DEV Community

Mark Tse
Mark Tse

Posted on

GitHub Action for Updating All NPM Dependencies at Once

My Workflow

I recently created a JavaScript GitHub Action that allows anyone to search Stack Overflow via an issue or pull request comment. To keep its dependencies up-to-date, I could turn to Dependabot, but they currently do not support grouped updates, which means if multiple dependencies require an update, I have to review each one individually.

Instead, I turned to an existing GitHub Action I've built, Update Node Dependencies. This action:

  • Uses npm-check-updates to update all dependencies to their latest version
  • Runs npm audit --fix to fix any remaining security issues (if any)
  • Does a package version bump (patch)
  • Uses hub to create a new pull request with these changes

Since I am using @zeit/ncc to build my JavaScript action, I also configured a pre-commit script to run to ensure all dependency updates make it into the code GitHub Actions runs (in dist/).

The workflow is scheduled to run weekly, but can also be manually triggered. I leave Dependabot security alerts turned on so that I am alerted of severe security issues and can respond to them immediately by manually triggering the workflow outside of its schedule.

All this put together means I can keep my dependencies up-to-date with only one pull request a week while still having the ability to respond to security issues immediately!

Submission Category:

Maintainer Must-Haves

Yaml File or Link to Code

name: Scheduled Node Dependencies Update (npm)
on:
  schedule:
    - cron:  '0 15 * * 2'
  workflow_dispatch:
jobs:
  update-deps:
    name: Update Node dependencies using npm
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2
      - uses: neverendingqs/gh-action-node-update-deps@master
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          bump-version: patch
          pre-commit-script: npm run build

GitHub logo neverendingqs / gh-action-ask-stackoverflow

Search Stack Overflow on issues and pull requests using this GitHub Action.

gh-action-ask-stackoverflow

Search Stack Overflow on issues and pull requests using this GitHub Action.

Usage

Set up a workflow to pull in this action:

on:
  issue_comment:
    types: [created]

jobs:
  ask-stackoverflow:
    runs-on: ubuntu-latest
    steps:
      - uses: neverendingqs/gh-action-ask-stackoverflow@master
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}

​‌‌​​‌​‌ ​‌‌‌​‌‌​ ​‌‌​​‌​‌ ​‌‌‌​​‌​ ​‌‌​​‌​‌ ​‌‌​‌‌‌​ ​‌‌​​‌​​ ​‌‌​‌​​‌ ​‌‌​‌‌‌​ ​‌‌​​‌‌‌ ​‌‌‌​​​‌ ​‌‌‌​​‌‌

Then search anything on Stack Overflow using the /so command, and the action will post back with the top 3 matching results, each with the top 3 answers.

Try it out by running the /so command on this issue or pull request!

Additional Resources / Info

Top comments (0)