Skip to content
Nate Radebaugh
Nate Radebaugh

Automate away your dependency chores using GitHub Actions

May 17, 2020 3:23 PM

Keeping dependencies up to date is critical to avoiding security vulnerabilities and keeping your codebase modern and maintainable. However, many modern applications and libraries are built on the shoulders of giants. Instead of manually keeping your dependencies up to date, delegate that task to GitHub Actions!

Some days our JS can feel like a house of cards stacked on top of thousands of NPM dependencies. Maintaining all the latest dependencies can be a daunting task. A combination of GitHub integrations make this much easier, so we can focus on writing features our customers love and focus less on keeping our dependencies up to date.

GitHub Actions provide a robust ecosystem of SaaS integrations to let us automate the chores of:

  1. Automatically open pull requests with a single dependency update
  2. Automatically tag pull requests based on which files are touched
  3. Automatically validate against regressions
  4. Automatically merge pull requests with passing checks (based on configured tags like dependencies)
  5. Automatically enforce required checks using GitHub branch protections

With the above set of actions and the right set of automated tests, we can safely be on the latest version of all dependencies with confidence that our application or library is fully functional and is free of all resolved security vulnerabilities in our dependencies.

Further reading...