denopendabot-simple-320

denopendabot

CI codecov denoland/deno deno deploy

Denopendabot is a GitHub App, GitHub Action, and Deno module to keep the dependencies of your Deno projects up-to-date.

Obviously inspired by Dependabot, and making up for their missing support for Deno.

Warning
Still under development. Many bugs might remain. Any breaking changes may be introduced on each Feature release.

🪄 Features

Update Deno modules

import $ from "https://deno.land/x/dax@0.14.0/mod.ts";
- import $ from "https://deno.land/x/dax@0.14.0/mod.ts";
+ import $ from "https://deno.land/x/dax@0.15.0/mod.ts";

Denopendabot takes advantage of the core engine of udd, one of the most widely used module update libraries for Deno, which supports many registry domains.

Update GitHub repositories

- uses: denoland/setup-deno@v1
  with:
    deno-version: v1.26.0 # @denopendabot denoland/deno
-   deno-version: v1.26.0 # @denopendabot denoland/deno
+   deno-version: v1.26.1 # @denopendabot denoland/deno

Denopendabot can also update release versions of GitHub repositories, specified by comments of @denopendabot {owner}/{repo}.

Create pull requests

  • Commits are created for each updated module/repository individually
  • Each run of Denopendabot creates only one pull request

See the example pull requests.

🚀 Getting started

GitHub App

The easiest way to use Denopendabot is to install the GitHub App. After installation, Denopendabot will send a pull request to create denopendabot.yml in .github/workflows if it finds your repository to be a Deno project. Merge it to get ready, or create the file by yourself.

Warning
Denopendabot requires write access to your workflows, which technically enables the bot to perform script injection on your repository. Install the app only if you are sure that it is reliable.

GitHub Action

If you don't want to send repository contents to the remote for security reasons, you can use our GitHub Action to run Denopendabot locally inside the GitHub Actions environment.

The action needs a GitHub access token authorized to run workflows. secrets.GITHUB_TOKEN is used by default and it works fine in most cases.

If you want to update workflow files (.github/workflows/*.yml), it also needs a private access token with the workflow scope. In the examples below, we assume the token is added in repository secrets as GH_TOKEN.

name: Denopendabot
on:
  workflow_dispatch:
  schedule:
    - cron: "0 0 * * *" # modify to your convenient time
jobs:
  update:
    name: Update
    runs-on: ubuntu-latest
    steps:
      - uses: hasundue/denopendabot@0.10.3 # @denopendabot hasundue/denopendabot
        with:
          user-token: ${{ secrets.GH_TOKEN }} # needed for updating workflows

See action.yml for other options.