Keeping up with dependencies can be a pain. That is especially true if you build a tool that heavily relies on some library. If that library changes in a major way, you’ll have to be quick with updating or risk issues piling up.
But how can you efficiently keep track of dependency updates?
Scheduled GitHub Actions
I’ve found GitHub Actions to be a simple, yet effective, solution for that particular problem.
A small workflow that runs on a schedule and checks if there are outdated dependencies does the job. I use something like this for reveal.js-starter to get notified when a new reveal.js version is released:
name: Check Outdated on: schedule: - cron: "0 12 * * 1" jobs: check_updates: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/[email protected] - name: Install npm run: npm install - name: Check outdated run: npm outdated reveal.js
If you are thinking “Well, that doesn’t look hard” - you are right. And isn’t that nice?
There isn’t a lot for me to cover here, but let’s go over the interesting parts real quick.
on: schedule: - cron: "0 12 * * 1"
Here we specify when our action should run. Consult the official documentation for details, but I’ve found checking dependencies each Monday at noon to work quite nicely.
- name: Check outdated run: npm outdated reveal.js
npm offers a simple command to check if any dependency is outdated (based on your current lock file). The nice thing here is that this command will return with exit code
1 if newer versions were detected. As a result, the GitHub Action will fail without us needing to do anything else. Easy!
name: Check Outdated on: schedule: - cron: "0 12 * * 1" jobs: check_updates: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/[email protected] - name: Set up ruby uses: ruby/[email protected] with: ruby-version: 3.0.0 bundler-cache: true - name: Check Outdated run: | bundle config unset deployment bundle outdated rails
Now, I’ve kept these actions very simple. Of course, there are tons of things you can improve upon! Customizing how notifications are sent or only failing when a new major version is released are things that come to mind.
What do you think? Let me know if you’ve encountered other interesting uses for GitHub actions