Jenkins plugins frequently depend on external libraries and other plugins. Automatic dependency checks help assure that new releases of dependencies are reviewed by plugin maintainers.
The GitHub dependabot
tool can be configured to periodically check for new releases of dependencies.
When a new release is detected, dependabot submits a pull request to include that update in the plugin pom file.
See the Jenkins Online Meetup video for more details on dependabot with Jenkins.
Create a git branch for your local work with the command:
$ git checkout -b auto-update-deps master
Automated dependency checks by dependabot are defined in a .github/dependabot.yml file.
$ mkdir .github
$ cat > .github/dependabot.yml <<END-OF-HERE-DOC
version: 2
updates:
- package-ecosystem: maven
directory: "/"
schedule:
interval: weekly
open-pull-requests-limit: 10
target-branch: master
reviewers:
- <insert-maintainers-here-one-per-line-use-github-handle>
labels:
- skip-changelog
END-OF-HERE-DOC
Commit the file and push it to GitHub with the commands:
Commit that change:
$ git add .github/dependabot.yml
$ git commit -m "Automate dependency updates"
Push the change to GitHub:
$ git push origin --set-upstream auto-update-deps
Total 0 (delta 0), reused 0 (delta 0), pack-reused 0
remote:
remote: Create a pull request for 'auto-update-deps' on GitHub by visiting:
remote: https://github.com/user/your-plugin/pull/new/auto-update-deps
remote:
To github.com:user/your-plugin.git
* [new branch] auto-update-deps -> auto-update-deps
Branch 'auto-update-deps' tracking remote branch 'auto-update-deps'.
Notice that the output of the command includes the URL, which can be used to open a pull request. Copy that URL in your web browser and submit a pull request.