This repository contains a Github action workflow template that will make creating dependency upgrade pull-requests in multiple Github repositories as easy as clicking a button.
You can read about Github actions here.
- The workflow is initiated by a push of a
Run workflowbutton found on actions page. - Inputs are provided to the workflow eg. dependency names, repository names.
- Workflow will upgrade dependencies in each provided repository in an isolated separate (parallel) job.
- Job checks out the default branch, usually
mainormasterbut detected automatically. - Job checks if provided branch name is in use upstream, if so error is logged and job does not proceed.
- Job checks whether provided dependencies exist in
package.jsonfile. If none of the provided dependencies are found, job does not proceed. - Job checks if whether dependencies are outdated in
package.json. If none are outdated, does not proceed. - Job checks out a new feature branch which name is provided by the workflow input.
- Job runs
yarn add <dependency names>to updatepackage.jsonandyarn.lockfiles. - If there are un-committed changes, the job commits with
chore: (auto)upgrade <dependency names>message and pushes changes to the upstream repository. Does not proceed if change set is empty. - Job creates pull-request if push step was successful. Sets PR title(same as commit message), labels and assigns the user that started the workflow. You can see the PR URL logged in the workflow summary.
- Job checks out the default branch, usually
And this is the finished workflow result:
Follow these simple instructions to set up a workflow inside your Github repository.
Or just click on the Actions tab inside your repository and then New workflow -> set up a workflow yourself.
After which you may copy-paste the workflow template contents into the online editor for and commit the changes.
This workflow requires two kind of secrets saved under Github organization or repository*:
*NOTE: Setting secrets require Github admin permissions.
GH_TOKENwhich is a Github'sPersonal access tokenwithreposcope defined. You can create your token in the settings.NPM_TOKENwhich is a npmjsread-onlyaccess token to access public and private packages inside NPM registry.
The action run prompt will require you to fill in these inputs:
| Name | Required | Description | Default value | Example |
|---|---|---|---|
| dependencies-to-update | true |
JSON array string with dependencies to update | ["rimraf", "typescript"] |
| repositories-to-update | true |
JSON array string with repositories to update | ["org/repo-name", "org/another-repo"] |
| dry-run | false |
Run without git push and PR? | true |
| branch-name | false |
Branch from which the PR is made | auto_upgrade_dependencies |
| labels | false |
Labels that are attached to pull-request | dependencies, actions, bot |
You can see that there is an example workflow set up in this repository.
You are able to see the workflow runs here.
This workflow is targeting two dummy repositories created to illustrate the outcome:
Under pull-requests you'll be able to see the PR-s this example workflow has created.
GitHub Actions usage is free for both public repositories and self-hosted runners. For private repositories, each GitHub account receives a certain amount of free minutes and storage, depending on the product used with the account. Any usage beyond the included amounts is controlled by spending limits.