Example docker-compose to setup a fully self hosted Git, CI/CD and Docker Registry pipeline with renovate crontab command.

crontab.sh

#!/bin/sh

docker run --rm --name renovate \
  -e RENOVATE_PLATFORM=gitea \
  -e RENOVATE_ENDPOINT=https://gitea.url.com \
  -e RENOVATE_TOKEN="$RENOVATE_TOKEN" \
  -e RENOVATE_GIT_AUTHOR="Renovate Bot <bot@renovateapp.com>" \
  -e RENOVATE_AUTODISCOVERY=true \
  -e RENOVATE_ONBOARDING=true \
  -e RENOVATE_AUTODISCOVERYFILTER=johnnolan/* \
  -e LOG_LEVEL=debug \
  -v path/to/renovate/config.js:/usr/src/app/config.js \
  renovate/renovate:41.43-full

docker-compose.yml

services:

  # Gitea - self-hosted Git service
  gitea:
    image: gitea/gitea:1.24.3
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - DB_TYPE=sqlite3
      - WEBHOOK_ALLOWED_HOST_LIST=woodpecker.url.com
    volumes:
      - /path/to/gitea/data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"   # web UI
      - "22:22"     # SSH
    restart: unless-stopped

# Woodpecker CI server
  woodpecker-server:
    image: woodpeckerci/woodpecker-server:v3.8.0
    container_name: woodpecker-server
    environment:
      - WOODPECKER_OPEN=true
      - WOODPECKER_HOST=${WOODPECKER_HOST}
      - WOODPECKER_ADMIN=${WOODPECKER_ADMIN}
      - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}
      - WOODPECKER_GITEA=true
      - WOODPECKER_GITEA_URL=${WOODPECKER_GITEA_URL}
      - WOODPECKER_GITEA_CLIENT=${WOODPECKER_GITEA_CLIENT}
      - WOODPECKER_GITEA_SECRET=${WOODPECKER_GITEA_SECRET}
      - WOODPECKER_PLUGINS_PRIVILEGED=woodpeckerci/plugin-docker-buildx,woodpeckerci/plugin-docker
    volumes:
      - /path/to/woodpecker-server:/var/lib/woodpecker
    ports:
      - "8000:8000"
      - "9000:9000"
    depends_on:
      - gitea
    restart: unless-stopped

  # Woodpecker CI agent
  woodpecker-agent:
    image: woodpeckerci/woodpecker-agent:v3.8.0
    command: agent
    restart: always
    container_name: woodpecker-agent
    environment:
      - WOODPECKER_SERVER=${WOODPECKER_SERVER}
      - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}
    volumes:
      - /path/to/woodpecker-agent-config:/etc/woodpecker
      - /var/run/docker.sock:/var/run/docker.sock
    depends_on:
      - woodpecker-server

  # Docker registry for storing images
  registry:
    image: registry:3
    container_name: registry
    ports:
      - "5000:5000"
    volumes:
      - /path/to/registry/data:/var/lib/registry      
    environment:
      - REGISTRY_URL=${REGISTRY_URL}
      - REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin=[https://registerurl.com]
      - REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods=[HEAD,GET,OPTIONS,DELETE]
      - REGISTRY_HTTP_HEADERS_Access-Control-Allow-Credentials=[true]
      - REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers=[Authorization,Accept,Cache-Control]
      - REGISTRY_HTTP_HEADERS_Access-Control-Expose-Headers=[Docker-Content-Digest]
      - REGISTRY_STORAGE_DELETE_ENABLED=true
    restart: unless-stopped

  # Docker Registry UI for managing the registry
  registry-ui:
    image: joxit/docker-registry-ui:main
    container_name: registry-ui
    restart: always
    ports:
      - 80:80
    environment:
      - SINGLE_REGISTRY=true
      - REGISTRY_TITLE=Docker Registry UI
      - DELETE_IMAGES=true
      - SHOW_CONTENT_DIGEST=true
      - REGISTRY_URL=https://registerurl.com
      - SHOW_CATALOG_NB_TAGS=true
      - CATALOG_MIN_BRANCHES=1
      - CATALOG_MAX_BRANCHES=1
      - TAGLIST_PAGE_SIZE=100
      - REGISTRY_SECURED=false
      - CATALOG_ELEMENTS_LIMIT=1000
    depends_on: 
      - registry