Skip to content
a simple bot for updating dependencies in source code and automatically generating Pull Requests in downstream projects
Branch: master
Clone or download
Pull request Compare This branch is 177 commits ahead of fabric8-updatebot:master.
garethjevans Merge pull request #91 from jenkins-x/precommit
chore: added precommit configuration
Latest commit 21ceaf7 Jul 30, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
.idea/runConfigurations #31 Add IntelliJ run configuration for testing Jul 29, 2018
updatebot-core feat: allow excludeUpdateLoop to be defined for github repositories Apr 12, 2019
updatebot-logging update version Jan 24, 2018
updatebot-maven-plugin switch CI/CD to serverless Jenkins with Prow Oct 9, 2018
updatebot update version Jan 24, 2018
.gitignore fixed bad link Sep 26, 2017
.pre-commit-config.yaml chore: added precommit configuration Jul 24, 2019
.updatebot.yml allow the jenkinsfile library git repo to be configured Oct 11, 2017
LICENSE initial spike of git repo scanning code Sep 22, 2017
OWNERS switch CI/CD to serverless Jenkins with Prow Oct 9, 2018 updates to check poms and parents Aug 22, 2018
jenkins-x.yml fix: corrected non-dns name for make_directories Apr 4, 2019
pom.xml fix: use recent mvn surefire plugin Oct 30, 2018


A bot for updating dependencies on your projects automatically!

Javadocs Maven Central Apache 2


UpdateBot takes a simple YAML file to define which git repositories and github organisations to search for repositories to update.

See an example UpdateBot YAML file

Using UpdateBot

Jenkins Pipelines

A good place to use UpdateBot is in your Continuous Delivery pipelines when you've just created a release, tagged the source code and have waited for the artifacts to be in maven central or your nexus/artifactory; then you want to push those new versions into your downstream projects via Pull Requests.

To do that please use the UpdateBot Jenkins Plugin or checkout the UpdateBot Jenkins Plugin documentation.

Essentially once you have installed the UpdateBot Jenkins Plugin into your Jeknins you just use the updateBotPush() step in your pipeline like this:

node {

    stage('Release') { 
        git ''

        // TODO do the actual release first...
        // TODO wait for the release to be in maven central or npm or whatever...

    stage('UpdateBot') {
        // now lets update any dependent projects with this new release
        // using the local file system as the tagged source code with versions

Command Line

The updatebot jar file is a fat executable jar so you can use:

java -jar updatebot-${version}.jar

But the jar is also a unix binary so you can just run the following:


To install on a unix operating system just copy the updatebot-${version).jar to file called updatebot on your PATH

Kinds of update

There are different kinds of updates that UpdateBot can do. Lets walk through the kinds of updates you might want to do...


When you release an artifact its good practice to eagerly update all of the projects that use your artifact to use the new version via a Pull Request. Using a Pull Request means that this version change will trigger any Continuous Integration tests to validate the version change which also gives good feedback upstream to your project. It also lets downstream projects review and approve any version change.

To push versions from a repository just run the push command passing in the git clone URL or a local directory that contains a git clone.

updatebot push --repo 

You can specify a particular git commit reference (sha, branch, tag) via --ref

updatebot push --repo --ref 1.2.3

This will then grab the source code for that repository and update its version in the downstream dependent projects.

When doing a CD pipeline you will typically have the git repository cloned locally already so you can just point to a local clone:

updatebot push --dir /foo/bar

Or specifying the tag as well:

updatebot push --dir /foo/bar  --tag 1.2.3

Pushing other dependency versions

Often projects have other dependencies such as shared libraries or packages. e.g. an npm project may have dependencies on angular packages.

You may want to use a single project as your exemplar project so that it defines a set of dependency versions; so that if they change in one repository then updatebot will replicate those changes into other repositories.

To push other versions from a repository we use the push object below, then we include language/framework specific dependency set definitions. In the case of npm we can specify lists of includes or excludes dependencies for dependencies, devDependencies or peerDependencies. You can use * too for a wildcard to make this YAML more DRY.

e.g. here's an example updatebot.yml file that sets up a repo called ngx-base as the exemplar project for all of its dependencies:

  - name: jstrachan-testing
    - name: ngx-base
            - "*"
            - "*"
    - name: ngx-widgets

Then when we run this command:

updatebot push --repo

updatebot will look at all of those matching dependencies in the ngx-base/package.json and if they are different to the downstream dependencies it will generate a Pull Request.

e.g. here's an example generated Pull Request on the ngx-widgets project where it generated a single commit to update all the changed versions

Pushing specific versions

Sometimes you just want to upgrade a specific version through your projects. To do this use the push-version command:

updatebot push-version -k npm myapp 1.2.3

This will then iterate through all the projects defined by the configuration file you give it and generate the necessary code changes to adopt the new version and submit pull requests.


We recommend pushing version changes eagerly in your CI / CD pipelines.

However projects often depend on lots of dependencies that are released upstream by different teams. So to pull version changes from upstream releases you can use the pull command:

updatebot push -k npm 

This will then update any dependencies in your projects.


UpdateBot requires the following binaries to be available on your PATH

  • java
  • git


To be able to pull version changes into your npm packages we use the ncu CLI tool. You can install it via these instructions or typing

npm install -g npm-check-updates


If you want to use UpdateBot inside a docker image you can reuse the fabric8/maven-builder image

You can’t perform that action at this time.