### `language` (optional)
This is used when more than one package manager share settings from a common language. e.g. docker-compose, circleci and gitlabci all specify "docker" as their language and inherit all config settings from there.
#### `postExtract(packageFiles)` (async, optional)
This function takes an array of package files (extracted earlier using `extractDependencies`) and is useful if some form of "correlation" is required between the files.
For example, Yarn Workspaces and Lerna are tools for working with multiple package files at once, including generating a single lock file instead of one per package file. It is therefore necessary to have a "full view" of all package files to determine if such logic is necessary, because the `extractDependencies` function only sees each package file in isolation.
Currently `npm` is the only package manager using this function, because all other ones are able to extract enough data from package files in isolation.
#### `supportsLockFileMaintenance` (optional)
Set to true if this package manager needs to update lock files in addition to package files.
##### `updateDependency(fileContent, upgrade)`
This function is the final one called for most managers. It's purpose is to patch the package file with the new value (described in the upgrade) and return an updated file. If the file was already updated then it would return the same contents as it was provided.
docs/configuration.md
View file @ 3d1a715d
......@@ -4,11 +4,11 @@
Configuration is supported via any or all of the below:
* Configuration file
* Environment
* CLI
* `renovate.json`, `.renovaterc.json`, or `.renovaterc` in target repository
* `renovate` field of `package.json` in target repository
- Configuration file
- Environment
- CLI
- `renovate.json`, `.renovaterc.json`, or `.renovaterc` in target repository
- `renovate` field of `package.json` in target repository
The above are listed in reverse order of preference. i.e. `package.json`
settings will override `renovate.json` settings, CLI, which overrides env, which
......@@ -36,24 +36,20 @@ module.exports = {
repositories: [
{
repository: 'singapore/repo1',
packageFiles: [
'package.json',
packageRules: [
{
packageFile: 'frontend/package.json',
paths: ['frontend/package.json'],
labels: ['upgrade', 'frontend'],
},
],
},
{
repository: 'singapore/repo2',
optionalDependencies: {
labels: ['renovate', 'optional'],
},
labels: ['renovate'],
},
'singapore/repo3',
],
packages: [
packageRules: [
{
packageNames: ['jquery'],
labels: ['jquery', 'uhoh'],
......@@ -73,8 +69,7 @@ To configure any `<list>` items, separate with commas. E.g. `renovate --labels=r
### renovate.json
If you add a `renovate.json` file to the root of your repository, you can use
this to override default settings. If you leave the `packageFiles` field empty
then `renovate` will still auto-discover all `package.json` files in the
this to override default settings. `renovate` will still auto-discover all `package.json` files in the
repository.
### package.json
......@@ -93,6 +88,6 @@ any other settings above.
## Configuration Options
Please see [https://renovateapp.com/docs/configuration-reference/configuration-options](https://renovateapp.com/docs/configuration-reference/configuration-options) for a list of user-facing configuration options.
Please see [https://renovatebot.com/docs/configuration-options/](https://renovatebot.com/docs/configuration-options/) for a list of user-facing configuration options.
For further options when running your own instance of Renovate, please see the full config definitions file at `lib/config/definitions.js`.
docs/deployment.md
View file @ 3d1a715d
......@@ -29,7 +29,7 @@ following commands:
The best way to deploy to Heroku is via git and Heroku CLI.
```
$ git clone https://github.com/renovateapp/renovate
$ git clone https://github.com/renovatebot/renovate
$ cd renovate
$ heroku create [app name]
$ git push heroku master
......
docs/design-decisions.md
View file @ 3d1a715d
......@@ -21,8 +21,8 @@ all operations are performed via the API.
The script current processes repositories, package files, and dependencies
within them all synchronously.
* Greatly reduces chance of hitting simultaneous API rate limits
* Simplifies logging
- Greatly reduces chance of hitting simultaneous API rate limits
- Simplifies logging
Note: Initial queries to NPM are done in parallel.
......@@ -43,7 +43,7 @@ are global (all repositories).
Default behaviour is to auto-discover all `package.json` locations in a
repository and process them all. Doing so means that "monorepos" are supported
by default. This can be overridden by the configuration option `packageFiles`,
by default. This can be overridden by the configuration option `includePaths`,
where you list the file paths manually (e.g. limit to just `package.json` in
root of repository).
......@@ -67,22 +67,22 @@ are available. For example if the current example is 1.6.0 and upgrades to 1.7.0
and 2.0.0 exist, then `renovate` will raise PRs for both the 1.x upgrade(s) and
2.x upgrade(s).
* It's often the case that projects can't upgrade major dependency versions
- It's often the case that projects can't upgrade major dependency versions
immediately.
* It's also often the case that previous major versions continue receiving Minor
- It's also often the case that previous major versions continue receiving Minor
or Patch updates.
* Projects should get Minor and Patch updates for their current Major release
- Projects should get Minor and Patch updates for their current Major release
even if a new Major release exists
This can be overridden via the config option `separateMajorReleases`.
This can be overridden via the config option `separateMajorMinor`.
## Branch naming
Branches are named like `renovate/webpack-1.x` instead of
`renovate/webpack-1.2.0`.
* Branches often receive updates (e.g. new patches) before they're merged.
* Naming the branch like `1.x` means its name still names sense if a `1.2.1`
- Branches often receive updates (e.g. new patches) before they're merged.
- Naming the branch like `1.x` means its name still names sense if a `1.2.1`
release happens
Note: Branch names are configurable using string templates.
......@@ -94,14 +94,6 @@ already closed. This allows users to close unwelcome upgrade PRs and worry about
them being recreated every run. Typically this is most useful for major
upgrades. This option is configurable.
## Range handling
`renovate` prefers pinned dependency versions, instead of maintaining ranges.
Even if the project is using tilde ranges, why not pin them for consistency if
you're also using `renovate` every day?
This is now configurable via the `pinVersions` configuration option.
## Rebasing Unmergeable Pull Requests
With the default behaviour of one branch per dependency, it's often that case
......@@ -131,6 +123,6 @@ Alternatively, consider using a Configuration File.
Renovate uses the following convention for log levels:
* logger.error should only be used for problems that are likely to be a Renovate bug or require Renovate improvements. These are the types of errors that Renovate administrators should be alerted to immediately
* logger.warn should be used for problems that might be a Renovate problem so should be checked periodically in batches
* For _user_ problems (e.g. configuration errors), these should not warn or error on the server side and instead use logger.info
- logger.error should only be used for problems that are likely to be a Renovate bug or require Renovate improvements. These are the types of errors that Renovate administrators should be alerted to immediately
- logger.warn should be used for problems that might be a Renovate problem so should be checked periodically in batches
- For _user_ problems (e.g. configuration errors), these should not warn or error on the server side and instead use logger.info
docs/faq.md deleted 100644 → 0
View file @ 66230471
# FAQ
If you need a specific behaviour and it's not mentioned here - or it's more
complicated - feel free to raise an
[Issue](https://github.com/renovateapp/renovate/issues) - configuration
questions are welcome in this repository.
### Run renovate on all repositories that the account has access to
Set configuration option `autodiscover` to `true`, via CLI, environment, or
configuration file. Obviously it's too late to set it in any `renovate.json` or
`package.json`.
### Support private npm modules
If you are running your own Renovate instance, then the easiest way to support
private modules is to make sure the appropriate credentials are in `.npmrc` or
`~/.npmrc`;
If you are using a hosted Renovate instance (such as the Renovate app), and your
`package.json` includes private modules, then you can:
1. Commit an `.npmrc` file to the repository, and Renovate will use this, or
2. Add the contents of your `.npmrc` file to the config field `npmrc` in your
`renovate.json` or `package.json` renovate config
3. Add a valid npm authToken to the config field `npmToken` in your
`renovate.json` or `package.json` renovate config
4. If using the [GitHub App hosted service](https://github.com/apps/renovate),
authorize the npm user named "renovate" with read-only access to the relevant
modules. This "renovate" account is used solely for the purpose of the
renovate GitHub App.
### Control renovate's schedule
Renovate itself will run as often as its administrator has configured it (e.g.
hourly, daily, etc). But you may wish to update certain repositories less often,
or even specific packages at a different schedule.
If you want to control the days of the week or times of day that renovate
updates packages, use the `timezone` and `schedule` configuration options.
docs/readme.md
View file @ 3d1a715d
# Renovate Developer Docs
This directory is intended to provide documentation for developers/contributors on the Renovate project. For user-facing documentation - e.g. for how to confiure Renovate as a user - please see https://renovateapp.com/docs
This directory is intended to provide documentation for developers/contributors on the Renovate project. For user-facing documentation - e.g. for how to confiure Renovate as a user - please see https://renovatebot.com/docs
If you would like to contribute to Renovate or get it running locally for some others reason, please check out `../contributing.md` for steps on how to set up the project locally.
docs/self-hosting.md
View file @ 3d1a715d
# Self-Hosting Renovate
Although Renovate is now best known as a "service" via the GitHub App, that service is actually running this same open source project, so you can get the same functionality if running it yourself. The version you see here in this repository can be cloned or `npm` installed in seconds and give you the exact same functionality as in the app.
## Open Source vs Commercial versions
## Install
Although Renovate is now best known as a "service" via the GitHub App, that service is actually running this same open source project, so you can get the same functionality if running it yourself. The version you see here in this repository can be cloned or `npm` installed in seconds and give you the same core functionality as in the app.
There is also a commercially-licensed "Professional Edition" of Renovate available for GitHub Enterprise, that includes a stateful priority job queue, background scheduler and webhook listener.
For details and documentation on Renovate Pro, please visit [renovatebot.com/pro](https://renovatebot.com/pro).
## Installing Renovate OSS
#### npmjs
......@@ -16,12 +21,12 @@ Renovate is available for Docker via an automated build [renovate/renovate](http
```
$ docker run renovate/renovate
$ docker run renovate/renovate:11.32.3
$ docker run renovate/renovate:11.32
$ docker run renovate/renovate 11
$ docker run renovate/renovate:12.1.1
$ docker run renovate/renovate:12.1
$ docker run renovate/renovate:12
```
If you wish to configure Renovate using a `config.js` file then map it to `/src/config.js` using Docker volumes.
If you wish to configure Renovate using a `config.js` file then map it to `/usr/src/app/config.js` using Docker volumes.
## Authentication
......@@ -35,7 +40,9 @@ You can find instructions for GitHub
(select "repo" permissions)
You can find instructions for GitLab
[here](https://docs.gitlab.com/ee/api/README.html#personal-access-tokens). Note: GitLab APIv3 is no longer supported - please upgrade to GitLab APIv4 before testing Renovate.
[here](https://docs.gitlab.com/ee/api/README.html#personal-access-tokens).
Note: you should also configure a GitHub token even if your source host is GitLab, because Renovate will need to perform many queries to github.com in order to retrieve Release Notes.
You can find instructions for VSTS
[vsts](https://www.visualstudio.com/en-us/docs/integrate/get-started/authentication/pats).
......@@ -46,17 +53,54 @@ to expose it as `GITHUB_TOKEN` or `GITLAB_TOKEN` or `VSTS_TOKEN`.
## Usage
Run `renovate --help` for usage details.
The following example uses the Renovate CLI tool, which can be installed by running `npm i -g renovate`.
If running your own Renovate bot then you will need a user account that Renovate will run as. It's recommended to use a dedicated account for the bot, e.g. name it `renovate-bot` if on your own instance. Create and save a Personal Access Token for this account.
Create a Renovate config file, e.g. here is an example:
```js
module.exports = {
endpoint: 'https://self-hosted.gitlab/api/v4/',
token: '**gitlab_token**',
platform: 'gitlab',
logFileLevel: 'warn',
logLevel: 'info',
logFile: '/home/user/renovate.log',
onboarding: true,
onboardingConfig: {
extends: ['config:base'],
},
repositories: ['username/repo', 'orgname/repo'],
};
```
Here change the `logFile` and `repositories` to something appropriate. Also replace gitlab-token value with the one created during the previous step.
If running against GitHub Enterprise, change the above gitlab values to the equivalent github ones.
You can save this file as anything you want and then use `RENOVATE_CONFIG_FILE` env variable to tell Renovate where to find it.
Most people will run Renovate via cron, e.g. once per hour. Here is an example bash script that you can point `cron` to:
```sh
#!/bin/bash
export PATH="/home/user/.yarn/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH"
export RENOVATE_CONFIG_FILE="/home/user/renovate-config.js"
export GITHUB_TOKEN="**github-token**" # Delete this if using GHE
export GITHUB_COM_TOKEN="**github-token**" # Delete this if using GitLab
# Renovate
renovate
```
Note: the GitHub token in env is necessary in order to retrieve Release Notes that are hosted on github.com. Use `GITHUB_COM_TOKEN` if running against GitLab or `GITHUB_TOKEN` if running against GitLab. i.e. remove one of the lines as applicable.
Note: The first time you run `renovate` on a repository, it will not upgrade any
dependencies. Instead, it will create a Pull Request (Merge Request if GitLab)
called 'Configure Renovate' and commit a default `renovate.json` file to the
repository. This PR can be closed as unmerged if the default settings are fine for
you. Also, this behaviour can be disabled if you set the `onboarding`
configuration option to `false` before running.
You should save and test out this script manually first, and add it to cron once you've verified it.
## Deployment
See
[deployment docs](https://github.com/renovateapp/renovate/blob/master/docs/deployment.md)
[deployment docs](https://github.com/renovatebot/renovate/blob/master/docs/deployment.md)
for details.