Skip to content

neverendingqs/gh-action-node-update-deps

Use this GitHub Action with your project

Add this Action to an existing workflow or create a new one.

View on Marketplace
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 

gh-action-node-update-deps

Updates Node dependencies and creates a pull request with the changes. Uses npm-check-updates under the hood, so you can add a .ncurc file to fine tune dependency decisions, such as which ones to ignore.

Note: prefer dependabot over this action once dependabot supports grouped pull requests.

Example usage

name: Scheduled dependencies update
on:
  schedule:
    - cron: '0 15 * * 2'
jobs:
  update-deps:
    name: Update Node dependencies
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-node@v3
        with:
          node-version-file: .nvmrc
      - uses: neverendingqs/gh-action-node-update-deps@v2
        with:
          bump-version: patch                               # defaults to not bumping the package version
          commit-message-prefix: fix                        # defaults 'chore'
          package-manager: yarn                             # defaults to 'npm'
          github-token: ${{ secrets.CUSTOM_GITHUB_TOKEN }}  # defaults to the repo's `GITHUB_TOKEN`
          git-user-email: myemail@example.com               # defaults to '41898282+github-actions[bot]@users.noreply.github.com'
          git-user-name: Test                               # defaults to 'github-actions[bot]'
          pre-commit-script: npm run build                  # defaults to not running anything
          pull-request-labels: test                         # defaults to 'dependencies'
          target-version: minor                             # defaults to 'latest'

FAQ

Why doesn't the resulting pull request not trigger any GitHub Action workflows?

That is by design when using the repository's GITHUB_TOKEN. You can circumvent this by creating a personal access token or a installation access token. Note that doing so exposes you to vulnerabilities described on Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests.