Renovate Collector
Parses Renovate config (renovate.json, .renovaterc, .renovaterc.json, or the renovate key in package.json). Slurps the full parsed config to .dep_automation.native.renovate and exposes normalized fields (extends, enabled managers) at .dep_automation.renovate for policy use.
renovate to your lunar-config.yml:uses: github://earthly/lunar-lib/collectors/renovate@v1.0.5
What This Integration Collects
This integration includes 1 collector that gather metadata from your systems.
config
Scans the repository for Renovate configuration in standard locations: renovate.json, .renovaterc, .renovaterc.json, or the "renovate" key in package.json. Writes the full parsed config verbatim to .dep_automation.native.renovate and extracts a normalized summary (extends, enabled managers) to .dep_automation.renovate for policies.
How Collectors Fit into Lunar
Lunar watches your code and CI/CD systems to collect SDLC data from config files, test results, IaC, deployment configurations, security scans, and more.
Collectors are the automatic data-gathering layer. They extract structured metadata from your repositories and pipelines, feeding it into Lunar's centralized database where guardrails evaluate it to enforce your engineering standards.
Learn How Lunar Works →Example Collected Data
This collector writes structured metadata to the Component JSON. Here's an example of the data it produces:
{
"dep_automation": {
"renovate": {
"valid": true,
"path": "renovate.json",
"extends": ["config:base", "group:recommended"],
"all_managers_enabled": true,
"enabled_managers": []
},
"native": {
"renovate": {
"extends": ["config:base", "group:recommended"],
"packageRules": [
{"matchUpdateTypes": ["minor", "patch"], "automerge": true},
{"matchPackagePatterns": ["^@types/"], "groupName": "type definitions"},
{"matchDepTypes": ["devDependencies"], "rangeStrategy": "pin"}
],
"schedule": ["before 9am on monday"],
"labels": ["dependencies"]
}
}
}
}Configuration
Configure this collector in your lunar-config.yml.
Inputs
| Input | Required | Default | Description |
|---|---|---|---|
paths
|
Optional |
renovate.json,renovate.json5,.github/renovate.json,.github/renovate.json5,.gitlab/renovate.json,.gitlab/renovate.json5,.renovaterc,.renovaterc.json,.renovaterc.json5,package.json
|
Comma-separated list of Renovate config file paths to check (first match wins). Default covers every location Renovate itself reads, across GitHub/GitLab/Bitbucket/ Azure DevOps and self-hosted installs — config location depends on SCM host, not CI environment. When the path is package.json, the collector extracts the top-level "renovate" key (and treats its absence as "not a renovate config" before moving on). |
Documentation
View on GitHubRenovate Collector
Parses Renovate configuration and writes both a normalized summary and the full raw config.
Overview
Scans the repository for Renovate configuration in every location Renovate itself reads. The full parsed config is slurped verbatim to .dep_automation.native.renovate for reference, and a small normalized summary (extends, enabled managers) is written to .dep_automation.renovate for the dep-automation policy. Config location depends on the SCM host (GitHub, GitLab, Bitbucket, Azure DevOps), not the CI environment.
Collected Data
When no Renovate config file is found, this collector writes nothing — object presence at .dep_automation.renovate is itself the signal that Renovate is configured. See collector-reference.md § Write Nothing When Technology Not Detected.
When a config file is found, this collector writes to the following Component JSON paths:
| Path | Type | Description |
|---|---|---|
.dep_automation.renovate.valid |
boolean | Whether the JSON config has valid syntax |
.dep_automation.renovate.path |
string | Path to the config file |
.dep_automation.renovate.extends |
array | Preset configuration names (e.g., config:base) — present when valid: true |
.dep_automation.renovate.all_managers_enabled |
boolean | Whether all package managers are enabled (default Renovate behavior) — present when valid: true |
.dep_automation.renovate.enabled_managers |
array | Explicitly enabled managers (empty if all enabled) — present when valid: true |
.dep_automation.native.renovate |
object | Full parsed Renovate config (verbatim JSON) — present when valid: true |
Collectors
| Collector | Description |
|---|---|
config |
Parses Renovate configuration for update settings |
Installation
Add to your lunar-config.yml:
collectors:
- uses: github://earthly/lunar-lib/collectors/renovate@v1.0.0
on: ["domain:your-domain"]
# with:
# paths: "renovate.json,.github/renovate.json" # Override default search paths
Default search paths
First match wins. When the match is package.json, the collector looks for a top-level renovate key; absence of that key is treated as "not a renovate config" before moving to the next path.
JSON5 support
.json5 / .renovaterc.json5 files are parsed after stripping line (//) and block (/* */) comments and trailing commas — the common JSON5 extensions Renovate users reach for. Unquoted object keys (also allowed by JSON5) are not supported; keys must be double-quoted.
| Path | When Renovate uses it |
|---|---|
renovate.json |
Any host |
renovate.json5 |
Any host |
.github/renovate.json |
GitHub-hosted repos |
.github/renovate.json5 |
GitHub-hosted repos |
.gitlab/renovate.json |
GitLab-hosted repos |
.gitlab/renovate.json5 |
GitLab-hosted repos |
.renovaterc |
Any host |
.renovaterc.json |
Any host |
.renovaterc.json5 |
Any host |
package.json (renovate key) |
Any host (fallback) |
Open Source
This collector is open source and available on GitHub. Contribute improvements, report issues, or fork it for your own use.
Common Use Cases
Explore guardrails that use data from Renovate Collector.
Ready to Automate Your Standards?
See how Lunar can turn your AGENTS.md, engineering wiki, compliance docs, or postmortem action items into automated guardrails with our 100+ built-in guardrails.
AI agent rules & prompt files
Post-mortem action items
Security & compliance policies
Testing & quality requirements