[Flutter] GitHub Dependabot

2022-05-01 hit count image

Let's see how to use GitHub Dependabot to check the versions of the packages used in the Flutter project, and if there is a new version, create a Pull request automatically.

Outline

GitHub provides the Dependabto feature. When you use it on GitHub, you can check periodically the versions of the packages, and libraries in the project, and create the Pull request automatically if there is a new version.

Recently, GitHub Dependabot supports the pub package manager for Flutter/Dart.

In this blog post, I will introduce how to use GitHub Dependabot to chec the versions of the packages in Flutter, and update it automatically.

Configure Dependabot

To use GitHub Dependabot, you need to create the .github folder in the root directory of the project, and then, create the dependabot.yml file.

If you create the .github/dependabot.yml file, open the file and modify it like the below.

version: 2
enable-beta-ecosystems: true
updates:
  - package-ecosystem: "pub"
    directory: "/"
    schedule:
      interval: weekly
      time: "09:00"
      timezone: Asia/Tokyo
    open-pull-requests-limit: 5

The supporting the pub package manger is beta, so we need to configure enable-beta-ecosystems: true.

If you use a lot of packages in your Flutter project, too many Pull requests may be created, which can interfere with your work. So, you can configure the open-pull-requests-limit: 5 option to limit the number of Pull requests, and configure the schedule option to execute Dependabot at specific intervals.

Check

After configuring the .github/dependabot.yml file, upload it to GitHub.(merge it to main branch.) Then, you can see the Pull request is created automatically when the version of the package is updated at specific intervals like the below.

Flutter - Dependabot pull request

When you open the Pull request, you can see the Release notes and Commits of the updating.

Flutter - Dependabot details: release notes and commits

When you open each sections, you can see the details about them.

  • Release notes

Flutter - Dependabot release notes detail

  • commits

Flutter - Dependabot commits detail

This allows you to check the changes in the new version and to see the scope of impact on your project.

When you open the File changed tab, you can see the pubspec.yaml and pubspec.lock files are changed.

Flutter - Dependabot file changed detail

GitHub Actions

Now, you can get an auto-generated Pull request from GitHub Dependabot when there is a new version of the package. When you get the Pull request, you’re debating whether or not to merge it. At this time, if you configured GitHub Actions to execute the Linter and test code of Flutter, you can easily check whether the Pull request is OK or not.

Also, you can write the following contents to the .github/dependabot.yml file to check the versions of Actions in GitHub Actions by `Dependabot.

version: 2
enable-beta-ecosystems: true
updates:
  ...
  - package-ecosystem: github-actions
    directory: "/"
    schedule:
      interval: weekly
      time: "09:00"
      timezone: Asia/Tokyo

Completed

Done! we’ve seen how to use GitHub Dependabot to check the versions of the packages in the Flutter project, and update it automatically. From now, please use Dependabot to keep the versions of the packages in the Flutter project up to date.

Was my blog helpful? Please leave a comment at the bottom. it will be a great help to me!

App promotion

You can use the applications that are created by this blog writer Deku. 지금 보고 계신 블로그를 작성하는 Deku가 개발한 앱을 한번 사용해보세요.
Deku created the applications with Flutter.

If you have interested, please try to download them for free.

Posts