DEV Community

Mark Tse
Mark Tse

Posted on

5 2

GitHub Action for Updating All NPM Dependencies at Once

#actionshackathon

My Workflow

I recently created a JavaScript GitHub Action that allows anyone to search Stack Overflow via an issue or pull request comment. To keep its dependencies up-to-date, I could turn to Dependabot, but they currently do not support grouped updates, which means if multiple dependencies require an update, I have to review each one individually.

Instead, I turned to an existing GitHub Action I've built, Update Node Dependencies. This action:

  • Uses npm-check-updates to update all dependencies to their latest version
  • Runs npm audit --fix to fix any remaining security issues (if any)
  • Does a package version bump (patch)
  • Uses hub to create a new pull request with these changes

Since I am using @zeit/ncc to build my JavaScript action, I also configured a pre-commit script to run to ensure all dependency updates make it into the code GitHub Actions runs (in dist/).

The workflow is scheduled to run weekly, but can also be manually triggered. I leave Dependabot security alerts turned on so that I am alerted of severe security issues and can respond to them immediately by manually triggering the workflow outside of its schedule.

All this put together means I can keep my dependencies up-to-date with only one pull request a week while still having the ability to respond to security issues immediately!

Submission Category:

Maintainer Must-Haves

Yaml File or Link to Code 

name: Scheduled Node Dependencies Update (npm)
on:
  schedule:
    - cron:  '0 15 * * 2'
  workflow_dispatch:
jobs:
  update-deps:
    name: Update Node dependencies using npm
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2
      - uses: neverendingqs/gh-action-node-update-deps@master
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          bump-version: patch
          pre-commit-script: npm run build

GitHub logo neverendingqs / gh-action-ask-stackoverflow

Search Stack Overflow on issues and pull requests using this GitHub Action.

gh-action-ask-stackoverflow

Search Stack Overflow on issues and pull requests using this GitHub Action.

Usage

Set up a workflow to pull in this action:

on:
  issue_comment:
    types: [created]

jobs:
  ask-stackoverflow:
    runs-on: ubuntu-latest
    steps:
      - uses: neverendingqs/gh-action-ask-stackoverflow@master
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}

​‌‌​​‌​‌ ​‌‌‌​‌‌​ ​‌‌​​‌​‌ ​‌‌‌​​‌​ ​‌‌​​‌​‌ ​‌‌​‌‌‌​ ​‌‌​​‌​​ ​‌‌​‌​​‌ ​‌‌​‌‌‌​ ​‌‌​​‌‌‌ ​‌‌‌​​​‌ ​‌‌‌​​‌‌

Then search anything on Stack Overflow using the /so command, and the action will post back with the top 3 matching results, each with the top 3 answers.

Try it out by running the /so command on this issue or pull request!

View on GitHub

Additional Resources / Info

profile
AWS
 Promoted

AWS GenAI LIVE image

Real challenges. Real solutions. Real talk.

From technical discussions to philosophical debates, AWS and AWS Partners examine the impact and evolution of gen AI.

Learn more

Top comments (0)

profile
Neon
 Promoted

Billboard image

Create up to 10 Postgres Databases on Neon's free plan.

If you're starting a new project, Neon has got your databases covered. No credit cards. No trials. No getting in your way.

Try Neon for Free →

Read next

lukaszwojcikdev profile image

HEX 2 DEC Converter

Łukasz Wójcik -

nigelsilonero profile image

How to Install Codeigniter on a Local Server in 2025?

{η!б€£ $!£¤η€я¤}• -

vitalisorenko profile image

Exploring the Power and Community Behind Apache Flink

Vitali Sorenko -

kallileiser profile image

Exploring the Journey of Apache Cassandra: Innovation, Funding, and Community Impact

kallileiser -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay