Jenkins plugins frequently depend on external libraries and other plugins. Automatic dependency checks help assure that new releases of dependencies are reviewed by plugin maintainers.
The GitHub dependabot tool can be configured to periodically check for new releases of dependencies.
When a new release is detected, dependabot submits a pull request to include that update in the plugin pom file.
See the Jenkins Online Meetup video for more details on dependabot with Jenkins.
In a local copy of your fork of the plugin repository create a git branch for your work with the command:
git checkout -b auto-update-deps masterAutomated dependency checks by dependabot are defined in a .github/dependabot.yml file.
mkdir .github
cat > .github/dependabot.yml <<END-OF-HERE-DOC
version: 2
updates:
# Maintain dependencies for your plugin
- package-ecosystem: maven
directory: /
schedule:
interval: monthly
open-pull-requests-limit: 10
target-branch: master
# Maintain dependencies for GitHub Actions
- package-ecosystem: github-actions
directory: /
schedule:
interval: monthly
END-OF-HERE-DOCCommit the file and push it to GitHub with the commands:
Commit that change:
git add .github/dependabot.yml
git commit -m "Automate dependency updates"Push the change to GitHub:
git push origin --set-upstream auto-update-depsTotal 0 (delta 0), reused 0 (delta 0), pack-reused 0
remote:
remote: Create a pull request for '{task-identifier}' on GitHub by visiting:
remote: https://github.com/user/your-plugin/pull/new/{task-identifier}
remote:
To github.com:user/your-plugin.git
* [new branch] {task-identifier} -> {task-identifier}
Branch '{task-identifier}' tracking remote branch '{task-identifier}'.
Notice that the output of the command includes the URL, which can be used to open a pull request. Copy that URL in your web browser and submit a pull request.