I’ve published quite a few Angular applications under various open source (MIT and Apache License, respectively) licenses :
Among other responsibilities, maintaining software comes with the task of regularly checking for dependency updates and applying them to the software in question. This first and foremost involves security updates but also bug fixes and new features for the frameworks and libraries used by the application.
Fortunately, Angular CLI comes with a command that allows you to do just that:
However, while having a simple command for updating dependencies and even seamlessly migrating existing application code if necessary is tremendously useful, executing that command and pushing changes to a source code repository still is a recurring manual task.
In the vein of automating such rote tasks I’ve now implemented GitHub Actions workflows that automate this tedious process for the projects mentioned above.
In order to achieve this I used ngx-uptodate action in conjunction with automerge-action.
ngx-uptodate is a “Github Action that keeps your Angular CLI-based projects up-to-date via automated pull requests“. It automatically runs
ng update on Angular projects and creates a pull request with the resulting changes. For my use case I have it run via a daily cron job.
automerge-action in turn allows you to have pull requests merged automatically once they satisfy predefined prerequisites.
In the case of my applications these prerequisites are simply the “dependencies” label I have ngx-uptodate apply to pull requests automatically (the same label is used by Dependabot, which means automerge-action will be applied to its pull requests, too) and a successful CircleCI build reported through GitHub status checks.
You can have a look at the required settings in the PivotHelper repository, for example:
While for these particular applications I see no issue with updating relentlessly, immediately, and indiscriminately, with more complex, business-critical applications that perhaps other applications depend on, you’d probably want to exercise some caution and add additional checks and conditions (such as a successful code review) before merging such changes to your main production branch.