diff --git a/.github/dependabot.yml b/.github/dependabot.yml
deleted file mode 100644
index be33b8975f..0000000000
--- a/.github/dependabot.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-version: 2
-
-updates:
-  - package-ecosystem: github-actions
-    labels: [modifies/dependencies]
-    directory: /
-    schedule:
-      interval: daily
-    cooldown:
-      default-days: 5
diff --git a/.github/workflows/cron-renovate.yml b/.github/workflows/cron-renovate.yml
new file mode 100644
index 0000000000..a53062cd7d
--- /dev/null
+++ b/.github/workflows/cron-renovate.yml
@@ -0,0 +1,28 @@
+name: cron-renovate
+
+on:
+  schedule:
+    - cron: "0 1 * * *" # every day at 01:00 UTC
+  workflow_dispatch:
+
+jobs:
+  cron-renovate:
+    runs-on: ubuntu-latest
+    if: github.repository == 'go-gitea/gitea' # prevent running on forks
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/create-github-app-token@v1
+        id: get_token
+        with:
+          app-id: ${{ secrets.RENOVATE_APP_ID }}
+          private-key: ${{ secrets.RENOVATE_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: gitea # scope token to this repo only
+      - uses: actions/checkout@v6
+      - uses: renovatebot/github-action@v46
+        with:
+          configurationFile: renovate.json5
+          token: ${{ steps.get_token.outputs.token }}
+        env:
+          RENOVATE_PLATFORM_COMMIT: "true" # commit directly to branch to avoid API rate limits and for commit signing.
diff --git a/renovate.json5 b/renovate.json5
new file mode 100644
index 0000000000..f0c4696bd2
--- /dev/null
+++ b/renovate.json5
@@ -0,0 +1,8 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": ["config:recommended"],
+  "enabledManagers": ["github-actions"],
+  "labels": ["modifies/dependencies"],
+  "minimumReleaseAge": "5 days",
+  "branchPrefix": "renovate/",
+}