Renovate is a cross-platform dependency update automation tool. This package includes patches specifically for Nix flake support.
Installation
Run directly
nix run github:spotdemo4/nur#renovate
Add to flake
devShells.default = pkgs.mkShell {
packages = with pkgs.trev; [
renovate
];
};
Patches included
This version of Renovate is patched with renovate#40282 to fix Nix flake updates.
- Flake input update detection
- Lock file parsing for flake.lock
- Version comparison for Nix inputs
Usage
Create a renovate.json configuration file:
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:base"
],
"nix": {
"enabled": true
}
}
Run locally
Run Renovate on your repository:
renovate --token=$GITHUB_TOKEN your-org/your-repo
Dry run
Preview what Renovate would do:
renovate --dry-run --token=$GITHUB_TOKEN your-org/your-repo
Nix flake support
Renovate automatically detects and updates Nix flake inputs:
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
flake-utils.url = "github:numtide/flake-utils";
};
- Monitor these inputs for updates
- Create PRs when new versions are available
- Update
flake.lock automatically
GitHub Actions integration
Run Renovate automatically with GitHub Actions:
.github/workflows/renovate.yml
name: Renovate
on:
schedule:
- cron: '0 0 * * *' # Daily at midnight
workflow_dispatch:
jobs:
renovate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v27
with:
extra_nix_config: |
extra-substituters = https://nix.trev.zip
extra-trusted-public-keys = trev:I39N/EsnHkvfmsbx8RUW+ia5dOzojTQNCTzKYij1chU=
- name: Run Renovate
run: |
nix run github:spotdemo4/nur#renovate -- \
--token=${{ secrets.RENOVATE_TOKEN }} \
${{ github.repository }}
Advanced configuration
Automerge patch updates
{
"packageRules": [
{
"matchUpdateTypes": ["patch"],
"automerge": true
}
]
}
{
"packageRules": [
{
"groupName": "nix-inputs",
"matchManagers": ["nix"]
}
]
}
Schedule updates
{
"schedule": [
"before 5am on monday"
],
"timezone": "America/New_York"
}
{
"nix": {
"pinDigests": true
},
"packageRules": [
{
"matchManagers": ["nix"],
"matchPackageNames": ["nixpkgs"],
"allowedVersions": "/nixpkgs-unstable$/"
}
]
}
Validation
Validate your Renovate configuration:
renovate-config-validator
- JSON syntax errors
- Invalid configuration options
- Deprecated settings
Common workflows
Update all dependencies
renovate --token=$GITHUB_TOKEN --autodiscover
Update specific repository
renovate --token=$GITHUB_TOKEN owner/repo
Self-hosted Renovate
Run Renovate as a self-hosted service:
systemd.services.renovate = {
description = "Renovate Dependency Updates";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.trev.renovate}/bin/renovate";
Environment = [
"RENOVATE_TOKEN_FILE=/run/secrets/renovate-token"
"RENOVATE_CONFIG_FILE=/etc/renovate/config.json"
];
};
};
systemd.timers.renovate = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
};
};
- GitHub
- GitLab
- Bitbucket
- Gitea
- Azure DevOps
Supported languages
- JavaScript/TypeScript (npm, yarn, pnpm)
- Python (pip, poetry, pipenv)
- Go (go modules)
- Rust (cargo)
- Ruby (bundler)
- PHP (composer)
- Nix (flakes) ← Enhanced with patches
Combine Renovate with flake-release to fully automate your dependency updates and release process.
Always review Renovate PRs before merging, especially for major version updates that may include breaking changes.
Links
