As promised in the last post, here is a new article over on the Velir blog. It is an in-depth introduction to using Renovate to keep your projects updated automatically and stay ahead of security issues - no matter if you are using Drupal, PHP, Go, NPM, Docker, Ruby or Rust (and many more).
I have had Renovate in use for a year now powering my personal site and a client site in GitLab and share a lot of the knowledge to get someone up and running with the tool. It will work with GitHub repositories as well, or Bitbucket, Azure, and others. I am also going to write a followup on Dependabot. Dependabot is GitHub only and not as robust, but still an option for managing dependency updates. We've been running Dependabot for four years, but I prefer Renovate so chose to write about that one first.
There has been a lot of talk around automated Drupal updates coming in Drupal 10 or paying for Acquia Code Studio to do the updates, but this suits us just fine and keeps modules and core up to date and tested in our environments for us automatically along with all the other benefits GitLab or GitHub provide.
All we have to do is smoke test, approve and deploy to production. Our local development stacks run our tailored vanilla docker-compose setup and Renovate is able to keep Docker images updated too (which is explained in the post) removing much of the toil across projects of just keeping them current and able to be worked on. It falls in line with our automated testing practices and acts like another member of the team which is very cool.
Check out the full article here: Automatically update Drupal and Docker images with Renovate & GitLab