/denopendabot

Dependabot for Deno projects (deprecated)

Primary LanguageTypeScriptMIT LicenseMIT

Warning

Denopendabot is deprecated in favor of renovate or molt. Thanks for kind support and contribution!

denopendabot

CI codecov denoland/deno

Denopendabot is a GitHub App, GitHub Action, and Deno module to keep the dependencies of your Deno projects up-to-date.

Obviously inspired by Dependabot, and making up for their missing support for Deno. Written in Deno, and running on Deno Deploy.

🪄 Features

Update Deno modules

import $ from "https://deno.land/x/dax@0.14.0/mod.ts";
- import $ from "https://deno.land/x/dax@0.14.0/mod.ts";
+ import $ from "https://deno.land/x/dax@0.15.0/mod.ts";

Denopendabot takes advantage of the core engine of udd, one of the most widely used module update libraries for Deno, which supports many registry domains.

Update GitHub repositories

- uses: denoland/setup-deno@v1
  with:
    deno-version: v1.26.0 # @denopendabot denoland/deno
-   deno-version: v1.26.0 # @denopendabot denoland/deno
+   deno-version: v1.26.1 # @denopendabot denoland/deno

Denopendabot can also update release versions of GitHub repositories, specified by comments of @denopendabot {owner}/{repo}.

Create pull requests

  • Commits are created for each updated module/repository individually
  • Each run of Denopendabot creates only one pull request

See example pull requests.

🚀 Getting started

GitHub App

The easiest way to use Denopendabot is to install the GitHub App. After installation, Denopendabot will send a pull request to create denopendabot.yml in .github/workflows if it finds your repository to be a Deno project. Merge it to get ready, or create the file by yourself.

Warning
Denopendabot requires write access to your workflows, which technically enables the bot to perform script injection on your repository. Install the app only if you are sure that it is reliable.

GitHub Action

If you don't want to send repository contents to the app, you can use our GitHub Action to run Denopendabot locally inside the GitHub Actions environment.

The action needs a GitHub access token authorized to run workflows. secrets.GITHUB_TOKEN is used by default and it works fine in most cases.

If you want to update workflow files (.github/workflows/*.yml), it also needs a private access token with the workflow scope. In the examples below, we assume the token is added in repository secrets as GH_TOKEN.

name: Denopendabot
on:
  workflow_dispatch:
  schedule:
    - cron: "0 0 * * *" # modify to your convenient time
jobs:
  update:
    name: Update
    runs-on: ubuntu-latest
    steps:
      - uses: hasundue/denopendabot@0.18.2 # @denopendabot hasundue/denopendabot
        with:
          user-token: ${{ secrets.GH_TOKEN }} # needed for updating workflows

See action.yml for other options.

🤝 Contributing

Star the repository, and use Denopendabot for your project! Feel free to make an issue when you find any problem.

Pull requests for bug-fix, testing, or documentation are always welcome.

If you want to create a pull request for feature addition or refactoring, it is recommended to make an issue first, since we don't necessarily like the changes.