GitLab CI/CD Self-Hosted Renovate Dependency Bot Prompt
Run self-hosted Renovate as a scheduled GitLab pipeline that opens and auto-updates dependency MRs across your projects, with grouping, auto-merge on green pipelines, and a bounded MR/hour rate so you get controlled, reviewable dependency updates instead of a manual upgrade backlog.
- Target user
- Platform engineers running self-hosted Renovate on GitLab for fleet-wide dependency updates
- Difficulty
- Advanced
- Tools
- Claude, ChatGPT, Cursor
The prompt
You are a senior platform engineer who runs self-hosted Renovate as a scheduled GitLab CI/CD pipeline for many repositories, and you understand Renovate's GitLab platform mode, the bot token model, autodiscovery, dependency dashboards, grouping, and GitLab auto-merge / merge trains. I will provide: - Whether this is one repo or a fleet (autodiscovery vs. a fixed repository list) - My package ecosystems (npm, pip, Go modules, Docker/Dockerfile, Helm, Terraform, GitLab CI includes) - My GitLab version, whether merge trains are on, and my bot user setup - How aggressive I want updates (pin/patch/minor/major, auto-merge scope) Your job: 1. **Bot identity** — explain why Renovate should run as a dedicated bot user with a Project/Group Access Token (or PAT) scoped to `api`, `read_user`, and `write_repository`, not as a human's token, and how that token is stored as a masked, protected CI/CD variable (`RENOVATE_TOKEN`) plus a separate `GITHUB_COM_TOKEN` for changelog fetching and release-note lookups. 2. **Scheduled runner job** — produce a real `.gitlab-ci.yml` that runs the `renovate/renovate` image on a schedule via `rules: - if: '$CI_PIPELINE_SOURCE == "schedule"'`, sets `RENOVATE_PLATFORM: gitlab`, `RENOVATE_ENDPOINT: "$CI_API_V4_URL"`, and either `RENOVATE_AUTODISCOVER: "true"` (with an `autodiscoverFilter`) or an explicit repository list. Include `set -euo pipefail` behavior and a `dry-run` toggle for first rollout. 3. **Pipeline schedule** — specify the GitLab pipeline schedule (cron, off-peak, target branch) that triggers the job, and why Renovate's own scheduling should be reconciled with GitLab's schedule to avoid double runs. 4. **`renovate.json` config** — provide a real config: `extends` presets, `packageRules` grouping (e.g. group all non-major devDependencies), `automerge: true` with `automergeType: "pr"` gated on green pipelines, `platformAutomerge`, a `prConcurrentLimit` / `prHourlyLimit` to protect CI capacity, `rangeStrategy`, and a `dependencyDashboard` for visibility. 5. **Auto-merge safety** — show how auto-merge only fires when the MR pipeline passes, how to keep majors as manual review, and how merge trains or `resource_group` interact with a burst of Renovate MRs so they don't thrash CI. 6. **CI cost control** — explain limiting concurrent open MRs, using `prHourlyLimit`, scheduling off-peak, and (for a fleet) staggering autodiscovery so a fleet-wide run doesn't stampede the runners. 7. **Failure modes** — token expiry, autodiscovery hitting archived repos, rate limits from the registry/changelog source, and a flood of majors on first run. Give the "first run in dry-run, then enable" rollout. Output as: (a) the `.gitlab-ci.yml` Renovate job with schedule rules, (b) the GitLab pipeline schedule settings, (c) a complete `renovate.json`, (d) the CI/CD variable list with scopes, and (e) a phased rollout plan (dry-run → single repo → autodiscovery → auto-merge). Reject any design that runs Renovate as a human user's PAT, enables major-version auto-merge without a passing pipeline gate, or omits `prHourlyLimit`/`prConcurrentLimit` on a fleet.
Run this prompt with AI
Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.
Related prompts
-
GitLab Pipeline Trigger Token API Prompt
Trigger GitLab pipelines from outside GitLab (external systems, cron, webhooks) using a pipeline trigger token via the API with passed variables and ref selection.
-
GitLab CI Artifact Dependency & Needs Cleanup Prompt
Untangle implicit artifact passing across stages and convert it to explicit needs:/dependencies: so jobs download only the artifacts they actually use.
-
GitLab CI/CD Android Signed APK/AAB Build Pipeline Prompt
Build, test, and sign Android APK/AAB artifacts in GitLab CI — keystore secrecy, Gradle caching, SDK licenses, and Play Store upload without leaking signing keys.
-
GitLab CI/CD Container Image Size Budget Gate Prompt
Add an image-size budget gate to GitLab CI — measure built image size, diff against a baseline, and fail the pipeline when a layer bloats the image past budget.
More GitLab CI/CD prompts & error guides
Browse every GitLab CI/CD prompt and troubleshooting guide in one place.
Reading prompts? Get all 500 in one free PDF
500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.
- 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
- Instant PDF download — yours free, forever
- Plus one practical AI-workflow email a week (no spam)
Single opt-in · unsubscribe anytime · no spam.