@jamietanna/renovate-graph v0.17.0
Renovate Data Exporter
A tool to export the dependency graph from Renovate, while not requiring repo onboarding to Renovate, and allows a straightforward means to discover your dependency tree.
Note If you're currently using Renovate already, this may not be worthwhile using as-is, and instead you could use the Renovate debug logs for this, which can still be imported using the dmd
CLI (v0.20.0 and above).
Usage
Install the package with:
# to invoke with `npm exec renovate-graph`
npm i @jamietanna/renovate-graph
# to invoke with `renovate-graph`
npm i -g @jamietanna/renovate-graph
A single repository
Running the following:
renovate-graph --token $GITHUB_COM_TOKEN jamietanna/jamietanna
Will create the file out/jamietanna-jamietanna.json
.
Autodiscovery (with a filter)
Running the following:
renovate-graph --token $GITHUB_COM_TOKEN --autodiscover --autodiscover-filter 'jamietanna/*'
Will create the files out/jamietanna-jamietanna
, out/jamietanna-disARM
, etc.
Using the local
platform
Since Renovate 35.76.0, it's been possible to use Renovate's local platform to run Renovate against a local directory, without requiring a full Git checkout.
From a directory - possibly without a .git
folder - you can then run:
env RG_LOCAL_PLATFORM=gitlab RG_LOCAL_ORGANISATION=jamietanna RG_LOCAL_REPO=jamietanna renovate-graph --platform local
This requires the following environment variables to ensure the metadata is correct:
RG_LOCAL_PLATFORM
: The platform that this local directory is forRG_LOCAL_ORGANISATION
: The organisation that this local directory is for. Can include a/
if a nested organisationRG_LOCAL_REPO
: The repository name that this local directory is forRG_EXCLUDE_REPOS
: A comma-separated list of repositories to exclude from the scanning. Must be an exact match, of the format$org/$repo
, i.e.jamietanna/jamietanna
orgitlab-org/sbom/generator
Specifying a directory for the data
By specifying the OUT_DIR
environment variable, we can tune where the output will go. For instance, running the following:
env OUT_DIR=../data renovate-graph --token $GITHUB_COM_TOKEN jamietanna/jamietanna
Will create the file ../data/jamietanna-jamietanna.json
.
Filtering the data into SQLite
The data can be converted to an SQLite format using the dmd
CLI.
Running as a GitHub App
To simplify the means to authenticate, as well as more easily discovering repositories that you wish to retrieve data from, this has support for running as a GitHub App.
The App needs to be created with the following permissions:
- Contents:
Read only
- Metadata:
Read only
Then, when running this, you will need to set the following environment variables:
RG_GITHUB_APP_ID='...'
RG_GITHUB_APP_KEY='-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEA4XmSD...'
RENOVATE_USERNAME='renovate[bot]'
RENOVATE_GIT_AUTHOR='Renovate Bot <29139614+renovate[bot]@users.noreply.github.com>'
# may only be required if you're using this as a library, not an executable
RG_GITHUB_APP_INSTALLATION_ID='...'
Additional configuration
There are also the following configuration options for further operability:
RENOVATE_REQUIRE_CONFIG
, or by settingrequireConfig
in yourconfig.js
orrenovate.json
, to tune as to whether to allow a repo's custom configuration should be used. This could be used to disable managers, therefore limiting the amount of data that can be retrieved byrenovate-graph
, but could also mean that customregexManagers
or otherwise are ignored. A value ofrequired
gets coerced toignored
.RG_DELETE_CLONED_REPOS=true
: After checking the dependency data for each repo, immediately delete it. This will slow execution of renovate-graph, but will allow running when using large repositories or against a large number of repositories and organisations that could lead to exhaustion of disk spaceRG_INCLUDE_UPDATES=true
: As well as parsing the dependency tree, also receive the list of updates that Renovate can see across your dependencies. This is opt-in as it can lead to considerably slower executions ofrenovate-graph
due to needing to hit the network much higher for dependency updates.
License
As this is heavily modified code from Renovate itself, this project is licensed in the same was as Renovate - AGPL-3.0.
4 months ago
10 months ago
10 months ago
7 months ago
6 months ago
7 months ago
12 months ago
1 year ago
12 months ago
1 year ago
12 months ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago