GitLab Group Access Token Rotation #28736
Replies: 6 comments 14 replies
-
I was looking for an answer to the same question. Is there some configuration value so that the Renovate bot recognizes the existing dependency dashboard issue and uses that instead? I also saw behavior that appeared like it would ignore any previously closed MRs for a dependency, and re-open them. I assume this is because it only treats MRs the same user opened that were closed as ignored updates. Is this behavior also configurable such that it recognizes closed dependency MRs from other users? |
Beta Was this translation helpful? Give feedback.
-
Renovate by default asks the server to filter issues and PRs by its own author/account for efficiency reasons. Some repos have 10s of 1000s which don't belong to the bot, and they'd need to be downloaded. If you set |
Beta Was this translation helpful? Give feedback.
-
Came here for the exact same reason. My org's group access token is expiring soon and when we tried rotating it, Dependency Dashboards were being opened as duplicate issues in our projects. We have looked at setting |
Beta Was this translation helpful? Give feedback.
-
Can Renovate determine that a GitLab token is a group access token by looking at its string? e.g. it always starts with group_ ? We might want to add some intelligence to drop the author-based filtering of Issues and MRs if we find a group access token being used. |
Beta Was this translation helpful? Give feedback.
-
I stumbled upon this yesterday when taking a look at new changes in Renovate. It so happened that today our group access token on GitLab for our Renovate Bot expired. I was worried about the issue described here. I ended up rotating the token itself via GitLab's API (https://docs.gitlab.com/ee/api/group_access_tokens.html#rotate-a-group-access-token) which keeps the user that GitLab generated for this bot originally and creates a new access token for this user. I did a test run with Renovate using this new token and it was able to continue as before (updating existing MRs and the existing dependency dashboard issue). |
Beta Was this translation helpful? Give feedback.
-
What would you like help with?
I would like help with my configuration
How are you running Renovate?
Self-hosted
If you're self-hosting Renovate, tell us which platform (GitHub, GitLab, etc) and which version of Renovate.
GitLab, renovate-runner v17.196.0, renovate v37.327.2
Please tell us more about your question or problem
Hello,
We are self-hosting the GitLab renovate-runner and using a group access token. We recently rotated the group access token as the previous one about to expire and in doing so we noticed that a new dependency dashboard was created in each repo and any previous ignored/blocked MRs were reopened. I suspect this is due to
as mentioned in the gitlab docs, but I was curious if there's anything we can do to help smooth this out the next time we need to rotate the token? For example, is there a way to get the runner to detect that a dependency dashboard already exists (even though it was created by a previous renovate bot) and use that instead of creating a new one?
Logs (if relevant)
Logs
Beta Was this translation helpful? Give feedback.
All reactions