Renovate Config Generator

Build a renovate.json for Renovate Bot without memorising the schema. Choose a base preset, set a schedule and timezone, enable automerge for safe updates, group minor and patch bumps into one PR, and tune labels and concurrency limits. The generator emits valid JSON with the config schema reference, ready to commit to your repository.

renovate.json

How to use the Renovate Config Generator

Start from a base preset — config:recommended suits most repositories, while config:best-practices adds stricter defaults like pinned dependencies. Set a schedule and timezone so Renovate opens PRs when they will not interrupt your day, and a concurrent PR limit so it does not flood the queue. The toggles add the most common packageRules: grouping minor and patch updates into a single PR, separating risky major releases, and optionally automerging the safe ones.

Copy the JSON into a renovate.json at the root of your repository (or .github/renovate.json). Commit it, and on the next run Renovate reads it and adjusts its behaviour. Automerge only takes effect when your branch protection and required status checks pass, so it is safe to enable for minor and patch updates while keeping majors manual.

What Renovate does

Renovate is a dependency-update bot. It scans a repository for manifests — package.json, requirements.txt, go.mod, Dockerfiles, GitHub Actions, Terraform, and dozens more — discovers newer versions of each dependency, and opens pull requests that bump them, complete with changelogs and release notes. It is the self-hostable, highly configurable alternative to GitHub's built-in Dependabot.

Behaviour is driven by a JSON config, usually renovate.json. The most important key is extends, which pulls in shareable presets so you inherit sensible defaults instead of writing everything by hand; config:recommended is the usual starting point. On top of that you layer settings: a schedule and timezone control when PRs appear, prConcurrentLimit caps how many are open at once, labels and assignees route them, and packageRules apply targeted overrides — grouping related packages, pinning versions, or automerging low-risk updates.

Two settings do most of the work in taming update noise. Grouping collapses many small minor and patch bumps into one combined PR, so you review and merge once instead of a dozen times. Automerge lets Renovate merge updates on its own once your CI checks pass — safe for patch and minor versions of trusted dependencies, and usually left off for majors, which can contain breaking changes. A dependency dashboard issue gives you a single place to see everything pending and trigger updates on demand.

Common use cases

  • Onboarding Renovate. Generate a sensible starting config instead of an empty file.
  • Reducing PR noise. Group minor and patch updates and schedule them off-hours.
  • Safe automation. Automerge low-risk updates while keeping majors manual.
  • Standardising repos. Apply the same labels, limits, and schedule across many projects.

Frequently asked questions

Where does renovate.json go?
In the repository root as renovate.json, or in .github/renovate.json, or .renovaterc.json. Renovate also reads a "renovate" key in package.json. The root renovate.json is the most common and what this tool targets.

What does extends do?
It imports shareable presets so you inherit maintained defaults rather than configuring everything yourself. config:recommended is the standard base; you then override specific behaviours with your own keys, which take precedence over the preset.

Is automerge safe?
For patch and minor updates of dependencies you trust, generally yes — Renovate only merges after your required status checks pass, so a broken update is caught by CI first. Major versions can introduce breaking changes, so most teams review those manually.

How is this different from Dependabot?
Both open dependency-update PRs. Renovate is far more configurable — richer grouping, scheduling, automerge, and many more ecosystems — and can be self-hosted, whereas Dependabot is simpler and built into GitHub. The config formats are different, so they are not interchangeable.

Does the schedule use my timezone?
Only if you set the timezone key, which this generator includes. Schedule phrases like "before 6am on monday" are then interpreted in that timezone; without it Renovate defaults to UTC.