Skip to content

Latest commit

 

History

History
62 lines (47 loc) · 2.55 KB

README.md

File metadata and controls

62 lines (47 loc) · 2.55 KB

Update Bit Components with GitHub's Dependabot

Solve the problem of updating consuming projects of your components by utilizing Dependabot and Bit together. This way when new versions of components are available you get automated PRs to update the components you consume.

YouTube video toturial on how this works and how to set up

This repository contains example configuration and workflow for how a project that depends on Bit Components as packages in package.json can utilize GitHub's Dependabot feature to get automated PRs for updating dependencies.

What you need?

  • Ensure you have a .npmrc file in the root of your workspace with your scoped registry configured to your bit.cloud account.
  • Generate an authentication token in bit.cloud and set it as a Dependabot secret for your repository.
  • Configure your .github/dependabot.yml file with the right policy to update your Bit Components.
  • Configure Dependabot in your repository settings.

References

See the below links from GitHub to learn more:

Examples

From this repository:

.npmrc

Below you see an example .npmrc with a scoped registry, and replace-registry-host=never as recommended by GitHub.

@itaysso:registry=https://node-registry.bit.cloud
replace-registry-host=never

.github/dependabot.yml

version: 2
registries:
  # Define the Bit NPM registry
  npm-bit:
    type: npm-registry
    url: https://node-registry.bit.cloud
    # Use your Dependabot-Bit token
    token: ${{secrets.DEPENDABOT_TOKEN}}
    replaces-base: true
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "daily"
    allow:
      # Only check for components coming from Bit
      - dependency-name: "@itaysso/*"
    registries:
      # Use the Bit Registry for this update policy
      - npm-bit