Spaces:

oharu121
/

n8n-workflow

Running

App Files Files Community

oharu121 commited on Jan 14

Commit

3f8237a

1 Parent(s): 251322f

enable Renovate Auto-Merge

Browse files

Files changed (2) hide show

.dev-notes/2026-01-15.md +209 -0
.github/workflows/renovate-auto-merge.yml +27 -0

.dev-notes/2026-01-15.md ADDED Viewed

	@@ -0,0 +1,209 @@

+# Renovate Bot: Automated Dependency Updates
+## What is Renovate?
+[Renovate](https://github.com/renovatebot/renovate) is an open-source dependency update tool that automatically creates pull requests to keep your project dependencies up-to-date. It's maintained by Mend.io and is free for public and private repositories.
+## Why Use Renovate Over Manual Updates?
+| Manual Updates | Renovate |
+|----------------|----------|
+| Easy to forget | Runs on schedule automatically |
+| Time-consuming to check each dependency | Monitors 90+ package managers |
+| Risk of missing security patches | Creates PRs immediately when updates available |
+| No visibility into what's outdated | Dependency Dashboard shows all pending updates |
+## Key Features
+### 1. Multi-Platform Support
+- GitHub, GitLab, Bitbucket, Azure DevOps, Gitea
+- Unlike Dependabot (GitHub-only), Renovate works everywhere
+### 2. Extensive Package Manager Support
+- npm, yarn, pnpm
+- Docker images
+- GitHub Actions
+- Kubernetes manifests
+- Terraform
+- **Custom regex patterns** (our use case for n8n in Dockerfile)
+### 3. Flexible Configuration
+```json
+{
+  "schedule": ["every weekend"],      // When to check
+  "automerge": true,                   // Auto-merge safe updates
+  "packageRules": [                    // Fine-grained control
+    {
+      "matchUpdateTypes": ["major"],
+      "automerge": false               // Require review for breaking changes
+    }
+  ]
+}
+```
+### 4. Grouping & Scheduling
+- Group related updates into single PRs
+- Schedule updates for low-traffic times
+- Reduce PR noise
+## Our Implementation (n8n-workflow)
+### Problem Solved
+n8n is installed via `npm install -g n8n` in our Dockerfile. Standard package managers can't detect this, but Renovate's **regex manager** can.
+### Configuration (`renovate.json`)
+```json
+{
+  "customManagers": [
+    {
+      "customType": "regex",
+      "fileMatch": ["^Dockerfile$"],
+      "matchStrings": ["ARG N8N_VERSION=(?<currentValue>.*?)\\n"],
+      "depNameTemplate": "n8n",
+      "datasourceTemplate": "npm"
+    }
+  ]
+}
+```
+### How It Works
+```
+┌─────────────────────────────────────────────────────────────┐
+│  Renovate (every weekend)                                   │
+│  1. Reads Dockerfile                                        │
+│  2. Extracts: ARG N8N_VERSION=2.3.4                        │
+│  3. Checks npm registry for latest n8n version             │
+│  4. If newer version exists → Creates PR                    │
+└─────────────────────────────────────────────────────────────┘
+                            │
+                            ▼
+┌─────────────────────────────────────────────────────────────┐
+│  GitHub Actions (renovate-auto-merge.yml)                   │
+│  1. Detects PR from renovate[bot]                          │
+│  2. Auto-approves the PR                                    │
+│  3. Enables auto-merge (squash)                            │
+└─────────────────────────────────────────────────────────────┘
+                            │
+                            ▼
+┌─────────────────────────────────────────────────────────────┐
+│  Existing Deploy Workflow                                   │
+│  1. Triggered on push to main                              │
+│  2. Deploys to Hugging Face Spaces                         │
+│  3. n8n updated in production                              │
+└─────────────────────────────────────────────────────────────┘
+```
+## Applying to Other Projects
+### Use Case 1: Docker Base Images
+```json
+{
+  "packageRules": [
+    {
+      "matchDatasources": ["docker"],
+      "matchPackageNames": ["node"],
+      "allowedVersions": "/^20\\./"  // Only Node 20.x updates
+    }
+  ]
+}
+```
+### Use Case 2: GitHub Actions
+Renovate automatically detects and updates actions in `.github/workflows/*.yml`:
+```yaml
+# Before: uses: actions/checkout@v3
+# After:  uses: actions/checkout@v4
+```
+### Use Case 3: Custom Version Files
+For any version string in any file:
+```json
+{
+  "customManagers": [
+    {
+      "customType": "regex",
+      "fileMatch": ["^VERSION$", "^config\\.yaml$"],
+      "matchStrings": ["version:\\s*(?<currentValue>\\S+)"],
+      "depNameTemplate": "my-package",
+      "datasourceTemplate": "npm"
+    }
+  ]
+}
+```
+### Use Case 4: Monorepo with Multiple Apps
+```json
+{
+  "packageRules": [
+    {
+      "matchFileNames": ["apps/frontend/**"],
+      "groupName": "frontend dependencies"
+    },
+    {
+      "matchFileNames": ["apps/backend/**"],
+      "groupName": "backend dependencies"
+    }
+  ]
+}
+```
+## Auto-Merge Workflow (Required)
+Renovate's `automerge: true` doesn't always work without branch protection. Add this workflow:
+```yaml
+# .github/workflows/renovate-auto-merge.yml
+name: Renovate Auto-Merge
+on:
+  pull_request_target:
+    types: [opened, synchronize, reopened]
+permissions:
+  contents: write
+  pull-requests: write
+jobs:
+  auto-merge:
+    runs-on: ubuntu-latest
+    if: github.actor == 'renovate[bot]'
+    steps:
+      - name: Auto-approve Renovate PR
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Enable auto-merge
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+```
+## Renovate vs Dependabot
+| Feature | Renovate | Dependabot |
+|---------|----------|------------|
+| Platform | Multi-platform | GitHub only |
+| Package managers | 90+ | 14 |
+| Custom regex | ✅ Yes | ❌ No |
+| Grouping | ✅ Advanced | ⚠️ Limited |
+| Scheduling | ✅ Flexible | ⚠️ Basic |
+| Dashboard | ✅ Yes | ❌ No |
+| Self-hosted option | ✅ Yes | ❌ No |
+## Getting Started
+1. **Install Renovate GitHub App**: https://github.com/apps/renovate
+2. **Grant repository access**
+3. **Merge the onboarding PR** (creates `renovate.json`)
+4. **Add auto-merge workflow** (see above)
+5. **Monitor the Dependency Dashboard issue**
+## References
+- [Renovate Documentation](https://docs.renovatebot.com/)
+- [Renovate Presets](https://docs.renovatebot.com/presets-default/)
+- [Regex Manager](https://docs.renovatebot.com/modules/manager/regex/)
+- [GitHub App](https://github.com/apps/renovate)

.github/workflows/renovate-auto-merge.yml ADDED Viewed

	@@ -0,0 +1,27 @@

+name: Renovate Auto-Merge
+on:
+  pull_request_target:
+    types: [opened, synchronize, reopened]
+permissions:
+  contents: write
+  pull-requests: write
+jobs:
+  auto-merge:
+    runs-on: ubuntu-latest
+    if: github.actor == 'renovate[bot]'
+    steps:
+      - name: Auto-approve Renovate PR
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Enable auto-merge for Renovate PR
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}