Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Setup Weekly Automation to Update @actions/github #498

Merged
merged 13 commits into from
Jun 19, 2020
Merged

Setup Weekly Automation to Update @actions/github #498

merged 13 commits into from
Jun 19, 2020

Conversation

thboop
Copy link
Collaborator

@thboop thboop commented Jun 8, 2020

This automation will create a PR when any of the prod dependencies in actions/github have been updated. This should simplify the process of keeping the action up to date with octokit releases.

Also included is a bump to the versions of these dependencies, created by the automation.

It runs every sunday at 18:00 UTC

@peaceiris
Copy link
Contributor

peaceiris commented Jun 9, 2020

Why don't you use the Dependabot? Just curious. (For updating multiple dependencies at one time?)

if: ${{steps.status.outputs.createPR}}
uses: actions/github-script@v2
with:
github-token: ${{secrets.GITHUB_TOKEN}}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fyi, it looks like you could omit github-token: ... since ${{ github.token }} is the default

git checkout -b bots/updateGitHubDependencies-${{github.run_number}}
git add .
git commit -m "Update Dependencies"
git push --set-upstream origin bots/updateGitHubDependencies-${{github.run_number}}; fi
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should fi be on it's own line? (strange style, since multiline block)

- name: Update Octokit
working-directory: packages/github
run: |
npx npm-check-updates -u --dep prod
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • consider --upgrade instead of -u (long form for readability in scripts, short form for interactive terminal)
  • is it fragile to assume npm-check-updates is installed globally?
  • curious whether considered running npm update commands instead?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • Great Idea, I'll update it
  • npx will install items if they don't exist in path
  • Update respect semver, which is nice, but npm-check-updates will create a new pr will notify for new major versions. Even if the PR isn't perfect (the new version isn't compatible), the pr will act as a notification that we need to do something!

- cron: '0 18 * * 0'

jobs:
UpdateOctokit:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will forks inherit this cron workflow? Should we add a job-condition so it doesnt run on forks?


on:
schedule:
- cron: '0 18 * * 0'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you add a comment in code, what this cron syntax means? According to https://crontab.guru/#0_18_*_*_0 it means: "At 18:00 on Sunday"

"@actions/http-client": "^1.0.8",
"@octokit/core": "^3.0.0",
"@octokit/plugin-paginate-rest": "^2.2.3",
"@octokit/plugin-rest-endpoint-methods": "^4.0.0"
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lots of changes to actions api here, going to release a new major version:
https://github.com/octokit/plugin-rest-endpoint-methods.js/releases/tag/v4.0.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants