5.0 KiB
Azure DevOps and Azure DevOps Server
Authentication
First, create a Personal Access Token for the bot account. Let Renovate use your PAT by doing one of the following:
- Set your PAT as a
token
in yourconfig.js
file - Set your PAT as an environment variable
RENOVATE_TOKEN
- Set your PAT when you run Renovate in the CLI with
--token=
Permissions for your PAT should be at minimum:
Scope | Permission | Description |
---|---|---|
Code |
Read & Write | Required |
Work Items |
Read & write | Only needed for link to work item |
Remember to set platform=azure
somewhere in your Renovate config file.
Running Renovate in Azure Pipelines
Setting up a new pipeline
Create a brand new pipeline within Azure DevOps, and select your source: { loading=lazy }
Then select your repository.
Within Configure your pipeline select: Starter pipeline { loading=lazy }
Replace all content in the starter pipeline with:
schedules:
- cron: '0 3 * * *'
displayName: 'Every day at 3am (UTC)'
branches:
include: [main]
always: true
trigger: none
pool:
vmImage: ubuntu-latest
steps:
- task: npmAuthenticate@0
inputs:
workingFile: .npmrc
- bash: |
git config --global user.email 'bot@renovateapp.com'
git config --global user.name 'Renovate Bot'
npx --userconfig .npmrc renovate
env:
RENOVATE_PLATFORM: azure
RENOVATE_ENDPOINT: $(System.CollectionUri)
RENOVATE_TOKEN: $(System.AccessToken)
Create a .npmrc file
Create a .npmrc
file in your repository:
registry=https://pkgs.dev.azure.com/YOUR-ORG/_packaging/YOUR-FEED/npm/registry/
always-auth=true
For the registry
key, replace YOUR-ORG
with your Azure DevOps organization and YOUR-FEED
with your Azure Artifacts feed.
Create a config.js file
Create a config.js
file in your repository:
module.exports = {
hostRules: [
{
hostType: 'npm',
matchHost: 'pkgs.dev.azure.com',
username: 'apikey',
password: process.env.RENOVATE_TOKEN,
},
],
repositories: ['YOUR-PROJECT/YOUR-REPO'],
};
For the repositories
key, replace YOUR-PROJECT/YOUR-REPO
with your Azure DevOps project and repository.
Yarn users
To do a successful yarn install
you need to match the URL of the registry fully.
Use the matchHost
config option to specify the full path to the registry.
module.exports = {
platform: 'azure',
hostRules: [
{
matchHost:
'https://myorg.pkgs.visualstudio.com/_packaging/myorg/npm/registry/',
token: process.env.RENOVATE_TOKEN,
hostType: 'npm',
},
{
matchHost: 'github.com',
token: process.env.GITHUB_COM_TOKEN,
},
],
repositories: ['YOUR-PROJECT/YOUR-REPO'],
};
Put this in your repository's .npmrc
file:
registry=https://myorg.pkgs.visualstudio.com/_packaging/myorg/npm/registry/
always-auth=true
Add renovate.json file
Additionally, you can create a renovate.json
file (which holds the Renovate configuration) in the root of the repository you want to update.
Read more about the Renovate configuration options
Using a single pipeline to update multiple repositories
If you want to use a single Renovate pipeline to update multiple repositories you must take the following steps.
Add the names of the repositories to config.js
.
Make sure that the "Project Collection Build Service (YOUR-PROJECT)" user has the following permissions on the repositories:
- Contribute
- Contribute to pull requests
- Create branch
- Read
The user must have the following permission at Project-level:
- View project-level information
Linking a work item to the Pull Requests
If you want Renovate to automatically link an existing work item to the Pull Requests, you can set the azureWorkItemId
configuration.
Make sure the user has the following permissions on the work item's area path:
- Edit work items in this node
- View work items in this node
If the user does not have these permissions, Renovate still creates a PR but it won't have a link to the work item.
Adding tags to Pull Requests
Tags can be added to Pull Requests using the labels
or addLabels
configurations.
If the tag does not exist in the DevOps project, it will be created automatically during creation of the Pull Request as long as the user has the permissions at Project-level:
- Create tag definition
Otherwise, when a tag does not exist and the user does not have permission to create it, Renovate will output an error during creation of the Pull Request.