Skip to content



You can authenticate Renovate to GitLab, with a Personal Access Token, or Group Access Token.

To start, create either:

The bot account must have at least the Developer role in order to create issues and merge requests. If you are using automerge, the bot account must have the appropriate "Allowed to merge" permission on the protected branch of your projects. If merging is restricted to Maintainers, the bot account must have the Maintainer role.

If you are using a group access token, to keep using the same GitLab-generated bot user you must rotate/refresh the Group Access Token before the token's expiry date.

We refer to personal access tokens and group access tokens as access tokens in the instructions that follow.

For real runs, give the access token these scopes:

For dry runs, give the access token these scopes:

Let Renovate use your access token by doing one of the following:

  • Set your access token as a token in your config.js file
  • Set your access token as an environment variable RENOVATE_TOKEN
  • Set your access token when you run Renovate in the CLI with --token=

Remember to set platform=gitlab somewhere in your Renovate config file.

If you're using a private GitLab container registry, you must:

  • Set the RENOVATE_HOST_RULES CI variable to [{"matchHost": "${CI_REGISTRY}","username": "${GITLAB_USER_NAME}","password": "${RENOVATE_TOKEN}", "hostType": "docker"}].
  • Make sure the user that owns the access token is a member of the corresponding GitLab projects/groups with the right permissions.
  • Make sure the access token has the read_registry scope.

You may want to set FORCE_COLOR: 3 or TERM: ansi to the job, in order to get colored output. GitLab Runner runs the container’s shell in non-interactive mode, so the shell’s TERM environment variable is set to dumb.

Features awaiting implementation

  • The automergeStrategy configuration option has not been implemented for this platform, and all values behave as if the value auto was used. Renovate will accept the Merge Request without further configuration, and respect the strategy defined in the Merge Request, and this cannot be overridden yet

Server version dependent features

We use the GitLab version API to fetch the server version. You can use the experimental feature flag RENOVATE_X_PLATFORM_VERSION to set a specific server version. By setting the server version yourself, you save a API call that fetches the server version.

  • Use Draft: MR prefix instead of WIP: prefix since v13.2.0
  • Do not truncate Markdown body to 25K chars since v13.4.0
  • Allow configure reviewers since v13.9.0

Multiple merge request assignees

Due to licensing restrictions multiple assignees are only available in GitLab Premium self-managed, GitLab Premium SaaS, and higher tiers. Because of a safeguard in GitLab's API if multiple assignees are set, but not available to the project, only the first assignee will be applied.

Open items

The below list of features and bugs were current when this page was generated on July 17, 2024.

Feature requests

  • Release notes: Massage !123 markdown-links for GitLab platform - like Github #29934
  • GitLab CODEOWNERS: support for default section owner #29202
  • GitLab: Skip author filtering when group or project tokens are in use #28997
  • Support GitLab CI templates #24567
  • Use GitLab platform token for container registry #17940
  • Set assignees on PR creation for better Gitlab webhook events #17620
  • Warning as thread instead of regular note for GitLab #15985
  • Implement the explicit automergeStrategy for the Gitlab platform. #10870
  • Assign GitLab MRs on creation and not as update #9252
  • Conflict between Gitlab @ mentions feature and Fix Renovate Configuration issue #8030
  • Support GitLab "merge trains" #5573
  • Feature request: GitLab forkMode #840

Bug reports

  • Package lookup fails with Golang submodules In #28540
  • Wrong changelog API query when using self-hosted GitLab server with host prefix #24512