Setup Weekly Automation to Update @actions/github #498
Conversation
create automation to update Octokit
Update Octokit dependencies
|
Why don't you use the Dependabot? Just curious. (For updating multiple dependencies at one time?) |
| if: ${{steps.status.outputs.createPR}} | ||
| uses: actions/github-script@v2 | ||
| with: | ||
| github-token: ${{secrets.GITHUB_TOKEN}} |
There was a problem hiding this comment.
fyi, it looks like you could omit github-token: ... since ${{ github.token }} is the default
.github/workflows/update-github.yaml
Outdated
| git checkout -b bots/updateGitHubDependencies-${{github.run_number}} | ||
| git add . | ||
| git commit -m "Update Dependencies" | ||
| git push --set-upstream origin bots/updateGitHubDependencies-${{github.run_number}}; fi |
There was a problem hiding this comment.
should fi be on it's own line? (strange style, since multiline block)
| - name: Update Octokit | ||
| working-directory: packages/github | ||
| run: | | ||
| npx npm-check-updates -u --dep prod |
There was a problem hiding this comment.
- consider
--upgradeinstead of-u(long form for readability in scripts, short form for interactive terminal) - is it fragile to assume
npm-check-updatesis installed globally? - curious whether considered running npm update commands instead?
There was a problem hiding this comment.
- Great Idea, I'll update it
- npx will install items if they don't exist in path
- Update respect semver, which is nice, but
npm-check-updateswill create a new pr will notify for new major versions. Even if the PR isn't perfect (the new version isn't compatible), the pr will act as a notification that we need to do something!
| - cron: '0 18 * * 0' | ||
|
|
||
| jobs: | ||
| UpdateOctokit: |
There was a problem hiding this comment.
will forks inherit this cron workflow? Should we add a job-condition so it doesnt run on forks?
.github/workflows/update-github.yaml
Outdated
|
|
||
| on: | ||
| schedule: | ||
| - cron: '0 18 * * 0' |
There was a problem hiding this comment.
can you add a comment in code, what this cron syntax means? According to https://crontab.guru/#0_18_*_*_0 it means: "At 18:00 on Sunday"
Co-authored-by: Shohei Ueda <30958501+peaceiris@users.noreply.github.com>
Update Octokit dependencies
| "@actions/http-client": "^1.0.8", | ||
| "@octokit/core": "^3.0.0", | ||
| "@octokit/plugin-paginate-rest": "^2.2.3", | ||
| "@octokit/plugin-rest-endpoint-methods": "^4.0.0" |
There was a problem hiding this comment.
Lots of changes to actions api here, going to release a new major version:
https://github.com/octokit/plugin-rest-endpoint-methods.js/releases/tag/v4.0.0
This automation will create a PR when any of the prod dependencies in actions/github have been updated. This should simplify the process of keeping the action up to date with octokit releases.
Also included is a bump to the versions of these dependencies, created by the automation.
It runs every sunday at 18:00 UTC