Skip to content

Automated Dependency Updates for Bundler

Categories: ruby

Renovate supports updating Bundler dependencies.

File Matching

By default, Renovate will check any files matching the following regular expression: /(^|/)Gemfile$/.

For details on how to extend a manager's managerFilePatterns value, please follow this link.

Supported datasources

This manager supports extracting the following datasources: rubygems, ruby-version.

Default config

{
  "managerFilePatterns": [
    "/(^|/)Gemfile$/"
  ],
  "versioning": "ruby"
}

Additional Information

Renovate uses the bundler manager to extract dependencies from Gemfile and Gemfile.lock files.

Authenticating private registry

If:

  • you need Bundler to authenticate to a private registry
  • and that private registry is not on the same host as Renovate (your GitHub/GitLab/etc)

Then you should authenticate Renovate with hostRules. For example:

{
  "hostRules": [
    {
      "matchHost": "private-registry.company.com",
      "hostType": "rubygems",
      "token": "abc123"
    }
  ]
}

Important notes:

  • hostType is a required field, set hostType=rubygems
  • If you use the same registry for more than one package type, you may need more than one hostRules entry
  • Instead of token, you can use a username and password

To avoid committing raw secrets to your repository, either:

  • If self-hosting: add the hostRules to your bot config file, instead of the repository configuration file, or
  • If using the Mend Renovate App: use the encrypted config option