An Interest In:
Web News this Week
- August 11, 2024
- August 10, 2024
- August 9, 2024
- August 8, 2024
- August 7, 2024
- August 6, 2024
- August 5, 2024
Automate your node dependency updates
A reasonably large Node application will have 100's of dependencies. Keeping them all updated is a chore a developer needs to perform at some point. Either you ignore the dependency updates until you are stuck with a very old set of dependencies hindering your progress with security vulnerabilities or you spend your valuable application development time manually testing out the updates on a reasonable cadence.
Let's see how to automate this process in an enterprise environment assuming you have some kind of CI/CD environment and a private GitHub repo.
Ingredients
- Solid unit tests for your code. Bonus points if you have end to end tests and snapshot tests for UI components
next-update
An npm package which tests whether your dependencies can be updated without breaking the tests.hub
CLIThis is a command-line application from Git"Hub" which can interact with your GitHub repo.hub
is exactly similar togit
CLI and a drop-in replacement but has added features to interact with GitHub. Handy to open a Pull Request after the update operation.
Recipe
npm install next-update --save-dev
Install next-update as a dev-dependency.Configure an
npm
scriptdep:update
in yourpackage.json
scripts section
// package.json { "name": "a-sample-node-project", "version": "0.0.1", "description": "A sample node project", "scripts": { "test": "jest", "start": "node app.js", "dep:update": "next-update" // Configure an npm script }, "devDependencies": { "next-update": "^3.6.0" }, "dependencies": { }, }
npm run dep:update
Run the script.next-update
will go ahead and find all new packages. Updates them in sequence and keep the update if your tests pass.Download and install the
hub
cli
# download-hub.sh HUB_CLI=/opt/hub-linux/bin/hub if [[ ! -f $HUB_CLI ]]; then wget https://github.com/github/hub/releases/download/v2.12.2/hub-linux-amd64-2.12.2.tgz tar zxvf hub-linux-amd64-2.12.2.tgz rm -rf hub-linux-amd64-2.12.2.tgz /opt/hub-linux mv hub-linux-amd64-2.12.2 /opt/hub-linux fi
- Configure hub
git config --global --replace-all hub.host github.yourdomain.com git config --global --replace-all hub.protocol git
- Instruct the bot to open a Pull Request
$HUB_CLI add package.json package-lock.json $HUB_CLI commit -m " [BOT] Automated dependency update" $HUB_CLI pull-request \ --push \ -m "Pull Request Subject" \ -m "Pull Request Description" \ --no-edit \ --reviewer user-id1,user-id2
- Hook up this script in your CI/CD environment to run daily
Wrapping up
We saw how to check and update the node dependencies and automate the process of opening a PR. If your project is open-source, you may use a service like Greenkeeper.
Cheers
Please find my previous writings on Medium:
Original Link: https://dev.to/dennismphil/automate-your-node-dependency-updates-4aga
Dev To
An online community for sharing and discovering great ideas, having debates, and making friendsMore About this Source Visit Dev To