How to restrict Renovate so that it only looks at private repositories

[VladimirMikov]

How are you running Renovate?

Self-hosted Renovate

If you're self-hosting Renovate, tell us which platform (GitHub, GitLab, etc) and which version of Renovate.

Azure using latest docker image version

Please tell us more about your question or problem

Currently we're running Renovate through an Azure DevOps pipeline that runs it as a docker image. Due to security requirements we need to store any and all docker images in our private repository after our security team has performed a scan.

As it stands adding our private repo as one that Renovate scans is not an issue, the problem I encounter is that no matter what setting I've tried using it also checks public repositories as well and subsequently opens PRs when newer versions are available publicly.

I've gone through the documentation a few times but I can't find any way to restrict or disable certain repositories from ever being scanned. Any suggestions would be greatly appreciated!

Logs (if relevant)

Logs

Replace this text with your logs, between the starting and ending triple backticks

[rarkins]

What settings have you tried? Copy/paste your "preferred" attempt here.

You most likely can use https://docs.renovatebot.com/configuration-options/#defaultregistryurls and configure it to your private registry, but you haven't provided enough details for me to be sure

[VladimirMikov]

Thanks, I'll give that a shot!

Apologies for not including my config, completely slipped my mind. Here's what I was working with in my renovate.json for the PoC setup:

  "extends": ["config:base"],
  "regexManagers": [
    {
      "fileMatch": [".*/values\\.yaml$"],
      "matchStrings": [
        "envoy:\\s*image:\\s*server:\\s*(?<server>.*?)\\s*name:\\s*(?<name>.*?)\\s*tag:\\s*v?(?<currentValue>\\d+\\.\\d+\\.\\d+)"
      ],
      "datasourceTemplate": "docker",
      "depNameTemplate": "{{{server}}}/{{{name}}}",
      "versioningTemplate": "docker"
    }
  ],
  "ignoreDeps": ["cilium", "bitnami"],
  "reviewers": ["team:infra-reviewers"],
  "baseBranches": ["corp"],
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "hostRules": [
    {
      "hostType": "azure",
      "matchHost": "mycompany.azurecr.io",
      "username": "{{ env.RENOVATE_USERNAME }}",
      "password": "{{ env.RENOVATE_PASSWORD }}"
    }
  ],
  "packageRules": [
    {
      "matchDatasources": ["docker"],
      "registryUrls": ["https://mycompany.azurecr.io"],
      "enabled": true
    }
  ]
}

[VladimirMikov]

Looks like I either misconfigured it, or it's not working. I replaced this "packageRules" block in my original config but it opened PRs with packages from bitnami instead, which it wasn't doing with the config above.

The company url is just a placeholder.

  "packageRules": [
    {
      "matchDatasources": ["dockerfile"],
      "defaultRegistryUrls": [
        "https://mycompany.azurecr.io"
      ]
    }
  ]

[github-actions[bot]]

Hi, please format any copy/pasted code or logs so they're readable.

You can find a Markdown code formatting guide here as well as some GitHub-specific information formatting code blocks here.

Thanks, the Renovate team