Bump NPM dependencies with Updatecli

July 26, 2024

I built a new Jenkins pipeline based on Updatecli for updating the NPM packages in my hobby project MyHeats.

#updatecli #pipeline #jenkins #myheats #nodejs #npm

I was looking for a way to automatically bump the version of the npm dependencies (package.json) whenever there is an update available. This is also important for security reasons (e.g., have a look at the output of npm audit from time to time to see the recent security issues in the dependencies).

I was looking into Renovate and Dependabot, but neither of these scratched my itch of simple automatic dependency updates.

A coworker suggested me to try Updatecli and it fits my workflows perfectly well. The Jenkins example on the projects website got me started. So I created a Jenkins shared library function to run my own build, which includes npm to perform the version bumps:

A class to describe the updatecli stages: https://code.in0rdr.ch/jenkins-lib/file/src/Updatecli.groovy.html

The scripted pipeline in the repository of the application loads the library and performs the version bumps to a new branch:

The Jenkinsfile that makes use of the updatecli groovy library: https://code.in0rdr.ch/myheats/file/Jenkinsfile.html

I did not even have to configure Updatecli a lot, because the autodiscovery feature automatically detects that this is a npm repository/project. The final version of my pipeline includes all the git/scm steps in the updatecli.d/default.yaml configuration file:

Updatecli configuration file: https://code.in0rdr.ch/myheats/file/updatecli.d/default.yaml.html

First I tried to perform the SCM/git steps in Jenkins checkout and sh steps. But I noticed it could be much sleeker by defining the SCM/git settings in the Updatecli config file directly. This way, updatecli takes care of the clone/checkout/push steps. Here the extract from my previous pipeline with the “manual git steps” for comparison:

// alternative approach I did not pursue any further
sh '''
git config --global user.name "$GIT_AUTHOR_NAME"
git config --global user.email "$GIT_AUTHOR_EMAIL"
'''

dir("myyheats.git-$BUILD_NUMBER") {
  // checkout update branch in new directory
  checkout scmGit(
      extensions: [localBranch("$branch")],
      userRemoteConfigs: [[url: 'https://git.in0rdr.ch/myheats.git']]
  )

  updatecli.run('apply')

  // commit changes
  sh '''
  git add -u
  git commit -m "chore(updatecli-$BUILD_NUMBER): bump node modules"
  git push -f -u origin "$branch"
  '''
}

I definitely like the updatecli configuration better, since it keeps the actual pipeline tidy. Also, I like how you can use the {{ requiredEnv "GIT_PASSWORD" }} configuration in updatecli to read secrets from the environment. The Git credentials are sourced from OpenBao with Nomad workload identities.

I hope the post is helpful for anyone that would like to give updatecli a try or would like to configure a similar Jenkins pipeline.

🛜 RSS | 🐘 Mastodon | 💬 IRC