renovate-bot

Example self-hosted Renovate Bot setup intended to be a minimal reproduction for renovatebot/renovate#21415.

N.B> in our actual setup, we have a shared default.json in a separate project referenced by RENOVATE_ONBOARDING_CONFIG as "local" organisation config for onboarding new projects. Here, the same content has been copied into renovate.json and the RENOVATE_ONBOARDING_CONFIG variable within gitlab-ci for brevity.

See renovate-bot-multiple-docker-registries for example failing project using this config.

Witnessed Behaviour

Attempting to Renovate a project containing a .gitlab-ci.yml file containing Docker Images (within CI Pipeline Job specs as images) from multiple Docker Registries, results in WARN: No docker auth found - returning logs and the dependencies not being checked for updates.

Limiting the Docker Registries used by the dependencies to a single domain (e.g. Docker Hub or quay.io) allows successful Renovation of those dependencies, but not all Docker Images are available from a single Docker Registry, so that's little use for a project using Images from multiple locations.

Wanted Behaviour

Docker Image dependencies from multiple Docker Registries referenced within a single .gitlab-ci.yml file are correctly detected and checked for updates.

Attempts to fix so far

Tried adding some hostRules to config.js such as

    {
        hostType: 'docker',
        matchHost: 'quay.io'
    }

Possibly Relevant logs

Logs

{"name":"renovate","hostname":"runner-adktqtmd-project-548-concurrent-0hdxhv","pid":14,"level":30,"logContext":"C80xy-ih3crS8Ey3H0PSq","repository":"test-renovate","baseBranch":"main","stats":{"managers":{"gitlabci":{"fileCount":1,"depCount":5}},"total":{"fileCount":1,"depCount":5}},"msg":"Dependency extraction complete","time":"2023-04-10T18:34:05.309Z","v":0}
{"name":"renovate","hostname":"runner-adktqtmd-project-548-concurrent-0hdxhv","pid":14,"level":20,"logContext":"C80xy-ih3crS8Ey3H0PSq","repository":"test-renovate","msg":"GET https://ghcr.io/token?service=ghcr.io&scope=repository:terraform-linters/tflint-bundle:pull = (code=ERR_NON_2XX_3XX_RESPONSE, statusCode=403 retryCount=0, duration=197)","time":"2023-04-10T18:34:05.740Z","v":0}
{"name":"renovate","hostname":"runner-adktqtmd-project-548-concurrent-0hdxhv","pid":14,"level":20,"logContext":"C80xy-ih3crS8Ey3H0PSq","repository":"test-renovate","registryHost":"https://ghcr.io","dockerRepository":"terraform-linters/tflint-bundle","msg":"Not allowed to access docker registry","time":"2023-04-10T18:34:05.740Z","v":0}
{"name":"renovate","hostname":"runner-adktqtmd-project-548-concurrent-0hdxhv","pid":14,"level":20,"logContext":"C80xy-ih3crS8Ey3H0PSq","repository":"test-renovate","err":{"name":"HTTPError","code":"ERR_NON_2XX_3XX_RESPONSE","timings":{"start":1681151645543,"socket":1681151645543,"lookup":1681151645549,"connect":1681151645568,"secureConnect":1681151645587,"upload":1681151645587,"response":1681151645739,"end":1681151645740,"phases":{"wait":0,"dns":6,"tcp":19,"tls":19,"request":0,"firstByte":152,"download":1,"total":197}},"message":"Response code 403 (Forbidden)","stack":"HTTPError: Response code 403 (Forbidden)\n    at Request.<anonymous> (/opt/buildpack/tools/renovate/35.38.0/node_modules/got/dist/source/as-promise/index.js:118:42)\n    at processTicksAndRejections (node:internal/process/task_queues:95:5)","options":{"headers":{"user-agent":"RenovateBot/35.38.0 (https://github.com/renovatebot/renovate)","accept":"application/json","authorization":"***********","accept-encoding":"gzip, deflate, br"},"url":"https://ghcr.io/token?service=ghcr.io&scope=repository:terraform-linters/tflint-bundle:pull","hostType":"docker","username":"","password":"","method":"GET","http2":false},"response":{"statusCode":403,"statusMessage":"Forbidden","body":{"errors":[{"code":"DENIED","message":"denied"}]},"headers":{"content-type":"application/json","docker-distribution-api-version":"registry/2.0","date":"Mon, 10 Apr 2023 18:34:05 GMT","content-length":"50","x-github-request-id":"734C:1DBD:25EDB46:27353F6:6434569D","connection":"close"},"httpVersion":"1.1","retryCount":0}},"msg":"Response code 403 (Forbidden)","time":"2023-04-10T18:34:05.741Z","v":0}
{"name":"renovate","hostname":"runner-adktqtmd-project-548-concurrent-0hdxhv","pid":14,"level":20,"logContext":"C80xy-ih3crS8Ey3H0PSq","repository":"test-renovate","msg":"Failed to get authHeaders for getTags lookup","time":"2023-04-10T18:34:05.741Z","v":0}
{"name":"renovate","hostname":"runner-adktqtmd-project-548-concurrent-0hdxhv","pid":14,"level":20,"logContext":"C80xy-ih3crS8Ey3H0PSq","repository":"test-renovate","dependency":"ghcr.io/terraform-linters/tflint-bundle","packageFile":".gitlab-ci.yml","msg":"Failed to look up docker package ghcr.io/terraform-linters/tflint-bundle","time":"2023-04-10T18:34:05.748Z","v":0}
{"name":"renovate","hostname":"runner-adktqtmd-project-548-concurrent-0hdxhv","pid":14,"level":20,"logContext":"C80xy-ih3crS8Ey3H0PSq","repository":"test-renovate","msg":"getLabels(https://quay.io, keycloak/keycloak, latest)","time":"2023-04-10T18:34:05.758Z","v":0}
{"name":"renovate","hostname":"runner-adktqtmd-project-548-concurrent-0hdxhv","pid":14,"level":20,"logContext":"C80xy-ih3crS8Ey3H0PSq","repository":"test-renovate","msg":"getManifestResponse(https://quay.io, keycloak/keycloak, latest, get)","time":"2023-04-10T18:34:05.758Z","v":0}
{"name":"renovate","hostname":"runner-adktqtmd-project-548-concurrent-0hdxhv","pid":14,"level":20,"logContext":"C80xy-ih3crS8Ey3H0PSq","repository":"test-renovate","msg":"GET https://auth.docker.io/token?service=registry.docker.io&scope=repository:library/node:pull = (code=ERR_NON_2XX_3XX_RESPONSE, statusCode=401 retryCount=0, duration=243)","time":"2023-04-10T18:34:05.871Z","v":0}
{"name":"renovate","hostname":"runner-adktqtmd-project-548-concurrent-0hdxhv","pid":14,"level":20,"logContext":"C80xy-ih3crS8Ey3H0PSq","repository":"test-renovate","registryHost":"https://index.docker.io","dockerRepository":"library/node","msg":"Unauthorized docker lookup","time":"2023-04-10T18:34:05.871Z","v":0}
{"name":"renovate","hostname":"runner-adktqtmd-project-548-concurrent-0hdxhv","pid":14,"level":20,"logContext":"C80xy-ih3crS8Ey3H0PSq","repository":"test-renovate","err":{"name":"HTTPError","code":"ERR_NON_2XX_3XX_RESPONSE","timings":{"start":1681151645628,"socket":1681151645628,"lookup":1681151645630,"connect":1681151645708,"secureConnect":1681151645787,"upload":1681151645787,"response":1681151645870,"end":1681151645871,"phases":{"wait":0,"dns":2,"tcp":78,"tls":79,"request":0,"firstByte":83,"download":1,"total":243}},"message":"Response code 401 (Unauthorized)","stack":"HTTPError: Response code 401 (Unauthorized)\n    at Request.<anonymous> (/opt/buildpack/tools/renovate/35.38.0/node_modules/got/dist/source/as-promise/index.js:118:42)\n    at processTicksAndRejections (node:internal/process/task_queues:95:5)","options":{"headers":{"user-agent":"RenovateBot/35.38.0 (https://github.com/renovatebot/renovate)","accept":"application/json","authorization":"***********","accept-encoding":"gzip, deflate, br"},"url":"https://auth.docker.io/token?service=registry.docker.io&scope=repository:library/node:pull","hostType":"docker","username":"","password":"","method":"GET","http2":false},"response":{"statusCode":401,"statusMessage":"Unauthorized","body":{"details":"incorrect username or password"},"headers":{"content-type":"application/json; charset=utf-8","www-authenticate":"Basic realm=\"auth.docker.io\"","x-trace-id":"9acfc25c52fc74efc6f4c4edca01949e","date":"Mon, 10 Apr 2023 18:34:05 GMT","content-length":"45","strict-transport-security":"max-age=31536000","connection":"close"},"httpVersion":"1.1","retryCount":0}},"msg":"Response code 401 (Unauthorized)","time":"2023-04-10T18:34:05.871Z","v":0}
{"name":"renovate","hostname":"runner-adktqtmd-project-548-concurrent-0hdxhv","pid":14,"level":20,"logContext":"C80xy-ih3crS8Ey3H0PSq","repository":"test-renovate","msg":"Failed to get authHeaders for getTags lookup","time":"2023-04-10T18:34:05.872Z","v":0}
{"name":"renovate","hostname":"runner-adktqtmd-project-548-concurrent-0hdxhv","pid":14,"level":20,"logContext":"C80xy-ih3crS8Ey3H0PSq","repository":"test-renovate","msg":"GET https://auth.docker.io/token?service=registry.docker.io&scope=repository:aquasec/trivy:pull = (code=ERR_NON_2XX_3XX_RESPONSE, statusCode=401 retryCount=0, duration=239)","time":"2023-04-10T18:34:05.873Z","v":0}
{"name":"renovate","hostname":"runner-adktqtmd-project-548-concurrent-0hdxhv","pid":14,"level":20,"logContext":"C80xy-ih3crS8Ey3H0PSq","repository":"test-renovate","registryHost":"https://index.docker.io","dockerRepository":"aquasec/trivy","msg":"Unauthorized docker lookup","time":"2023-04-10T18:34:05.873Z","v":0}
{"name":"renovate","hostname":"runner-adktqtmd-project-548-concurrent-0hdxhv","pid":14,"level":20,"logContext":"C80xy-ih3crS8Ey3H0PSq","repository":"test-renovate","err":{"name":"HTTPError","code":"ERR_NON_2XX_3XX_RESPONSE","timings":{"start":1681151645633,"socket":1681151645633,"lookup":1681151645634,"connect":1681151645711,"secureConnect":1681151645789,"upload":1681151645790,"response":1681151645872,"end":1681151645872,"phases":{"wait":0,"dns":1,"tcp":77,"tls":78,"request":1,"firstByte":82,"download":0,"total":239}},"message":"Response code 401 (Unauthorized)","stack":"HTTPError: Response code 401 (Unauthorized)\n    at Request.<anonymous> (/opt/buildpack/tools/renovate/35.38.0/node_modules/got/dist/source/as-promise/index.js:118:42)\n    at processTicksAndRejections (node:internal/process/task_queues:95:5)","options":{"headers":{"user-agent":"RenovateBot/35.38.0 (https://github.com/renovatebot/renovate)","accept":"application/json","authorization":"***********","accept-encoding":"gzip, deflate, br"},"url":"https://auth.docker.io/token?service=registry.docker.io&scope=repository:aquasec/trivy:pull","hostType":"docker","username":"","password":"","method":"GET","http2":false},"response":{"statusCode":401,"statusMessage":"Unauthorized","body":{"details":"incorrect username or password"},"headers":{"content-type":"application/json; charset=utf-8","www-authenticate":"Basic realm=\"auth.docker.io\"","x-trace-id":"0a08eb083b79c771a610a11199e0653c","date":"Mon, 10 Apr 2023 18:34:05 GMT","content-length":"45","strict-transport-security":"max-age=31536000","connection":"close"},"httpVersion":"1.1","retryCount":0}},"msg":"Response code 401 (Unauthorized)","time":"2023-04-10T18:34:05.873Z","v":0}
{"name":"renovate","hostname":"runner-adktqtmd-project-548-concurrent-0hdxhv","pid":14,"level":20,"logContext":"C80xy-ih3crS8Ey3H0PSq","repository":"test-renovate","msg":"Failed to get authHeaders for getTags lookup","time":"2023-04-10T18:34:05.873Z","v":0}
{"name":"renovate","hostname":"runner-adktqtmd-project-548-concurrent-0hdxhv","pid":14,"level":20,"logContext":"C80xy-ih3crS8Ey3H0PSq","repository":"test-renovate","dependency":"node","packageFile":".gitlab-ci.yml","msg":"Failed to look up docker package node","time":"2023-04-10T18:34:05.876Z","v":0}
{"name":"renovate","hostname":"runner-adktqtmd-project-548-concurrent-0hdxhv","pid":14,"level":20,"logContext":"C80xy-ih3crS8Ey3H0PSq","repository":"test-renovate","dependency":"aquasec/trivy","packageFile":".gitlab-ci.yml","msg":"Failed to look up docker package aquasec/trivy","time":"2023-04-10T18:34:05.876Z","v":0}
{"name":"renovate","hostname":"runner-adktqtmd-project-548-concurrent-0hdxhv","pid":14,"level":20,"logContext":"C80xy-ih3crS8Ey3H0PSq","repository":"test-renovate","msg":"GET https://gitlab.com/jwt/auth?service=container_registry&scope=repository:gitlab-org/terraform-images/releases/1.4:pull = (code=ERR_NON_2XX_3XX_RESPONSE, statusCode=401 retryCount=0, duration=320)","time":"2023-04-10T18:34:05.981Z","v":0}
{"name":"renovate","hostname":"runner-adktqtmd-project-548-concurrent-0hdxhv","pid":14,"level":20,"logContext":"C80xy-ih3crS8Ey3H0PSq","repository":"test-renovate","registryHost":"https://registry.gitlab.com","dockerRepository":"gitlab-org/terraform-images/releases/1.4","msg":"Unauthorized docker lookup","time":"2023-04-10T18:34:05.981Z","v":0}
{"name":"renovate","hostname":"runner-adktqtmd-project-548-concurrent-0hdxhv","pid":14,"level":20,"logContext":"C80xy-ih3crS8Ey3H0PSq","repository":"test-renovate","err":{"name":"HTTPError","code":"ERR_NON_2XX_3XX_RESPONSE","timings":{"start":1681151645660,"socket":1681151645660,"lookup":1681151645661,"connect":1681151645664,"secureConnect":1681151645670,"upload":1681151645670,"response":1681151645980,"end":1681151645980,"phases":{"wait":0,"dns":1,"tcp":3,"tls":6,"request":0,"firstByte":310,"download":0,"total":320}},"message":"Response code 401 (Unauthorized)","stack":"HTTPError: Response code 401 (Unauthorized)\n    at Request.<anonymous> (/opt/buildpack/tools/renovate/35.38.0/node_modules/got/dist/source/as-promise/index.js:118:42)\n    at processTicksAndRejections (node:internal/process/task_queues:95:5)","options":{"headers":{"user-agent":"RenovateBot/35.38.0 (https://github.com/renovatebot/renovate)","accept":"application/json","authorization":"***********","accept-encoding":"gzip, deflate, br"},"url":"https://gitlab.com/jwt/auth?service=container_registry&scope=repository:gitlab-org/terraform-images/releases/1.4:pull","hostType":"docker","username":"","password":"","method":"GET","http2":false},"response":{"statusCode":401,"statusMessage":"Unauthorized","body":{"errors":[{"code":"UNAUTHORIZED","message":"HTTP Basic: Access denied. The provided password or token is incorrect or your account has 2FA enabled and you must use a personal access token instead of a password. See https://gitlab.com/help/user/profile/account/two_factor_authentication#troubleshooting"}]},"headers":{"date":"Mon, 10 Apr 2023 18:34:05 GMT","content-type":"application/json; charset=utf-8","content-length":"306","connection":"close","cache-control":"no-cache","content-security-policy":"base-uri 'self'; child-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com https://www.googletagmanager.com/ns.html https://*.zuora.com/apps/PublicHostedPageLite.do https://gitlab.com/admin/ https://gitlab.com/assets/ https://gitlab.com/-/speedscope/index.html https://gitlab.com/-/sandbox/ https://gitlab.com/assets/ blob: data:; connect-src 'self' https://gitlab.com wss://gitlab.com https://sentry.gitlab.net https://new-sentry.gitlab.net https://customers.gitlab.com https://snowplow.trx.gitlab.net https://sourcegraph.com; default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self' https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-cloudresourcemanager.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://*.codesandbox.io https://customers.gitlab.com https://*.zuora.com/apps/PublicHostedPageLite.do; img-src * data: blob:; manifest-src 'self'; media-src 'self' data: http: https:; object-src 'none'; report-uri https://sentry.gitlab.net/api/105/security/?sentry_key=a42ea3adc19140d9a6424906e12fba86; script-src 'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/ https://apis.google.com https://*.zuora.com/apps/PublicHostedPageLite.do 'nonce-ovSzPJ+VOqWnOss7Wb4Fcw=='; style-src 'self' 'unsafe-inline'; worker-src https://gitlab.com blob: data:; form-action 'self' https: http: https:","referrer-policy":"strict-origin-when-cross-origin","vary":"Accept, Accept-Encoding","x-content-type-options":"nosniff","x-download-options":"noopen","x-frame-options":"SAMEORIGIN","x-gitlab-custom-error":"1","x-permitted-cross-domain-policies":"none","x-request-id":"01GXP74P2GYT0R6RWV8GR12W99","x-runtime":"0.150539","x-xss-protection":"1; mode=block","gitlab-lb":"fe-14-lb-gprd","gitlab-sv":"web-gke-us-east1-d","cf-cache-status":"MISS","report-to":"{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=rOWb1sNV9vDC0kd3j2tngM9fVjElw3R7X8BMFSzW3vTK0J5cPDCkvnJ2d8%2FfTLIGiAeWQl6dfFl9xNX9LMIYkX5k8WTLhvwoci4TvmFL7hfNn5vQvR2DCVlaJoU%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}","nel":"{\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}","strict-transport-security":"max-age=31536000","set-cookie":["_cfuvid=TPT9lAHPpB7kF8AyrMPaGhQfope6tmVRZe0VVZSmG6I-1681151645978-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None"],"server":"cloudflare","cf-ray":"7b5d14f97b644599-LHR"},"httpVersion":"1.1","retryCount":0}},"msg":"Response code 401 (Unauthorized)","time":"2023-04-10T18:34:05.981Z","v":0}
{"name":"renovate","hostname":"runner-adktqtmd-project-548-concurrent-0hdxhv","pid":14,"level":20,"logContext":"C80xy-ih3crS8Ey3H0PSq","repository":"test-renovate","msg":"Failed to get authHeaders for getTags lookup","time":"2023-04-10T18:34:05.981Z","v":0}
{"name":"renovate","hostname":"runner-adktqtmd-project-548-concurrent-0hdxhv","pid":14,"level":20,"logContext":"C80xy-ih3crS8Ey3H0PSq","repository":"test-renovate","dependency":"registry.gitlab.com/gitlab-org/terraform-images/releases/1.4","packageFile":".gitlab-ci.yml","msg":"Failed to look up docker package registry.gitlab.com/gitlab-org/terraform-images/releases/1.4","time":"2023-04-10T18:34:05.984Z","v":0}
{"name":"renovate","hostname":"runner-adktqtmd-project-548-concurrent-0hdxhv","pid":14,"level":20,"logContext":"C80xy-ih3crS8Ey3H0PSq","repository":"test-renovate","msg":"GET https://quay.io/v2/auth?service=quay.io&scope=repository:keycloak/keycloak:pull = (code=ERR_NON_2XX_3XX_RESPONSE, statusCode=401 retryCount=0, duration=314)","time":"2023-04-10T18:34:06.401Z","v":0}
{"name":"renovate","hostname":"runner-adktqtmd-project-548-concurrent-0hdxhv","pid":14,"level":40,"logContext":"C80xy-ih3crS8Ey3H0PSq","repository":"test-renovate","msg":"No docker auth found - returning","time":"2023-04-10T18:34:06.401Z","v":0}

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
.gitlab-ci.yml		.gitlab-ci.yml
README.md		README.md
config.js		config.js
renovate.json		renovate.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

renovate-bot

Witnessed Behaviour

Wanted Behaviour

Attempts to fix so far

Possibly Relevant logs

About

Releases

Packages

Languages

ChrisSamo632/renovate-bot-example

Folders and files

Latest commit

History

Repository files navigation

renovate-bot

Witnessed Behaviour

Wanted Behaviour

Attempts to fix so far

Possibly Relevant logs

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages