Skip to content

Add Renovate support#125982

Open
mthalman wants to merge 2 commits intodotnet:mainfrom
mthalman:dev/mthalman/renovate
Open

Add Renovate support#125982
mthalman wants to merge 2 commits intodotnet:mainfrom
mthalman:dev/mthalman/renovate

Conversation

@mthalman
Copy link
Member

@mthalman mthalman commented Mar 23, 2026
edited
Loading

Adds Renovate support via a pipeline that will keep configured dependencies up-to-date.

This initial configuration is set to use image digest pinning for the container images used in the builds. This is configured such that it will automatically update any image name in the tracked files so any new images that get manually added to this file can just reference the tag name and Renovate will do the rest by updating it to the digest on the next run.

My assumption is that we don't want digest pinning done for Helix images which would continue to be referenced by tag. Includes support for digest pinning on Helix images.

Example dry run (internal link)

Contributes to #113455

@dotnet-policy-service
Copy link
Contributor

dotnet-policy-service bot commented Mar 23, 2026

Tagging subscribers to this area: @dotnet/runtime-infrastructure
See info in area-owners.md if you want to be subscribed.

Copilot AI reviewed Mar 23, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds Renovate support to dotnet/runtime via an Azure DevOps pipeline, with an initial Renovate configuration focused on digest-pinning container images referenced by the shared pipeline-with-resources.yml template.

Changes:

  • Add eng/renovate.json to configure Renovate with a custom regex manager for updating Docker image digests in pipeline-with-resources.yml.
  • Add eng/pipelines/runtime-renovate.yml to run Renovate on a scheduled basis using the shared Arcade Renovate pipeline template.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
eng/renovate.json Renovate configuration enabling a custom regex manager + digest pinning rules targeting the pipeline container image list.
eng/pipelines/runtime-renovate.yml New scheduled pipeline that extends the shared Renovate stages template and points at eng/renovate.json.

@jkotas
Copy link
Member

jkotas commented Mar 23, 2026

My assumption is that we don't want digest pinning done for Helix images which would continue to be referenced by tag.

Why not?

@mthalman
Copy link
Member Author

mthalman commented Mar 23, 2026

My assumption is that we don't want digest pinning done for Helix images which would continue to be referenced by tag.

Why not?

I thought I recall from past conversations that that was the direction but I could be mistaken. It was a long time ago. I'm happy to broaden the scope.

@mthalman
Copy link
Member Author

mthalman commented Mar 23, 2026

Also be aware that the context of why images are being updated will not be provided in the PR generated by Renovate. There's an issue logged to improve that: dotnet/arcade#16602

@build-analysis build-analysis bot mentioned this pull request Mar 24, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@akoeplinger akoeplinger Awaiting requested review from akoeplinger

@richlander richlander Awaiting requested review from richlander

@jkotas jkotas Awaiting requested review from jkotas

At least 1 approving review is required to merge this pull request.

Assignees

@mthalman mthalman

Labels

area-Infrastructure

Projects

Runtime Infra
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mthalman @jkotas