Use the newest libraries and automatically update your dependencies
Whether it’s a personal project or your companies’ code base, updating dependencies and keeping versions up-to-date can be tedious. Save yourself, your team, and other developers time by automating the whole process!
Today we’re going to look at a way to automate dependency updates so you never have to think about updating them again.
Manually Updating Dependencies
Before we dive into automation, let’s look at a simple process I have used to manually update dependencies:
- Open your terminal in your project directory
- Run
npm outdatedto generate a list of outdated packages - Checkout a new feature branch that you’ll update dependencies on
git checkout -b muggleborn/update-deps - Run
npm update --saveto update packages or leverage a third-party tool to update packages likenpx npm-check-updates -u - Save and commit your changes, then push your branch to GitHub, and create a PR.
As of developer on the team tasked with maintaining dependencies and keeping them up-to-date, this simple process can be quite a time sink. How are you supposed to know new versions of libraries are released? What if your team has already ruled out updating a package, but a never developer joins the team and wastes several hours trying to update it?
Inspired by the questions above, and many others, I searched the web and discovered Renovate — the tool I’d like to talk about today.
Using Renovate to Automatically Update Dependencies
Renovate is a multi-platform and multi-language tool for automating dependencies.
Why use Renovate?
- Get pull requests to update your dependencies and lock files — supports auto-merging and rebasing to resolve merge conflicts.
- Reduce noise by scheduling when Renovate creates PRs and how many are created.
- You can customize the bot’s behavior with configuration files.
- Share your configuration with ESLint-like config presets.
- Supported on various platforms: GitHub (.com and Enterprise Server), Gitlab (.com and CE/EE), Bitbucket (Cloud and Server), and more.
- Open source.
What do PRs look like?
The section below contains images of PRs created by renovate. Note, the content displayed in your PRs is highly customizable.
Setting up Renovate for your Repository
In the section below I’ll describe how you can setup Renovate using GitHub actions for a repository. You can also install Renovate as a GitHub app, use the rennovate cli from npm, and more
Create a .github/renovate.json file in your repository which holds the renovate configuration. Note, the configuration shown below is as simple as it gets. Read the configuration options to learn more about all the configuration options available
{
"extends": [
"config:base"
]
}Create a .github/workflows/dependencies.yml file in your repository which holds the Github Renovate Action. The configuration below uses a cron timer to will run renovate every two hours, Monday — Friday.
name: Renovate# Controls when the workflow will run
on:
schedule:
- cron: '0 0/2 * * MON-FRI'
jobs:
# This workflow contains a single job called "rennovate"
renovate:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3.0.2 - name: Self-hosted Renovate
uses: renovatebot/github-action@v32.52.1
with:
configurationFile: .github/renovate.json
token: ${{ secrets.RENOVATE_TOKEN }}
env:
LOG_LEVEL: 'debug'
Generate a personal access token, with the repo:public_repo scope for only public repositories or the repo scope for public and private repositories, and add it to Secrets (repository settings) as RENOVATE_TOKEN. This token is only used by Renovate, see the token configuration, and gives it access to the repositories. The name of the secret can be anything as long as it matches the argument given to the token option.
If you want the option to manually run your GitHub action, I recommend using on: workflow_dispatch (instead of schedule: cron) as documented by GitHub.
Additional Resources
- https://crontab.guru/ — The quick and simple editor for cron schedule expressions
- https://docs.renovatebot.com/ — Renovate Documentation
