Denopendabot is a GitHub App, GitHub Action, and Deno module to keep the dependencies of your Deno projects up-to-date.
Obviously inspired by Dependabot, and making up for their missing support for Deno. Written in Deno, and running on Deno Deploy.
Warning
Still under development. Many bugs might remain. Any breaking changes may be introduced on each Feature release.
import $ from "https://deno.land/x/dax@0.14.0/mod.ts";
- import $ from "https://deno.land/x/dax@0.14.0/mod.ts";
+ import $ from "https://deno.land/x/dax@0.15.0/mod.ts";
Denopendabot takes advantage of the core engine of udd, one of the most widely used module update libraries for Deno, which supports many registry domains.
- uses: denoland/setup-deno@v1
with:
deno-version: v1.26.0 # @denopendabot denoland/deno
- deno-version: v1.26.0 # @denopendabot denoland/deno
+ deno-version: v1.26.1 # @denopendabot denoland/deno
Denopendabot can also update release versions of GitHub repositories, specified
by comments of @denopendabot {owner}/{repo}
.
- Commits are created for each updated module/repository individually
- Each run of Denopendabot creates only one pull request
See the example pull requests.
The easiest way to use Denopendabot is to install the
GitHub App. After installation,
Denopendabot will send a pull request to create
denopendabot.yml
in .github/workflows
if it finds
your repository to be a Deno project. Merge it to get ready, or create the file
by yourself.
Warning
Denopendabot requires write access to your workflows, which technically enables the bot to perform script injection on your repository. Install the app only if you are sure that it is reliable.
If you don't want to send repository contents to the app, you can use our GitHub Action to run Denopendabot locally inside the GitHub Actions environment.
The action needs a GitHub access token authorized to run workflows.
secrets.GITHUB_TOKEN
is used by default and it works fine in most cases.
If you want to update workflow files (.github/workflows/*.yml
), it also needs
a private access token with the workflow
scope. In the examples below, we
assume the token is added in repository secrets as GH_TOKEN
.
name: Denopendabot
on:
workflow_dispatch:
schedule:
- cron: "0 0 * * *" # modify to your convenient time
jobs:
update:
name: Update
runs-on: ubuntu-latest
steps:
- uses: hasundue/denopendabot@0.16.1 # @denopendabot hasundue/denopendabot
with:
user-token: ${{ secrets.GH_TOKEN }} # needed for updating workflows
See action.yml for other options.
Star the repository, and use Denopendabot for your project! Feel free to make an issue when you find any problem.
Pull requests for bug-fix, testing, or documentation are always welcome.
If you want to create a pull request for feature addition or refactoring, it is recommended to make an issue first, since we don't necessarily like the changes.