From 12d684a81f59f158884b7ebda80aa5423e89238f Mon Sep 17 00:00:00 2001 From: Yehonal Date: Thu, 28 Mar 2024 11:24:10 +0100 Subject: [PATCH] feat: implemented better-dependabot --- .github/workflows/test-better-dependabot.yml | 16 ++++ README.md | 1 + better-dependabot/README.md | 59 ++++++++++++ better-dependabot/action.yml | 94 ++++++++++++++++++++ better-dependabot/index.js | 0 5 files changed, 170 insertions(+) create mode 100644 .github/workflows/test-better-dependabot.yml create mode 100644 better-dependabot/README.md create mode 100644 better-dependabot/action.yml create mode 100644 better-dependabot/index.js diff --git a/.github/workflows/test-better-dependabot.yml b/.github/workflows/test-better-dependabot.yml new file mode 100644 index 0000000..cbf5d85 --- /dev/null +++ b/.github/workflows/test-better-dependabot.yml @@ -0,0 +1,16 @@ +name: Automated Dependency Updates + +on: + schedule: + - cron: '0 0 * * 0' # Weekly on Sunday at 00:00 + workflow_dispatch: # Allows manual triggering + +jobs: + update-dependencies: + runs-on: ubuntu-latest + steps: + - name: Better Dependabot + uses: Drassil/gh-actions-collection/better-dependabot@master + with: + version_target: 'patch' # Example: target minor version updates + token: ${{ secrets.GITHUB_TOKEN }} # Use a GitHub PAT or `${{ secrets.GITHUB_TOKEN }}` \ No newline at end of file diff --git a/README.md b/README.md index 2c13fb5..c5c1d76 100644 --- a/README.md +++ b/README.md @@ -6,3 +6,4 @@ Collection of reusable github actions - [changed-files](./changed-files/README.md) - [node-setup](./node-setup/README.md) - [extra-info](./extra-info/README.md) +- [better-dependabot](./better-dependabot/README.md) diff --git a/better-dependabot/README.md b/better-dependabot/README.md new file mode 100644 index 0000000..2a4812b --- /dev/null +++ b/better-dependabot/README.md @@ -0,0 +1,59 @@ +# Better Dependabot GitHub Action + +## Introduction + +The Better Dependabot GitHub Action automates the process of updating NPM packages and creating pull requests for those updates. Unlike traditional dependabot updates, this action allows for more granular control over the update process, including specifying the version target for updates and adding custom arguments for the `npm-check-updates` package. + +## Features + +- Checks for existing pull requests to avoid duplicate updates. +- Updates NPM packages based on a specified version target (`latest`, `newest`, `greatest`, `minor`, `patch`, `semver`). +- Creates a new branch and pull request with the updated `package.json` and `package-lock.json` files. +- Allows for custom npm arguments to fine-tune the update process. + +## Inputs + +| Input | Description | Required | Default | +|----------------|-------------------------------------------------------------------------------------------------------|----------|---------| +| `node_version` | Node version used for the Node.js commands. | No | `lts/*` | +| `npm_version` | NPM version used for the npm commands. | No | `''` | +| `version_target` | Determines the version to upgrade to. Options: `latest`, `newest`, `greatest`, `minor`, `patch`, `semver`. | No | `patch` | +| `ncu_args` | Extra arguments for the `npm-check-updates` command. | No | `''` | +| `token` | A GitHub PAT (Personal Access Token) for authenticating GitHub CLI operations. | Yes | N/A | + +## Usage + +To use the Better Dependabot GitHub Action in your workflow, follow these steps: + +1. Create a `.github/workflows` directory in your repository (if it doesn't already exist). +2. Create a new YAML file within the `.github/workflows` directory. For example, `better-dependabot.yml`. +3. Add the following configuration to your YAML file, adjusting the inputs as necessary: + +```yaml +name: Automated Dependency Updates + +on: + schedule: + - cron: '0 0 * * 0' # Weekly on Sunday at 00:00 + workflow_dispatch: # Allows manual triggering + +jobs: + update-dependencies: + runs-on: ubuntu-latest + steps: + - name: Better Dependabot + uses: Drassil/gh-actions-collection/better-dependabot@master + with: + node_version: '20' # Example: specify the Node.js version + version_target: 'minor' # Example: target minor version updates + ncu_args: '--filter /react/' # Example: update react packages only + token: ${{ secrets.GITHUB_TOKEN }} # Use a GitHub PAT or `${{ secrets.GITHUB_TOKEN }}` +``` + +## Example Workflow +The provided example in the Usage section sets up a weekly job that checks and updates your NPM dependencies, targeting minor versions, and focuses on packages related to React. + +For more detailed control or different scheduling, adjust the cron syntax in the on.schedule field or modify the input parameters as needed. + +## Support +For support or questions about using this GitHub Action, please open an issue in the repository. diff --git a/better-dependabot/action.yml b/better-dependabot/action.yml new file mode 100644 index 0000000..accf5bb --- /dev/null +++ b/better-dependabot/action.yml @@ -0,0 +1,94 @@ +name: "better-dependabot" +description: "Update NPM Packages and Create PR" +inputs: + node_version: + description: 'node version used for the node commands' + required: false + default: 'lts/*' + npm_version: + description: 'npm version used for the npm commands' + required: false + default: '' + version_target: + description: 'Determines the version to upgrade to: latest, newest, greatest, minor, patch, semver. (default: patch)' + required: false + default: 'patch' + ncu_args: + descriptions: 'Extra args for the npm-check-updates' + required: false + type: string + token: + description: 'A Github PAT' + required: true +runs: + using: 'composite' + steps: + + - name: Check for Existing Pull Requests + id: check_pr + run: | + BRANCH_PREFIX="better-dependabot-updates-${{ inputs.version_target }}" + BRANCH_NAME=$BRANCH_PREFIX-$(date +%Y%m%d%H%M%S) + PR_EXISTS=$(gh pr list --search "head:${BRANCH_PREFIX} type:pr state:open" | wc -l) + echo "PR_EXISTS=${PR_EXISTS}" >> $GITHUB_ENV + echo "BRANCH_NAME=${BRANCH_NAME}" >> $GITHUB_ENV + echo "::set-output name=pr_exists::${PR_EXISTS}" + shell: bash + env: + GITHUB_TOKEN: ${{ inputs.token }} + + - name: Install node + if: steps.check_pr.outputs.pr_exists == '0' + uses: Drassil/gh-actions-collection/extra-info@master + id: prepare + with: + npm_version: ${{ inputs.npm_version }} + node_version: ${{ inputs.node_version }} + + - name: Install npm-check-updates + if: steps.check_pr.outputs.pr_exists == '0' + shell: bash + run: npm install -g npm-check-updates + + - name: Check npm updates + if: steps.check_pr.outputs.pr_exists == '0' + shell: bash + run: ncu --target ${{ inputs.version_target }} ${{ inputs.ncu_args }} + + - name: Update package.json + if: steps.check_pr.outputs.pr_exists == '0' + shell: bash + run: ncu -u --target ${{ inputs.version_target }} ${{ inputs.ncu_args }} + + - name: Install updated packages + if: steps.check_pr.outputs.pr_exists == '0' + shell: bash + run: npm install --package-lock-only + + - name: Create a new branch + if: steps.check_pr.outputs.pr_exists == '0' + run: | + git checkout -b $BRANCH_NAME + shell: bash + + # Placeholder for committing changes - customize as necessary + - name: Commit changes + if: steps.check_pr.outputs.pr_exists == '0' + run: | + git config --global user.name 'github-actions[bot]' + git config --global user.email 'github-actions[bot]@users.noreply.github.com' + git add --all + git commit -m "Update dependencies" + git push --set-upstream origin $BRANCH_NAME + shell: bash + env: + GITHUB_TOKEN: ${{ inputs.token }} + + - name: Create Pull Request + if: steps.check_pr.outputs.pr_exists == '0' + run: | + gh pr create --title "Better Dependabot: Update ${{ inputs.version_target }} dependencies" --body "This PR updates dependencies to the most recent ${{ inputs.version_target }} versions." --head $BRANCH_NAME --base main + shell: bash + env: + GITHUB_TOKEN: ${{ inputs.token }} + diff --git a/better-dependabot/index.js b/better-dependabot/index.js new file mode 100644 index 0000000..e69de29