Use GitHub Actions to find Outdated Dependencies
Keeping up with dependencies can be a pain. That is especially true if you build a tool that heavily relies on some library. If that library changes in a major way, you’ll have to be quick with updating or risk issues piling up.
But how can you efficiently keep track of dependency updates?
Scheduled GitHub Actions
I’ve found GitHub Actions to be a simple, yet effective, solution for that particular problem.
A small workflow that runs on a schedule and checks if there are outdated dependencies does the job. I use something like this for reveal.js-starter to get notified when a new reveal.js version is released:
name: Check Outdated
on:
schedule:
- cron: "0 12 * * 1"
jobs:
check_updates:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Install npm
run: npm install
- name: Check outdated
run: npm outdated reveal.js
If you are thinking “Well, that doesn’t look hard” - you are right. And isn’t that nice? 😉
There isn’t a lot for me to cover here, but let’s go over the interesting parts real quick.
on:
schedule:
- cron: "0 12 * * 1"
Here we specify when our action should run. Consult the official documentation for details, but I’ve found checking dependencies each Monday at noon to work quite nicely.
- name: Check outdated
run: npm outdated reveal.js
Luckily, npm offers a simple command to check if any dependency is outdated (based on your current lock file). The nice thing here is that this command will return with exit code 1 if newer versions were detected. As a result, the GitHub Action will fail without us needing to do anything else. Easy!
The same approach works quite well for Ruby-based applications since bundler offers an outdated command as well. I use this workflow for my custom Rails generator Schienenzeppelin:
name: Check Outdated
on:
schedule:
- cron: "0 12 * * 1"
jobs:
check_updates:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Set up ruby
uses: ruby/setup-ruby@latest
with:
ruby-version: 3.0.0
bundler-cache: true
- name: Check Outdated
run: |
bundle config unset deployment
bundle outdated rails
Now, I’ve kept these actions very simple. Of course, there are tons of things you can improve upon! Customizing how notifications are sent or only failing when a new major version is released are things that come to mind.
What do you think? Let me know if you’ve encountered other interesting uses for GitHub actions.