Renovate

CodeFloe runs an instance-wide Renovate bot that automatically keeps your dependencies up to date. It is managed by the renovate-operator and runs hourly at :30.

You can opt in by granting the bot access to your repositories, or you can run your own Renovate instance instead.

Opting In

Renovate automatically discovers all repositories that the renovate-bot user has access to.

1. Grant the renovate-bot user access to your repositories. The easiest way is to create a team containing the repos you want processed and add renovate-bot to it. If you grant renovate-bot administrator permissions, webhook support is enabled automatically (see Webhooks below).

2. Add a renovate.json to each repository. At minimum:

   {
     "$schema": "https://docs.renovatebot.com/renovate-schema.json"
   }

   The platform-wide defaults from codefloe/renovate-config are applied automatically. You can extend them with your own settings or reference your own config repo:

   {
     "$schema": "https://docs.renovatebot.com/renovate-schema.json",
     "extends": ["myorg/renovate-config"]
   }

Once discovered, Renovate will create a Dependency Dashboard issue in your repository and open pull requests for dependency updates according to the configured schedule and automerge rules.

Webhooks

By default, Renovate only runs on its hourly schedule. Webhooks allow it to react to events immediately — for example, when you check a checkbox on the Dependency Dashboard or edit a Renovate PR.

If renovate-bot has administrator permissions on your repositories (e.g. via a team with admin role), webhooks are created and maintained automatically by a sync job that runs hourly. No manual action is required.

Note

On GitHub, Renovate runs as a GitHub App which is granted webhook permissions automatically when you install it. Forgejo does not have an equivalent app model, so webhooks must either be created automatically by a user with admin permissions or added manually per repository.

Manual Webhook Creation

If you prefer not to grant admin permissions to renovate-bot, you can create the webhook manually:

1. Go to your repository’s Settings → Webhooks → Add Webhook → Forgejo.

2. Configure the webhook:

   • Target URL: https://forgejo-webhook.renovate.codefloe.com/webhook
   • HTTP Method: POST
   • Content Type: application/json
   • Secret: Ask a CodeFloe admin for the webhook secret.
   • Trigger On → Custom Events: Select Push, Issues, Issue Comment, and Pull Request.

3. Click Add Webhook.

The webhook proxy filters events so that only relevant ones (pushes, Dependency Dashboard edits, Renovate PR changes, issue comments) trigger a Renovate run for the affected repository.

Trust & Privacy

The bot is operated by CodeFloe admins, so the same trust policy applies as for private repositories stored on CodeFloe. CodeFloe admins have the permissions to potentially access any private repository. This also applies to the S3 bucket which stores the Renovate repository cache.

Note

If you have previously used the hosted Renovate bot on GitHub, trust concepts are similar: the GitHub bot also caches repository data and you trust the service operators not to misuse access.

Running Your Own Bot

If you prefer full control, you can run your own Renovate instance instead of using the platform bot.

Caution

When going this route, configure a dependency and repository cache. Without caching, Renovate will run slowly and put unnecessary load on CI runners.

Also consider your run frequency: a homelab with a few repos may only need daily runs, while a high-activity project benefits from more frequent scheduling.

Trade-offs

Running your own bot gives you full control over scheduling, on-demand runs, and repository access. However, you are responsible for maintaining the bot, managing caches, and creating a dedicated bot account if needed.