Automate away your dependency chores using GitHub Actions

Some days our JS can feel like a house of cards stacked on top of thousands of NPM dependencies. Maintaining all the latest dependencies can be a daunting task. A combination of GitHub integrations make this much easier, so we can focus on writing features our customers love and focus less on keeping our dependencies up to date.

GitHub Actions provide a robust ecosystem of SaaS integrations to let us automate the chores of:

• Automatically open pull requests with a single dependency update
  • Dependabot
• Automatically tag pull requests based on which files are touched
  • Labeler GitHub Action
• Automatically validate against regressions
  • Vercel deployments for every commit
  • Chromatic automatic UI regression tests using Storybook stories
  • Travis/CircleCI unit tests with Jest
  • Double-check dist file sizes don't change
    • compressed-size-action
• Automatically merge pull requests with passing checks (based on configured tags like dependencies)
  • Kodiak
• Automatically enforce required checks using GitHub branch protections

With the above set of actions and the right set of automated tests, we can safely be on the latest version of all dependencies with confidence that our application or library is fully functional and is free of all resolved security vulnerabilities in our dependencies.