docker-lock VS renovate

I do both! I tag my services with :latest, then use docker-lock. It scans your docker and docker-compose, generates a lock file and adds the current sha to git. That lets me freely update because I can always go get the previous version from git, rollback, and pin the version for that specific container if there is a problem. It really is the best of both worlds.

Nice! I was thinking about building something similar -- just filed an issue for how you might extend this to work for migrating registries.

Pleasantly surprised to come across this PR: https://github.com/safe-waters/docker-lock/pull/73

This is a perfect application of crane :)

Navigate to the Mend Renovate App on the GitHub Marketplace: https://github.com/apps/renovate.

You commit your docker-compose.yml file(s) to a GitHub repo (don't commit secrets!!), then add the Renovate App to your repo, merge the onboarding PR, then you'll get PRs when an image is updated.

I can't figure out and my google-fu is failing but what is the difference between using the Renovate App [https://github.com/apps/renovate] and using the Action [https://github.com/renovatebot/github-action]

renovate[bot] posted on May 05, 2023

I want to gather some statistics to see for example how many repositories have installed Renovate: https://github.com/apps/renovate

Use a dependency updater like dependabot or https://github.com/apps/renovate.

On the GitHub Marketplace, search for the Renovate app and click install. Select the organization or account where you wish to install Renovate. Next, choose whether to install Renovate across all of your repositories or just one particular one. We will only select one repository in this article.

It's a breeze to set up Renovate on your repositories. Just browse the GitHub Renovate app and click on the big gree Install button in the top right corner. Choose which organization and which repositories you'll install Renovate in.

Firstly, you'd want to integrate Renovate with your GitHub account from here. Then click install, and follow the steps as instructed. While configuring, Renovate lets you decide, if it should run on all the repositories by default or to run on only on specified repositories, select the option as you wish (Note: If you'd want, Renovate to run on forked repositories, Selecting All repositories would skip forked repos by default, in such cases, you'd want to manually add the forked repo(s)). Soon after setting up Renovate with the required repositories, an onboarding PR is submitted by the Renovate bot which contains information like configuration summary and what packages/dependencies are supposed to be upgraded. For demonstration purposes, I've forked a repo from my GitHub account that is supposedly a mobile application built on React Native, which is no longer maintained, so it'd serve as a good example to test on. If you follow the above steps correctly, you should see an onboarding PR similar to this:

Setting up Renovate is a matter of installing the hosted app, and configuring it by adding a renovate.json in the root of the repository. You can also install and run the Renovate CLI tool to get feedback on all your commits.