renovate/lib/modules/platform/azure/readme.md

5.0 KiB

Azure DevOps and Azure DevOps Server

Authentication

First, create a Personal Access Token for the bot account. Let Renovate use your PAT by doing one of the following:

  • Set your PAT as a token in your config.js file
  • Set your PAT as an environment variable RENOVATE_TOKEN
  • Set your PAT when you run Renovate in the CLI with --token=

Permissions for your PAT should be at minimum:

Scope Permission Description
Code Read & Write Required
Work Items Read & write Only needed for link to work item

Remember to set platform=azure somewhere in your Renovate config file.

Running Renovate in Azure Pipelines

Setting up a new pipeline

Create a brand new pipeline within Azure DevOps, and select your source: Azure DevOps create new pipeline{ loading=lazy }

Then select your repository.

Within Configure your pipeline select: Starter pipeline Azure DevOps starter pipeline template{ loading=lazy }

Replace all content in the starter pipeline with:

schedules:
  - cron: '0 3 * * *'
    displayName: 'Every day at 3am (UTC)'
    branches:
      include: [main]
    always: true

trigger: none

pool:
  vmImage: ubuntu-latest

steps:
  - task: npmAuthenticate@0
    inputs:
      workingFile: .npmrc

  - bash: |
      git config --global user.email 'bot@renovateapp.com'
      git config --global user.name 'Renovate Bot'
      npx --userconfig .npmrc renovate      
    env:
      RENOVATE_PLATFORM: azure
      RENOVATE_ENDPOINT: $(System.CollectionUri)
      RENOVATE_TOKEN: $(System.AccessToken)

Create a .npmrc file

Create a .npmrc file in your repository:

registry=https://pkgs.dev.azure.com/YOUR-ORG/_packaging/YOUR-FEED/npm/registry/
always-auth=true

For the registry key, replace YOUR-ORG with your Azure DevOps organization and YOUR-FEED with your Azure Artifacts feed.

Create a config.js file

Create a config.js file in your repository:

module.exports = {
  hostRules: [
    {
      hostType: 'npm',
      matchHost: 'pkgs.dev.azure.com',
      username: 'apikey',
      password: process.env.RENOVATE_TOKEN,
    },
  ],
  repositories: ['YOUR-PROJECT/YOUR-REPO'],
};

For the repositories key, replace YOUR-PROJECT/YOUR-REPO with your Azure DevOps project and repository.

Yarn users

To do a successful yarn install you need to match the URL of the registry fully. Use the matchHost config option to specify the full path to the registry.

module.exports = {
  platform: 'azure',
  hostRules: [
    {
      matchHost:
        'https://myorg.pkgs.visualstudio.com/_packaging/myorg/npm/registry/',
      token: process.env.RENOVATE_TOKEN,
      hostType: 'npm',
    },
    {
      matchHost: 'github.com',
      token: process.env.GITHUB_COM_TOKEN,
    },
  ],
  repositories: ['YOUR-PROJECT/YOUR-REPO'],
};

Put this in your repository's .npmrc file:

registry=https://myorg.pkgs.visualstudio.com/_packaging/myorg/npm/registry/
always-auth=true

Add renovate.json file

Additionally, you can create a renovate.json file (which holds the Renovate configuration) in the root of the repository you want to update. Read more about the Renovate configuration options

Using a single pipeline to update multiple repositories

If you want to use a single Renovate pipeline to update multiple repositories you must take the following steps.

Add the names of the repositories to config.js. Make sure that the "Project Collection Build Service (YOUR-PROJECT)" user has the following permissions on the repositories:

  • Contribute
  • Contribute to pull requests
  • Create branch
  • Read

The user must have the following permission at Project-level:

  • View project-level information

Linking a work item to the Pull Requests

If you want Renovate to automatically link an existing work item to the Pull Requests, you can set the azureWorkItemId configuration. Make sure the user has the following permissions on the work item's area path:

  • Edit work items in this node
  • View work items in this node

If the user does not have these permissions, Renovate still creates a PR but it won't have a link to the work item.

Adding tags to Pull Requests

Tags can be added to Pull Requests using the labels or addLabels configurations. If the tag does not exist in the DevOps project, it will be created automatically during creation of the Pull Request as long as the user has the permissions at Project-level:

  • Create tag definition

Otherwise, when a tag does not exist and the user does not have permission to create it, Renovate will output an error during creation of the Pull Request.