{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreibvmwtpckjvb237rhc7vlea6npfnesvvcr3gf4iojbz4gibztpami",
"uri": "at://did:plc:wszrgoqdwy3i2dfeub2mt3wf/app.bsky.feed.post/3mftdwsjh7s22"
},
"coverImage": {
"$type": "blob",
"ref": {
"$link": "bafkreiajjkxtsfv62kcb4ee3qcwzx4uvmw6umwrb6w5mzfa3l5jy4luqzq"
},
"mimeType": "image/png",
"size": 78437
},
"description": "How to use Renovate and Vendir to periodically update vendored files which are out-of-sync between Git repos.",
"path": "/posts/2026/02/27/renovate-update-file/",
"publishedAt": "2026-02-27T08:47:13.000Z",
"site": "https://www.jvt.me",
"tags": [
"blogumentation",
"renovate",
"`oapi-codegen`",
"your generated code",
"GitHub Actions to check if the files are out-of-sync",
"using GitHub Actions to actually sync the files",
"the best at dependency management",
"biased",
"worked upstream with Renovate",
"a comment from past me",
"Vendir",
"the example repo from my GitHub Actions syncing workflow",
"in this PR",
"`lockFileMaintenance`",
"the limit of PRs that will be open concurrently",
"this example",
"rootly-go",
"a Host Rule"
],
"textContent": "For a few years, I've been trying to get a perfect workflow for keeping vendored files in sync between repos.\n\nEspecially with `oapi-codegen`, where it's our recommendation to vendor the OpenAPI specification and your generated code, there can be a bit of awkwardness in place to try and keep your copy of some other repo's OpenAPI spec in sync with yours.\n\nI've written before about how I've used GitHub Actions to check if the files are out-of-sync and using GitHub Actions to actually sync the files, but as ever I'm looking for better workflows.\n\nMy view is that if I can use Renovate for a task, I'll try to, as it's the best at dependency management, in my now more biased opinion.\n\nOver the years, before I joined Mend, I've worked upstream with Renovate to see if we can add a \"file sync manager\", but I'd never really managed to get the time from my employers to do so, despite it providing a tonne of value.\n\nNow I'm in a privileged position of being able to lead the roadmap of the project, and having much more context and understanding for Renovate, I sat down to look again at the \"file sync manager\" proposal, and see if I could chip away at it.\n\nI noticed a comment from past me about how Vendir may do what we want, but at the time didn't support the datasources we'd want (HTTP and Git/GitHub).\n\nWhen I looked into it this week, I was very happy to see that, actually, Vendir now does have support for HTTP and Git sources 👀\n\n## Setting it up\n\nI've updated the example repo from my GitHub Actions syncing workflow to use Renovate to sync OpenAPI specs from a private repo, which you can see in action in this PR.\n\nAs with my previous examples, let's say that we have a couple of OpenAPI specs in `jamietanna/example-github-actions-sync-files-private` that we want to sync with our repository.\n\nWe can set up a `vendir.yml` like so, and run a `vendir sync` to initialise everything:\n\n\n apiVersion: vendir.k14s.io/v1alpha1\n kind: Config\n directories:\n - path: internal\n contents:\n - path: private-apis\n git:\n url: https://github.com/jamietanna/example-github-actions-sync-files-private\n ref: origin/main\n includePaths:\n - api/**/*.yml\n - api/**/*.yaml\n\n\nNext, we want to make sure that Renovate periodically updates the files, using `vendir sync`.\n\nWithin the Vendir manager in Renovate, the terminology for this functionality is the `lockFileMaintenance` update type.\n\nWe can enable this with the following configuration:\n\n\n {\n \"$schema\": \"https://docs.renovatebot.com/renovate-schema.json\",\n \"lockFileMaintenance\": {\n \"enabled\": true,\n \"schedule\": [\n \"at any time\"\n ]\n }\n }\n\n\nThe `at any time` scheduling means that whenever Renovate runs, and it has the ability to create a new PR for updates (i.e. you're under the limit of PRs that will be open concurrently), it'll try and see if any updates come from `vendir sync`. This allows you to get updates sooner than later, rather than the default of receiving updates once a week.\n\n(There are some tweaks to this configuration that are out-of-scope for this post, like scoping `lockFileMaintenance` to only the Vendir manager, or to create a specific name for the PRs, or i.e. running `go generate ./...` after updating those OpenAPI specs)\n\nFor example, you'll now receive a PR like this example which is the result of running `vendir sync`, and shows updates to the OpenAPI specs in the repository, coming from the private repository.\n\nAlso of note is that the lockfile introduces commit message metadata so it knows where Vendir last synced from.\n\nThis works pretty nicely, and because it's now managed through Renovate, you can configure the PR description, grouping, post-update actions, and scheduling with much more control than having to write that logic yourself!\n\n## Other sources available\n\nYou'll notice that we're specifying a `ref` for the `git` option, but if we pin to a tag `version`, Renovate can update those tags (and then re-run `vendir sync`), so you can keep files in sync between releases.\n\nIt's also possible to use some of the other source types that Vendir supports - the HTTP backend, for instance, is what we'll be using with rootly-go in the future.\n\n## Caveats\n\n### Folder structure\n\nOne way with how Vendir works is that it must vendor files into a specific directory, as specified by the `path` fields.\n\nThis is a little awkward, if you already have a structure for where you want files to be, so you may want to symlink from the Vendir'd file to the location you want the file to be in.\n\n### Authentication needed\n\nAs long as Renovate has a Host Rule that allows it to authenticate to the private repository, you'll now see a PR like this example which is the result of running `vendir sync`.\n\n(Note that on the Mend-hosted, the way we configure these means that you need to - for the short-term - set a Host Rule for the repository you're trying to access, with a GitHub Personal Access Token)",
"title": "Automating the syncing of files between repos with Renovate and Venidr",
"updatedAt": "2026-02-27T08:47:13.000Z"
}