Renovate: Automatically Update Your Terraform (Eps: 2)
Let Renovate update your hardcoded dependency file version
Hello! Come again with me, continuing what we did in the previous article (if you haven’t seen that, check it out here). As I promised before, we will continue implementing our CI pipeline to update our dependency file version automatically. In this article, I will guide you to use Renovate as our tool to update our dependency file automatically. Same as before, we will update our Terraform file. In short, this is what we’re going to do:
- Configure Renovate to update Terraform version
- Configure the CI pipeline to run the Renovate
Without further wait, let’s get into it!
Renovate 🎨
If you ask me what Renovate really is. I’m going to tell you that Renovate is just another Dependabot with many more configuration options. Believe me, that’s it! If you want to know more about Renovate, go to their page.
Prerequisites
- A file called
renovate.jsonack as our “local configuration” (User/Repository config), placed inside a folder called.gitlab
- A file called
config.jsack as our “global configuration” (Admin/Bot config), placed in the root directory of our project folder
- A CI pipeline file called
.gitlab-ci.ymlto run the Renovate
- A GitLab runner (or you can use shared Runner)
- A Terraform file with version configuration inside it (both Terraform version and provider version)
[1] Configure Our Files
Let’s start by setting up our Terraform file that Renovate will update. You can copy-paste this file or write it on your own. Place this file inside /src the folder.
If you look closely at this, the google, helm, and Kubernetes providers’ versions are already outdated. The latest google version is version 4.29.0, the helm is 2.6.0, and Kubernetes is 2.12.1. And for required_versionwhich is the Terraform version is already outdated, too. The latest version is 1.2.5
Next, we have our config.js file.
Honestly, I still don’t know the real purpose of this file. I just followed the guide from the documentation. Some configurations that need to know:
- onboardingConfig: Help you use a default configuration instead of creating all of it simultaneously.
- baseBranches: Which branches to check for
renovate.jsonfile and run it. - packageRules: List of package dependencies that we want to update.
- repositories: List the repository we want to Renovate and run on it.
For more configuration options, you can look at this documentation.
Do not forget to mention that we have our renovate.json file.
Things to note from that files are:
- baseBranches: List of branches to be run by Renovate.
- enabledManagers: List of dependencies that we want to update.
For a full documentation about this file, go ahead to this page.
And last but not least, our lovely CI file, .gitlab-ci.yml file.
[2] Prepare The GitLab Runner
I’m not going to give you a tutorial on setting up a GitLab runner here, but I want to ensure that you have a runner in your repo. (Maybe in the future, I will make a tutorial on how to do this)
[3] Set The GitLab Environment Variables
Go to GitLab CI/CD setting page and set these variables:
- GITHUB_COM_TOKEN
- RENOVATE_LOG_FILE
- RENOVATE_TOKEN
[4] Wait For The Sweet Pull Requests!
The next move is to push your code to the repository and wait for Renovate to update the Terraform version inside version.tf file.
If you notice from my previous article, the dependabot can’t update the required_version But if you see here, Renovate successfully updates it. For the best setup, I suggest you use both Dependabot and Renovate at the same time and see their power comes together 💪
I guess that’s all about updating the dependencies file version in two episodes. Thank you for spending your time reading this article about Renovate. I hope you can follow along with it, and cheers! 😁
Sources:
[1] Renovate
[2] Terraform
[3] Fita
