[GitLab] Token rollover leads to new Dependency Dashboard

[odin568]

How are you running Renovate?

Self-hosted Renovate

If you're self-hosting Renovate, tell us which platform (GitHub, GitLab, etc) and which version of Renovate.

GitLab, always latest version of Renovate

Please tell us more about your question or problem

Following up from #12131

I have a self-hosted renovate pipeline which detects all relevant repositories by label and then runs as expected. I introduced it half a year ago.
For renovate to work it needs an access token. Here I use a generated "Group Access Token" on the most parent group, which includes all repositories to be managed by renovate.
This worked now fine for a while - until I had to do the mandatory access token rollover (as GitLab does not allow access tokens to be more than 1 year valid).

The only thing I can configure on the Access Token:

• Token name: Renovate-Bot
• Expiration date: 1 year
• Role: Maintainer
• Scopes: api, write_repository

This is my configuration. In the past, all MRs, commits were done by an artificial "user" called...

Renovate-Bot
@group_215_bot_130166db35b207056ecb947858abfc61

Now after secret rollover (I even reused the same "name" there is a new "user"...

Renovate-Bot
@group_215_bot_0c56f7a02e7c80288aee9faa06083360

So far this is not a problem. But with the new "user" implicitly introduced, the dependency dashboards were recreated (old ones were not touched) and of course all ignored/blocked MRs were re-created.

I looked through the documentation of renovate if there is something more to configure. I think renovate detects the dashboard issue by user - this does not work in this case.
An option would be to detect by the user name? Or setting a label?

This is the user details:

[
  {
    "id": 1076,
    "username": "group_215_bot_0c56f7a02e7c80288aee9faa06083360",
    "name": "Renovate-Bot",
    "state": "active",
    "locked": false,
    "avatar_url": "https://secure.gravatar.com/avatar/46fb4600456b9fc360cb610889c77fd553f13e592685ecba692df787c040873e?s=80&d=identicon",
    "web_url": "https://xxxxxxxxxxxx/group_215_bot_0c56f7a02e7c80288aee9faa06083360"
  }
]

Any ideas really appreciated as this causes quite some effort to clean up again :)

Thanks a lot!

Logs (if relevant)

Logs

 INFO: Repository started (repository=group-1/shared/utplsql-setup)
       "renovateVersion": "40.41.3"
 INFO: Dependency extraction complete (repository=group-1/shared/utplsql-setup, baseBranch=main)
       "stats": {
         "managers": {
           "gitlabci": {"fileCount": 1, "depCount": 1},
           "regex": {"fileCount": 1, "depCount": 1}
         },
         "total": {"fileCount": 2, "depCount": 2}
       }
 INFO: Issue created (repository=group-1/shared/utplsql-setup)
 INFO: Repository finished (repository=group-1/shared/utplsql-setup)
       "cloned": false,
       "durationMs": 20406