Use GitHub Actions to find Outdated Dependencies

2 minute read

Keeping up with dependencies can be a pain. That is especially true if you build a tool that heavily relies on some library. If that library changes in a major way, you’ll have to be quick with updating or risk issues piling up.

But how can you efficiently keep track of dependency updates?

Scheduled GitHub Actions

I’ve found GitHub Actions to be a simple, yet effective, solution for that particular problem.

A small workflow that runs on a schedule and checks if there are outdated dependencies does the job. I use something like this for reveal.js-starter to get notified when a new reveal.js version is released:

name: Check Outdated

on:
  schedule:
    - cron: "0 12 * * 1"

jobs:
  check_updates:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/[email protected]
      - name: Install npm
        run: npm install
      - name: Check outdated
        run: npm outdated reveal.js

If you are thinking “Well, that doesn’t look hard” - you are right. And isn’t that nice? :wink:

There isn’t a lot for me to cover here, but let’s go over the interesting parts real quick.

on:
  schedule:
    - cron: "0 12 * * 1"

Here we specify when our action should run. Consult the official documentation for details, but I’ve found checking dependencies each Monday at noon to work quite nicely.

- name: Check outdated
  run: npm outdated reveal.js

Luckily, npm offers a simple command to check if any dependency is outdated (based on your current lock file). The nice thing here is that this command will return with exit code 1 if newer versions were detected. As a result, the GitHub Action will fail without us needing to do anything else. Easy!

Chefs Kiss

The same approach works quite well for Ruby-based applications since bundler offers an outdated command as well. I use this workflow for my custom Rails generator Schienenzeppelin:

name: Check Outdated

on:
  schedule:
    - cron: "0 12 * * 1"

jobs:
  check_updates:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/[email protected]
      - name: Set up ruby
        uses: ruby/[email protected]
        with:
          ruby-version: 3.0.0
          bundler-cache: true
      - name: Check Outdated
        run: |
          bundle config unset deployment
          bundle outdated rails

Now, I’ve kept these actions very simple. Of course, there are tons of things you can improve upon! Customizing how notifications are sent or only failing when a new major version is released are things that come to mind.

What do you think? Let me know if you’ve encountered other interesting uses for GitHub actions :hugs:

Updated: