How to Use Mend Renovate with GitHub Actions

mend renovate github actions

GitHub Actions is a CI/CD platform that enables users to reduce the number of manual steps in a sequence of actions. They can be used to execute code by adding tests or checks in the integration pipeline. Creating a workflow that is responsible for the code pipeline is one way to accomplish this goal. Hence, users are given the ability to develop workflows through the use of GitHub Actions, which can then be used to compile, test, and deploy code in both the staging area and the production environment. In addition to this, it enables the creation of integrations as well as continuous deployments within the organization.

How Does GitHub Actions Work?

a pictorial representation of the workflow in GitHub Actions, which includes the steps publish plugin, tag, install, build, and archive.

GitHub Actions stores the majority of its code packages on the GitHub Package Registry. This particular registry is a package repository that is used for storing and retrieving code packages. In order to create a workflow, users are required to create a .yml file, which will then be placed in the .github/workflows directory.

This file consists of a name, on, jobs, and steps. The name is used to identify the workflow, while the on keyword is used to specify when the workflow should be executed. The jobs keyword is used to specify the different steps that need to be executed in order for the workflow to complete. Finally, the steps keyword is used to specify the actual commands that need to be executed in order to complete the desired task.

GitHub Actions employs Docker containers because they can run on local servers as well as public clouds. Thus, you only need to configure it once and it will operate like a charm every time with any form of programming.  This helps in the easy management of deployments.

There are a number of distinct components that make up GitHub Actions, such as a workflow, which is an automated procedure that may be configured in such a way that it will simultaneously execute many jobs. Workflows are almost always written in a YAML file that is kept in your repository, and this file will cause the workflow to run when it is triggered by an event in the repository. Alternatively, workflows can be manually activated, or they can be triggered according to a predetermined timetable.

Next, we have an event, which is a distinct action carried out within a repository that causes a workflow to be executed. Events refer to actions like someone creating a pull request, filing an issue, or pushing a commit to a repository on GitHub (if, for instance, that person is engaging in an activity that can originate from GitHub). A process can also be triggered to execute manually, according to a predefined schedule, or by posting to a REST API.

The other component is referred to as a job, which is a collection of workflow steps that are carried out by the same runner. Each and every step is either a shell script that will be run or an action that will be run. Neither of these options is a combination of the two. The steps are carried out in the sequence listed, and their outcomes are reliant on one another. For example, the output of the first result may be utilized in the second result. Due to the fact that each step is done on the same runner, it is possible to communicate data from one step to the next.

Benefits of Using GitHub Actions

Automating Repetitive Tasks

When developing software, one can utilize GitHub Actions to automate a large number of the processes and steps involved in the process. Whether you are creating a new pull request, inviting a new contributor to your repository, merging a pull request containing dependency updates into a repository, or integrating new services or a third-party application to your repository, there is always something going on in your repository. GitHub Actions makes it possible to automate an almost infinite number of tasks in a straightforward manner.

Tracking All Your Projects

You may use GitHub Actions to monitor every application build and code deployment, measure the performance of the application and the code, and track any faults that have occurred. This tracking can be done with any of the third-party tools or with any of your own custom tools. GitHub Actions have the ability to generate live logs, allowing you to easily monitor the progress of your workflows in real time. Using the information provided by these live logs, you can easily identify any mistakes and take any corrective actions that may be required.

Managing Contributors on Projects

When we talk about GitHub, we’re talking about a lot of organizations that build different kinds of open source repositories and invite a lot of contributors to work on those projects or repositories. Assigning developer permissions, such as what a developer can deploy and perform, notifying reviewers of new pull requests, auto-merging pull requests after they have been reviewed, and other such conditions can be set as the organization’s rules with the help of GitHub Actions. This allows organizations to manage every authorization with relative ease, regardless of whether the developers are from within the company or from another organization (when working on open source).

Using Renovate with GitHub Actions 

When we talk about automating a wide variety of jobs or workflows, there are a lot of things that are readily automatable, such as dependency management. Managing dependencies may be a challenging endeavor for many organizations because there are many projects that are constantly being put into operation, making dependency management a potentially challenging task. Thus, dependency management using GitHub Actions becomes very simple. It allows you to automate the dependency management process. 

When it comes to managing dependencies, a useful open source tool called Renovate is available. It can integrate with GitHub Actions, and it possesses a lot of different functionalities. This tool was designed for both developers and DevOps, and has the capability of generating pull requests for dependency updates automatically. This pull request provides you with all of the information about the changelog of that update, allowing you to simply and intelligently choose whether or not you need to update it.

To integrate Renovate with GitHub Actions, we need to write a simple YAML code as GitHub Action workflows can only be written in YAML. Renovate has different versions and configuration options you can use based on your preferences. 

There are two approaches that can be used to configure Renovate with GitHub Actions. Either you can create an app or you can use a personal access token. It is recommended that you generate the personal access token with the repo:public repo scope in order to use it with just public repositories. Alternatively, you can use it with the repo scope for use with both public and private repositories. It is also recommended that it be added to Secrets with the name RENOVATE TOKEN.

A screenshot of the page asking you to select scopes to define access for personal tokens.

RENOVATE TOKEN is the name of the GitHub secret token that serves as the configuration for the personal access token. However, you can choose any name as per your convenience just to make the tracking and usage better. To ensure accurate tracking and utilization, you need to save the token in the repo’s renovate-config.js file.

This code should have to be used to configure the workflow when you are using a personal token. You can generate a personal token by logging in to GitHub, then navigating to settings, then developer tools, and then personal access token.

A screenshot of the personal access tokens page where you can generate new tokens.

Click on generate personal access token to generate a new token which can be used further.

name: Renovate
    # string has to be quoted.
    – cron: ‘0/15 * * * *’
    runs-on: ubuntu-latest
      – name: Checkout
        uses: actions/[email protected]
      – name: Self-hosted Renovate
        uses: renovatebot/[email protected]
          configurationFile: repo/renovate-config.js
          token: ${{ secrets.RENOVATE_TOKEN }}

Save your personal access token in your $repo/renovate-config.js with the name RENOVATE_TOKEN.

This code can directly be deployed to production as a GitHub Actions workflow and it will start working like a charm.

A screenshot of the code once it is ready to be deployed.

The other option is to create a GitHub app with contents:read and write, Metadata:Read-Only, Pull Request: Read and write permissions as shown in the screenshot below. 

A screenshot of the permissions and events page where you can assign repository permissions.
A screenshot of the permissions assigned to contents (read and write access), pull requests (read and write access) and metadata (read only).

Once the app has been created, the code to automate the workflow will look like this:

name: Renovate
# string has to be quoted.
cron: ‘0/15 * * * *’

runs-on: ubuntu-latest
  name: Get token
    id: get_token
    uses: machine-learning-apps/actions-app-token@master
      APP_PEM: ${{ secrets.APP_PEM }}
      APP_ID: ${{ secrets.APP_ID }}

  name: Checkout
    uses: actions/[email protected]

  name: Self-hosted Renovate
    uses: renovatebot/[email protected]
      configurationFile: repo/renovate-config.js
      token: ‘x-access-token:${{ steps.get_token.outputs.app_token }}

For the configuration of this code to work correctly, you will also need access to a private access token in addition to the PEM and the APP ID. Using the APP ID, create a new private key for the app, and then save it as a secret in the repository using the APP PEM namespace. This is the repository from which the action will be executed. The APP PEM file needs to be encoded using base64. You can encrypt the file containing your private key in the terminal using this method:

cat your_app_key.pem | base64 -w 0 && echo
A screenshot of the APP PEM file being encoded using base64.

Once you have the code, you can push this workflow to production, and it will immediately begin functioning normally. When you deploy the code, a new folder called “.github” will be created in the repository. Inside of that new folder will be a subdirectory called workflows, which will include this workflow.


There are a number of distinct workflows, all of which are easily amenable to automation by the business. This is primarily used to build, test, and deploy the code in production, but as it has a lot of various benefits, such as automating dependency management using GitHub Actions, it is being used for other purposes as well. Since a large number of dependencies are being used and need to be updated frequently, Renovate is helpful in keeping track of them and making sure they are updated as new versions are released. Hence, automating tasks can reduce burdens and can save a lot of resources for the organization.

Leave a Comment