-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Setup Weekly Automation to Update @actions/github #498
Conversation
create automation to update Octokit
Update Octokit dependencies
Why don't you use the Dependabot? Just curious. (For updating multiple dependencies at one time?) |
if: ${{steps.status.outputs.createPR}} | ||
uses: actions/github-script@v2 | ||
with: | ||
github-token: ${{secrets.GITHUB_TOKEN}} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fyi, it looks like you could omit github-token: ...
since ${{ github.token }}
is the default
.github/workflows/update-github.yaml
Outdated
git checkout -b bots/updateGitHubDependencies-${{github.run_number}} | ||
git add . | ||
git commit -m "Update Dependencies" | ||
git push --set-upstream origin bots/updateGitHubDependencies-${{github.run_number}}; fi |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should fi
be on it's own line? (strange style, since multiline block)
- name: Update Octokit | ||
working-directory: packages/github | ||
run: | | ||
npx npm-check-updates -u --dep prod |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- consider
--upgrade
instead of-u
(long form for readability in scripts, short form for interactive terminal) - is it fragile to assume
npm-check-updates
is installed globally? - curious whether considered running npm update commands instead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Great Idea, I'll update it
- npx will install items if they don't exist in path
- Update respect semver, which is nice, but
npm-check-updates
will create a new pr will notify for new major versions. Even if the PR isn't perfect (the new version isn't compatible), the pr will act as a notification that we need to do something!
- cron: '0 18 * * 0' | ||
|
||
jobs: | ||
UpdateOctokit: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
will forks inherit this cron workflow? Should we add a job-condition so it doesnt run on forks?
.github/workflows/update-github.yaml
Outdated
|
||
on: | ||
schedule: | ||
- cron: '0 18 * * 0' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you add a comment in code, what this cron syntax means? According to https://crontab.guru/#0_18_*_*_0
it means: "At 18:00 on Sunday"
Co-authored-by: Shohei Ueda <30958501+peaceiris@users.noreply.github.com>
Update Octokit dependencies
"@actions/http-client": "^1.0.8", | ||
"@octokit/core": "^3.0.0", | ||
"@octokit/plugin-paginate-rest": "^2.2.3", | ||
"@octokit/plugin-rest-endpoint-methods": "^4.0.0" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lots of changes to actions api here, going to release a new major version:
https://github.com/octokit/plugin-rest-endpoint-methods.js/releases/tag/v4.0.0
This automation will create a PR when any of the prod dependencies in actions/github have been updated. This should simplify the process of keeping the action up to date with octokit releases.
Also included is a bump to the versions of these dependencies, created by the automation.
It runs every sunday at 18:00 UTC