You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
swyxkit depends on alpha software, primarily sveltekit, but also has a dozen more dependencies that move on a fairly frequent basis. The problem of keeping dependencies up to date is a pressing one.
The usual answer to this is Dependabot, which is available as a one click setting inside of GitHub. However, it generates a new PR per dependency update, which usually gets fairly annoying.
I adapted it to make it weekly, and figured I'd share the process.
Step 1 - Add a new GitHub Action.
Pretty much just create a file like this one, GH actions are so easy to make. I modified the cron syntax to only run once a week to limit the amount of updates going on.
name: 'Nightly'on:
schedule:
# Runs at 12:00 UTC on Fri.
- cron: '0 12 * * 5'workflow_dispatch:
jobs:
lockfile:
if: github.repository_owner == 'sw-yx'runs-on: ubuntu-lateststeps:
- name: Check out code using Gituses: actions/checkout@v2
- name: Set Node version to 16uses: actions/setup-node@v2with:
node-version: 16cache: 'npm'
- name: Clear lockfilerun: rm -rf package-lock.json node_modules
- name: Install dependenciesrun: npm install --ignore-engines --ignore-scripts
- name: Create Pull Requestid: createpruses: peter-evans/create-pull-request@v3with:
token: ${{ secrets.NIGHTLY_PERSONAL_GITHUB_TOKEN }}commit-message: '[ci] update lockfile'title: '[ci] update lockfile'body: > This PR is auto-generated by a nightly GitHub action. It should automatically be merged if tests pass.
- name: Mark Pull Request for Auto-Mergeif: steps.createpr.outputs.pull-request-operation == 'created'uses: peter-evans/enable-pull-request-automerge@v1with:
token: ${{ secrets.NIGHTLY_PERSONAL_GITHUB_TOKEN }}pull-request-number: ${{ steps.createpr.outputs.pull-request-number }}merge-method: squash
Is there an approach that would allow you to require checks and tests to pass before auto-merging? This doesn't bother me as-is for something like a blog, but seems a bit dangerous to add to my company's product.
i think that's a function of you setting up your CI correctly rather than anything to do with this setup - if your checks and tests dont pass, github would refuse to automerge, thats basically the definition of CI
tags: dx, github
swyxkit depends on alpha software, primarily sveltekit, but also has a dozen more dependencies that move on a fairly frequent basis. The problem of keeping dependencies up to date is a pressing one.
The usual answer to this is Dependabot, which is available as a one click setting inside of GitHub. However, it generates a new PR per dependency update, which usually gets fairly annoying.
Fred Schott from Astro recently tweeted about how they do nightly lockfile updates, which seems like a much smarter solution: https://twitter.com/FredKSchott/status/1489287560387956736
I adapted it to make it weekly, and figured I'd share the process.
Step 1 - Add a new GitHub Action.
Pretty much just create a file like this one, GH actions are so easy to make. I modified the cron syntax to only run once a week to limit the amount of updates going on.
Step 2 - create your token
Notice that the script depends on a
NIGHTLY_PERSONAL_GITHUB_TOKEN
variable. You can create it here: https://github.com/settings/tokensand enter it here in your project
The text was updated successfully, but these errors were encountered: