- Rust toolchain (stable, 1.75+) — install via rustup
- A GitLab personal access token with
apiscope (orread_apifor dry-run only) - Network access to your GitLab instance and relevant container/Helm registries
git clone https://github.com/wellington/reforge
cd reforge
cargo build --release
# Binary is at target/release/reforgedocker pull ghcr.io/wellington/reforge:latest# reforge.toml
[gitlab]
url = "https://gitlab.example.com"
[scan]
projects = ["my-group/my-repo"]export REFORGE_TOKEN=glpat-xxxxxxxxxxxxxxxxxxxxreforge --dry-runThis prints what updates would be created without touching your GitLab instance.
reforgeReforge will:
- Open one merge request per dependency that has a newer version available
- Create or update a Dependency Dashboard issue listing all pending updates
- Skip any dependency that already has an open reforge MR
reforge [OPTIONS]
Options:
--config <PATH> Path to config file [default: reforge.toml]
--repo <REPO> GitLab project path (overrides config)
--dry-run Print proposed changes without creating MRs
--log-level <LEVEL> Log verbosity: error, warn, info, debug, trace [default: info]
--token <TOKEN> GitLab API token (prefer env: REFORGE_TOKEN)
--gitlab-url <URL> GitLab instance URL (prefer env: REFORGE_GITLAB_URL)
--json Output dry-run results as JSON
--local-path <PATH> Path to a local git checkout (enables local mode)
--no-dashboard Disable the Dependency Dashboard issue
| Variable | Description |
|---|---|
REFORGE_TOKEN |
GitLab personal access token |
REFORGE_GITLAB_URL |
GitLab instance base URL |
RENOVATE_TOKEN |
Accepted as a fallback for REFORGE_TOKEN |
RENOVATE_GITLAB_URL |
Accepted as a fallback for REFORGE_GITLAB_URL |
GITHUB_TOKEN |
GitHub token for fetching release changelogs |
- Read the Configuration Reference for the full set of options.
- Learn how Managers detect dependencies in your files.
- Set up a GitLab CI scheduled pipeline to run reforge automatically.