Solve the problem of updating consuming projects of your components by utilizing Dependabot and Bit together. This way when new versions of components are available you get automated PRs to update the components you consume.
YouTube video toturial on how this works and how to set up
This repository contains example configuration and workflow for how a project that depends on Bit Components as packages in package.json can utilize GitHub's Dependabot feature to get automated PRs for updating dependencies.
- Ensure you have a
.npmrcfile in the root of your workspace with your scoped registry configured to your bit.cloud account. - Generate an authentication token in bit.cloud and set it as a Dependabot secret for your repository.
- Configure your
.github/dependabot.ymlfile with the right policy to update your Bit Components. - Configure Dependabot in your repository settings.
See the below links from GitHub to learn more:
- Setting up
npmrcfor installing Bit components - Using private registries with Dependabot
- Setting version updates
- Configuring Dependabot for NPM registries
- Dependabot quick start
From this repository:
Below you see an example .npmrc with a scoped registry, and replace-registry-host=never as recommended by GitHub.
@itaysso:registry=https://node-registry.bit.cloud
replace-registry-host=never
version: 2
registries:
# Define the Bit NPM registry
npm-bit:
type: npm-registry
url: https://node-registry.bit.cloud
# Use your Dependabot-Bit token
token: ${{secrets.DEPENDABOT_TOKEN}}
replaces-base: true
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
allow:
# Only check for components coming from Bit
- dependency-name: "@itaysso/*"
registries:
# Use the Bit Registry for this update policy
- npm-bit