Automate dependency updates
This site is the new docs site currently being tested. For the actual docs in use please go to https://www.jenkins.io/doc. |
Jenkins plugins frequently depend on external libraries and other plugins. Automatic dependency checks help assure that new releases of dependencies are reviewed by plugin maintainers.
The GitHub dependabot
tool can be configured to periodically check for new releases of dependencies.
When a new release is detected, dependabot submits a pull request to include that update in the plugin pom file.
See the Jenkins Online Meetup video for more details on dependabot with Jenkins.
Create a branch
In a local copy of your fork of the plugin repository create a git branch for your work with the command:
git checkout -b {task-identifier} master
Automated dependency checks by dependabot are defined in a .github/dependabot.yml file.
mkdir .github
cat > .github/dependabot.yml <<END-OF-HERE-DOC
version: 2
updates:
# Maintain dependencies for your plugin
- package-ecosystem: maven
directory: /
schedule:
interval: monthly
open-pull-requests-limit: 10
target-branch: master
# Maintain dependencies for GitHub Actions
- package-ecosystem: github-actions
directory: /
schedule:
interval: monthly
END-OF-HERE-DOC
Commit the file and push it to GitHub with the commands:
Create a pull request
Commit that change:
git add {modified-files}
git commit -m "{task-description}"
Push the change to GitHub:
git push origin --set-upstream {task-identifier}
Total 0 (delta 0), reused 0 (delta 0), pack-reused 0 remote: remote: Create a pull request for '{task-identifier}' on GitHub by visiting: remote: https://github.com/user/your-plugin/pull/new/{task-identifier} remote: To github.com:user/your-plugin.git * [new branch] {task-identifier} -> {task-identifier} Branch '{task-identifier}' tracking remote branch '{task-identifier}'.
Notice that the output of the command includes the URL, which can be used to open a pull request. Copy that URL in your web browser and submit a pull request.