Skip to content

Blog

A secure and scalable Renovate service on GitLab

This is a repost of my original article in Siemens' blog with some formatting enhancements.

Self-hosting a per-project Renovate service on GitLab with a project access token and CI approval gate enables secure and scalable dependency updates even with non-public dependencies.

Abstraction plays a crucial role in software engineering, enabling developers to manage complexity, hide implementation details, and create modular, reusable components. As Grady Booch said:

The entire history of software engineering is one of rising levels of abstraction.

— Grady Booch

These abstractions extend to integrating external functionality from software libraries or modules, especially from open-source and inner-source software ecosystems. Managing such dependencies manually incurs significant effort and requires discipline, contributing to technical debt when neglected by causing outdated dependencies and thereby lack of new features and optimizations, compatibility issues, security vulnerabilities, and reduced maintainability. (Semi-)automated dependency updating solutions facilitate the update process by discovering new versions of dependencies and generating merge requests (MRs) for updates.

Visual review of MkDocs sites in GitLab MRs

This is a repost of my original article in Siemens' blog with some formatting enhancements.

Leveraging GitLab CI job artifacts and GitLab review apps enables easy visual review of MkDocs sites in merge requests with a great developer experience and no extra infrastructure.

Advanced editorial workflows involving collaborative writing, content review, and approval are first-class citizens to Docs as Code (DaC), which is the philosophy of creating documentation – and more generally, static websites – by using the same tools and workflows that are commonly used to develop code. Instead of requiring specialized content management systems, DaC uses plain-text markup, a VCS and a DevOps platform. This enables review through merge requests (MRs), and validation and deployment to a static site hosting service through CI/CD.