npm &mdash; Jerry of the Week https://write.in0rdr.ch/tag:npm ˈdʒɛri - Individual who sends life against the grain no matter the consequences Fri, 17 Apr 2026 09:06:47 +0000 Bump NPM dependencies with Updatecli https://write.in0rdr.ch/bump-npm-dependencies-with-updatecli <![CDATA[I built a new Jenkins pipeline based on Updatecli for updating the NPM packages in my hobby project MyHeats. #updatecli #pipeline #jenkins #myheats #nodejs #npm !--more-- I was looking for a way to automatically bump the version of the npm dependencies (package.json) whenever there is an update available. This is also important for security reasons (e.g., have a look at the output of npm audit from time to time to see the recent security issues in the dependencies). I was looking into Renovate and Dependabot, but neither of these scratched my itch of simple automatic dependency updates. A coworker suggested me to try Updatecli and it fits my workflows perfectly well. The Jenkins example on the projects website got me started. So I created a Jenkins shared library function to run my own build, which includes npm to perform the version bumps: A class to describe the updatecli stages: https://code.in0rdr.ch/jenkins-lib/file/src/Updatecli.groovy.html The scripted pipeline in the repository of the application loads the library and performs the version bumps to a new branch: The Jenkinsfile that makes use of the updatecli groovy library: https://code.in0rdr.ch/myheats/file/Jenkinsfile.html I did not even have to configure Updatecli a lot, because the autodiscovery feature automatically detects that this is a npm repository/project. The final version of my pipeline includes all the git/scm steps in the updatecli.d/default.yaml configuration file: Updatecli configuration file: https://code.in0rdr.ch/myheats/file/updatecli.d/default.yaml.html First I tried to perform the SCM/git steps in Jenkins checkout and sh steps. But I noticed it could be much sleeker by defining the SCM/git settings in the Updatecli config file directly. This way, updatecli takes care of the clone/checkout/push steps. Here the extract from my previous pipeline with the "manual git steps" for comparison: // alternative approach I did not pursue any further sh ''' git config --global user.name "$GITAUTHORNAME" git config --global user.email "$GITAUTHOREMAIL" ''' dir("myyheats.git-$BUILDNUMBER") { // checkout update branch in new directory checkout scmGit( extensions: [localBranch("$branch")], userRemoteConfigs: [[url: 'https://git.in0rdr.ch/myheats.git']] ) updatecli.run('apply') // commit changes sh ''' git add -u git commit -m "chore(updatecli-$BUILDNUMBER): bump node modules" git push -f -u origin "$branch" ''' } I definitely like the updatecli configuration better, since it keeps the actual pipeline tidy. Also, I like how you can use the {{ requiredEnv "GIT_PASSWORD" }} configuration in updatecli to read secrets from the environment. The Git credentials are sourced from OpenBao with Nomad workload identities. I hope the post is helpful for anyone that would like to give updatecli a try or would like to configure a similar Jenkins pipeline. div style="text-align:center; font-size: 0.8em" a href="https://write.in0rdr.ch/feed"&#128732; RSS/a | a href="https://m.in0rdr.ch/in0rdr"&#128024; Fediverse/a | a href="https://chat.in0rdr.ch/#/guest?join=p0c@conference.in0rdr.ch"&#128172; XMPP/a /div]]> I built a new Jenkins pipeline based on Updatecli for updating the NPM packages in my hobby project MyHeats.

#updatecli #pipeline #jenkins #myheats #nodejs #npm

I was looking for a way to automatically bump the version of the npm dependencies (package.json) whenever there is an update available. This is also important for security reasons (e.g., have a look at the output of npm audit from time to time to see the recent security issues in the dependencies).

I was looking into Renovate and Dependabot, but neither of these scratched my itch of simple automatic dependency updates.

A coworker suggested me to try Updatecli and it fits my workflows perfectly well. The Jenkins example on the projects website got me started. So I created a Jenkins shared library function to run my own build, which includes npm to perform the version bumps:

The scripted pipeline in the repository of the application loads the library and performs the version bumps to a new branch:

I did not even have to configure Updatecli a lot, because the autodiscovery feature automatically detects that this is a npm repository/project. The final version of my pipeline includes all the git/scm steps in the updatecli.d/default.yaml configuration file:

First I tried to perform the SCM/git steps in Jenkins checkout and sh steps. But I noticed it could be much sleeker by defining the SCM/git settings in the Updatecli config file directly. This way, updatecli takes care of the clone/checkout/push steps. Here the extract from my previous pipeline with the “manual git steps” for comparison:

// alternative approach I did not pursue any further
sh '''
git config --global user.name "$GIT_AUTHOR_NAME"
git config --global user.email "$GIT_AUTHOR_EMAIL"
'''

dir("myyheats.git-$BUILD_NUMBER") {
  // checkout update branch in new directory
  checkout scmGit(
      extensions: [localBranch("$branch")],
      userRemoteConfigs: [[url: 'https://git.in0rdr.ch/myheats.git']]
  )

  updatecli.run('apply')

  // commit changes
  sh '''
  git add -u
  git commit -m "chore(updatecli-$BUILD_NUMBER): bump node modules"
  git push -f -u origin "$branch"
  '''
}

I definitely like the updatecli configuration better, since it keeps the actual pipeline tidy. Also, I like how you can use the {{ requiredEnv "GIT_PASSWORD" }} configuration in updatecli to read secrets from the environment. The Git credentials are sourced from OpenBao with Nomad workload identities.

I hope the post is helpful for anyone that would like to give updatecli a try or would like to configure a similar Jenkins pipeline.

🛜 RSS | 🐘 Fediverse | 💬 XMPP
]]> https://write.in0rdr.ch/bump-npm-dependencies-with-updatecli Fri, 26 Jul 2024 20:50:19 +0000