Configure Renovate for Azure DevOps

Disclaimer, there is already official documentation for that here. The special thing about this blog post is that we use the docker image and not the NPX command.

The pipeline

The pipeline is quite straight forward configure. It will just starts a container every day at 3am and run renovate.

schedules:
  - cron: '0 3 * * *'
    displayName: 'Every day at 3am (UTC)'
    branches:
      include: [main]
    always: true

trigger: none

pool:
  vmImage: ubuntu-latest

variables:
  RENOVATE_PLATFORM: azure

steps:
  - script:  |
      docker run -e "LOG_LEVEL=debug" -e "RENOVATE_PLATFORM=${RENOVATE_PLATFORM}" -e "RENOVATE_ENDPOINT=$(System.CollectionUri)" -e "RENOVATE_TOKEN=$(System.AccessToken)" renovate/renovate $(System.TeamProject)/$(Build.Repository.Name)

At the first run, renovate will create a pullrequest with an empty config in it.
This needs to be merged, before renovate starts really working.

Write the configuration

As the documentation is saying, there are many ways where you can place the configuration file for renovate. Here we will use the renovate.json5 file in the root of the repo. (json5 enables json comments) A good start for the config is the following:

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  // Is used by renovate in a pullrequest
  "azureWorkItemId": 109,
  "packageRules": [
    {
      "description": "Automerge non-major updates",
      "matchUpdateTypes": ["minor", "patch"],
      "automerge": true
    }
  ]
}

This will configure renovate that it will always use the workitem 109 for it's pullrequests and also will create Pull-Requests with the Azure DevOps Auto-Complete feature for pull requests for "minor" and "patch" version upgrades. That's super cool, because it will respect all your pullrequests policies.

Configure permissions

Renovate needs 3 permissions in your repository. Because it will run with the configuration above as {Projectname} Build Services ({collectionname}) the configuration will look like that:

This will allow all your piplines to create branche, push commits and create pullrequests.

First Run

If you run from your working branche where you created the files for the pipeline and the config, the pipeline will create a pullrequest with a nice overview what will happen after you will merge this pullrequest:

All other runs

All other runs will create for each package a separete pull request. This will look like that:

Tip to avoid merge conflicts

Some packages are always updated together. For example in the dotnet world all the EntityFramework Packages are using very often the same versionnumbers and depend on each other. To group these updates together you can change your configuration to this:

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  // Is used by renovate in a pullrequest
  "azureWorkItemId": 109,
  "packageRules": [
    {
      "description": "Automerge non-major updates",
      "matchUpdateTypes": ["minor", "patch"],
      "automerge": true
    },
    {
      "matchPackagePatterns": ["Microsoft.EntityFrameworkCore"],
      "groupName": "Microsoft.EntityFrameworkCore",
      "matchUpdateTypes": ["minor", "patch"],
      "automerge": true
    }
  ]
}

This will group all updates that have in their name Microsoft.EntityFrameworkCore to a single pullrequest. That will then looks like that: