Consuming output from Renovate's reports
Although the recommended means to retrieve dependency graph information for the Renovate datasource is to use the renovate-graph, it is also possible to consume Renovate's report exports.
Note that this may result in suboptimal data collection
When using an existing Renovate setup, this is susceptible to missing data due to the way that Renovate is configured, for instance to require configuration, explicitly opting out a repository or limiting the enabledManagers, all of which will report different data to that of renovate-graph, which ignores any repo-specific configuration.
Note that this only supports an import from a local file-path, so if you are using reportType=s3 you will need to download the report first.
For instance, let's say that you are running Renovate against your repositories like so:
# newlines added for readability only
% npx renovate@latest \
--token $GITHUB_TOKEN \
--dry-run=lookup --onboarding false --require-config=ignored \
--report-type=file --report-path=renovate-report.json \
jamietanna/jamietanna deepmap/oapi-codegen
This would then produce a report such as (full dependency data omitted for brevity):
{
"problems": [
],
"repositories": {
"jamietanna/jamietanna": {
"branches": [
],
"packageFiles": {
"github-actions": [
{
"deps": [
{
"autoReplaceStringTemplate": "{{depName}}@{{#if newDigest}}{{newDigest}}{{#if newValue}} # {{newValue}}{{/if}}{{/if}}{{#unless newDigest}}{{newValue}}{{/unless}}",
"commitMessageTopic": "{{{depName}}} action",
"currentValue": "v2",
"currentVersion": "v2",
"currentVersionAgeInDays": 991,
"currentVersionTimestamp": "2022-02-09T11:59:04.000Z",
"datasource": "github-tags",
"depName": "actions/setup-go",
"depType": "action",
"fixedVersion": "v2",
"isSingleVersion": true,
"packageName": "actions/setup-go",
"registryUrl": "https://github.com",
"replaceString": "actions/setup-go@v2",
"sourceUrl": "https://github.com/actions/setup-go",
"updates": [
{
"branchName": "renovate/actions-setup-go-5.x",
"bucket": "major",
"newMajor": 5,
"newMinor": null,
"newPatch": null,
"newValue": "v5",
"newVersion": "v5",
"newVersionAgeInDays": 4,
"releaseTimestamp": "2024-10-24T03:39:31.000Z",
"updateType": "major"
}
],
"versioning": "docker",
"warnings": [
]
}
],
"packageFile": ".github/workflows/rebuild.yml"
}
]
},
"problems": [
]
},
"oapi-codegen/oapi-codegen": {
"branches": [
],
"packageFiles": {
"github-actions": [
{
"deps": [
],
"packageFile": ".github/workflows/ci.yml"
},
{
"deps": [
],
"packageFile": ".github/workflows/generate.yml"
},
{
"deps": [
],
"packageFile": ".github/workflows/lint.yml"
},
{
"deps": [
],
"packageFile": ".github/workflows/release-drafter.yml"
},
{
"deps": [
],
"packageFile": ".github/workflows/tidy.yml"
}
],
"gomod": [
{
"deps": [
],
"packageFile": "examples/authenticated-api/stdhttp/go.mod"
},
{
"deps": [
],
"packageFile": "examples/go.mod"
},
{
"deps": [
],
"packageFile": "examples/minimal-server/stdhttp/go.mod"
},
{
"deps": [
],
"packageFile": "examples/petstore-expanded/stdhttp/go.mod"
},
{
"deps": [
],
"packageFile": "go.mod"
},
{
"deps": [
],
"packageFile": "internal/test/go.mod"
},
{
"deps": [
],
"packageFile": "internal/test/strict-server/stdhttp/go.mod"
}
]
},
"problems": [
]
}
}
}
As of DMD v0.107.0, you can now import the file directly using dmd import renovate by providing the path to the resulting log file.
For instance:
dmd import renovate --db dmd.db renovate-report.json
Importing via log files does not discover the platform
When parsing via Renovate debug log files, it is not possible to discover the Platform which is used across dependency-management-data's database.
This is not of concern if you only have software across a single Git forge, but if you're running across multiple platforms you may need to post-process the data.
As of DMD v0.107.0, you can provide a --platform parameter to override this value, if you know which Platform the report is from.