Obligatory intro paragraph
Maintaining projects is hard. There is a ton to do, and often upgrading dependencies is neglected, or put on the back burner. It's hard to justify spending a few hours upgrading a bunch of libraries that already work. If you have ever had to go back and upgrade a few dozen (hundred??) dependencies that have been neglected for a few year(s), you know how much easier to keep up to date consistently.
A giant dependency upgrade is hard, a sure fire way to ship some bugs, and, in the meantime, you will probably be insecure. There are a lot of reasons to upgrade.
Forever ago, I discovered greenkeeper.io, which automatically creates pull requests for dependencies which when they get out of date. Unfortunately, it doesn't seem to play nice with Github actions. Maybe it does, IDK, I gave up on it. It occured to me, that this could be a simple github action... Does a premade one already exist? Yep... BRILLIANT.
Anytime you run this github action, a pull request is made to upgrade dependencies in your package.json files.
Get to the action!
...sorry, sometimes puns must be made
Lets install our github action:
- Create a personal access token, with repository access, and add it to your
secretsin the settings section of your github repository.- DO NOT LOSE THIS OR LET ANYONE SEE IT. Your access token is a second github password to your account.
-
The example recommends naming your secret
GITHUB_TOKEN. I named mine githubAccessToken, since the recommended name does not seem to be valid.
- Create a file in your repo,
.github/workflows/update_node_deps.yml.
Configuring your setup.
I used the yarn version, because I use yarn workspaces, and yarn upgrade will update all the packages as well.
- name: package-update
uses: taichi/actions-package-update@master
env:
AUTHOR_EMAIL: john@example.com
AUTHOR_NAME: John
EXECUTE: "true"
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
UPDATE_COMMAND: yarn
with:
args: upgrade --latest
Configuration for Action Packed React:
on:
schedule:
- cron: '0 9 * * *' # https://jasonet.co/posts/scheduled-actions/
name: Update
jobs:
package-update:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: set remote url
run: git remote set-url --push origin https://$GITHUB_ACTOR:${{ secrets.githubAccessToken }}@github.com/$GITHUB_REPOSITORY
- name: package-update
uses: taichi/actions-package-update@master
env:
AUTHOR_EMAIL: ericwooley@gmail.com
AUTHOR_NAME: Eric Wooley
EXECUTE: "true"
GITHUB_TOKEN: ${{ secrets.githubAccessToken }}
LOG_LEVEL: debug
UPDATE_COMMAND: yarn
with:
args: upgrade --latest --ignore-engines
It's mostly stolen from the readme, but it's mine, and I love it. Here is what I changed and why.
- Change
secrets.GITHUB_TOKEN->secrets.githubAccessToken - It's set to run on a schedule, of every morning at 9am. See this guide to cron with github
on:
schedule:
- cron: '0 9 * * *' # https://jasonet.co/posts/scheduled-actions/
- (optional) Use
yarn upgradeinstead of ncu, so that workspaces will be updated as well.
# ...
UPDATE_COMMAND: yarn # This says to use yarn as your upgrade tool.
with:
args: upgrade --latest --ignore-engines # extra args for yarn
# --latest means use the latest versions of the pages.
# ignore engines, means ignore which version of yarn is performing this upgrade.
That's it! Every day at 9:00am, you should get a pull request, which updates all your node dependencies. Make sure your running CI!
Top comments (0)