Photo by Roman Synkevych on Unsplash

Automating Dependency Updates for Docker Projects

Divine Odazie
Divine Odazie

Table of Contents

This article was originally posted on Divine Odazie's blog.

A dependency is an external standalone library organized into packages to perform a specific task. Dependency management is the process of identifying, installing, and resolving dependencies in a software project's codebase. If your software has dependencies (which it probably does), dependency management becomes crucial for your application to function successfully.

For example, suppose you create a chat app and want to encrypt your chat messages. In such a case, you can use an external library created by someone else for the encryption. Your chat app now has a dependency—the encryption library— that it needs to run properly.

Managing dependencies is not for the faint-hearted. Software developers making changes in their codebase may run into bugs because of a "dependency mismatch". Thus, you need to keep up with dependency updates. In a single software project, keeping up with dependencies may be possible. But, in software projects with several codebases, even the most experienced developers quickly descend into dependency hell.

Contributors/supporters of these dependencies push updates regularly, and as time goes on, versions in codebases become outdated. In the past, developers have had to remember and update these dependencies manually. Still, as developers build more multi-container applications and dependencies are updated regularly, it becomes impossible to update manually. Hence, tools have been created to automate the process.

To automate dependency updates for Docker projects, one can use a tool like WhiteSource Renovate. Renovate is a free tool that checks and updates dependency declaration files (such as pom.xml, build.gradle, package.json, etc.) and create pull requests automatically. This article will show you how to use the WhiteSource Renovate Docker image (same content/versions as the CLI tool) to automate dependency updates for Docker projects.

How to Use Renovate on Docker Projects

Renovate Self-Hosting supports updating dependencies in various Docker definition files, like:

  • Docker's Dockerfile files
  • Docker Compose docker-compose.yml files
  • Kubernetes manifest files, etc.

You can configure Renovate to the workflow of your choice (grouping, scheduling, pull requests on-demand, etc.).

In this article, you will learn how to configure Renovate for pull requests on-demand. Using a docker-compose.yml file when you run docker-compose up starts all the services, including Renovate. Renovate checks and updates dependency declaration files of defined Git repositories and pushes pull requests automatically.

pull and run Renovate’s Docker Image

After you have your dockerized software projects, the first thing you need to do is pull the Renovate Docker image from Docker Hub:

$ docker pull renovate/renovate

After pulling the image, you can try running it using:

$ docker run --rm renovate/renovate

The above command will return a fatal error: "You must configure a GitHub personal access token".

Renovate run error

To configure a GitHub personal access token, you need to create a config.js file with Renovate configurations and map it to /usr/src/app/config.js using Docker volumes. The config.js will contain all the Renovate configurations to GitHub to automate dependency updates of defined Git repositories and create pull requests.

Configure Renovate with GitHub

Create a config.js in your Docker projects directory. In the config.js file configure Renovate:

module.exports = {
    endpoint: 'https://api.github.com/',
    token: 'GITHUB_ACCESS_TOKEN',
    platform: 'github',
    logLevel: 'debug',
    onboardingConfig: {
        extends: ['config:base'],
    },
    
    repositories: ['YOUR_USERNAME/YOUR_REPO_NAME`], // Can add more Repos with a comma
    renovateFork: true,
    gitAuthor: "YOUR_NAME <YOUR_EMAIL_ID>",
    username: "YOUR_GITHUB_USERNAME",
    onboarding: false,
    printConfig: true,
    requireConfig: false,
};

To add a GITHUB_ACCESS_TOKEN you need to generate one on your GitHub account.

On your GitHub profile, go to Settings, then go to Developer Settings, ****and then Personal Access Tokens. Finally, select Generate New Token. While generating a token, be sure to select the following scopes:

GITHUB_ACCESS_TOKEN generation

In the image above, the selected scopes give Renovate the ability to update dependencies and create pull requests in the defined repositories. Copy and save the token somewhere safe and add it with the rest of the config.js details.

With that done, you can now run Renovate by bind mounting the config.js file into the container:

$ docker run --rm -v "/path/to/your/config.js:/usr/src/app/config.js" renovate/renovate

In the above command:

  • The --rm tag tells Docker to remove the container when it exits automatically.
  • The -v tag maps the config.js in the path to the Renovate container.

Once the above command runs successfully, Renovate does its job of checking and updating dependency declaration files.

If you recall, Renovate supports various Docker definition files. So next, you will define a docker-compose.yml file to run the Renovate Docker image.

To learn more about self-hosting on Renovate, check out this documentation.

Defining Services in a docker-compose.yml File

In your Docker projects directory, create a docker-compose.yml file. Setup the docker-compose.yml file to look something like this:

version: '3.1'
services:
  app:
    container_name: <container_name>
    build: ./
    ports:
    - "8080:8080"

  AutomatingDependencyUpdates: // Renovate automation
      image: renovate/renovate
      volumes:
      - /path/to/your/config.js:/usr/src/app/config.js

For the AutomatingDependencyUpdates service, the image points to the Renovate Docker image and maps the config.js file using Docker volumes.

Now, when you run docker-compose up, the container starts up with all other defined services and does its job of automating dependency updates.

AutomatingDependencyUpdates starting up in a Java Docker project

If you've never used Docker Compose before, take a quick look at this introductory documentation.

Conclusion

In this article, you've seen how to automate dependency updates for Docker projects using a free tool by WhiteSource called Renovate. Also, you saw how to configure Renovate and use Docker Compose, which works in all environments: production, testing, staging, development, and CI workflows.

DockerGitHubCI/CD

Divine Odazie Twitter

Founder of EverythingDevOps. Consistency is key. That’s what Divine believes in, and he says he benefits from that fact, so he tries to be consistent in his doings. Divine is a Cloud Native DevRel.