My Workflow
I recently created a JavaScript GitHub Action that allows anyone to search Stack Overflow via an issue or pull request comment. To keep its dependencies up-to-date, I could turn to Dependabot, but they currently do not support grouped updates, which means if multiple dependencies require an update, I have to review each one individually.
Instead, I turned to an existing GitHub Action I've built, Update Node Dependencies. This action:
- Uses npm-check-updates to update all dependencies to their latest version
- Runs
npm audit --fix
to fix any remaining security issues (if any) - Does a package version bump (
patch
) - Uses hub to create a new pull request with these changes
Since I am using @zeit/ncc to build my JavaScript action, I also configured a pre-commit script to run to ensure all dependency updates make it into the code GitHub Actions runs (in dist/
).
The workflow is scheduled to run weekly, but can also be manually triggered. I leave Dependabot security alerts turned on so that I am alerted of severe security issues and can respond to them immediately by manually triggering the workflow outside of its schedule.
All this put together means I can keep my dependencies up-to-date with only one pull request a week while still having the ability to respond to security issues immediately!
Submission Category:
Maintainer Must-Haves
Yaml File or Link to Code
name: Scheduled Node Dependencies Update (npm)
on:
schedule:
- cron: '0 15 * * 2'
workflow_dispatch:
jobs:
update-deps:
name: Update Node dependencies using npm
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: neverendingqs/gh-action-node-update-deps@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
bump-version: patch
pre-commit-script: npm run build
neverendingqs / gh-action-ask-stackoverflow
Search Stack Overflow on issues and pull requests using this GitHub Action.
gh-action-ask-stackoverflow
Search Stack Overflow on issues and pull requests using this GitHub Action.
Usage
Set up a workflow to pull in this action:
on:
issue_comment:
types: [created]
jobs:
ask-stackoverflow:
runs-on: ubuntu-latest
steps:
- uses: neverendingqs/gh-action-ask-stackoverflow@master
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
Then search anything on Stack Overflow using the /so
command, and the action will post back with the top 3 matching results, each with the top 3 answers.
Try it out by running the /so
command on this issue or pull request!
Top comments (0)